Attachment #227749 for bug #258354




# Created by: Vasil Dimov <vd@FreeBSD.org>

PORTNAME=	libpano13
PORTVERSION=	2.9.20
PORTREVISION=	1
CATEGORIES=	graphics java
MASTER_SITES=	SF/panotools/${PORTNAME}/${PORTNAME}-${PORTVERSION}

MAINTAINER=	fuz@fuz.su
COMMENT=	Cross-platform library behind Panorama Tools and other photo stitchers

LICENSE=	GPLv2+

LIB_DEPENDS=	libpng.so:graphics/png \
		libtiff.so:graphics/tiff

USES=		autoreconf gnome jpeg libtool pathfix
USE_GNOME=	gtk20 glib20 pango atk

USES=		autoreconf gnome jpeg libtool pathfix
GNU_CONFIGURE=	yes
CPPFLAGS+=	-I${LOCALBASE}/include/gtk-2.0 \
		-I${LOCALBASE}/include/glib-2.0 \

Lines 1-2 Link Here

(-)b/graphics/libpano13/distinfo (-2 / +3 lines)
1	SHA256 (libpano13-2.9.19.tar.gz) = 037357383978341dea8f572a5d2a0876c5ab0a83dffda431bd393357e91d95a8	1	TIMESTAMP = 1631016195
2	SIZE (libpano13-2.9.19.tar.gz) = 3527845	2	SHA256 (libpano13-2.9.20.tar.gz) = 3b532836c37b8cd75cd2227fd9207f7aca3fdcbbd1cce3b9749f056a10229b89
		3	SIZE (libpano13-2.9.20.tar.gz) = 3564544




  <vuln vid="15e74795-0fd7-11ec-9f2e-dca632b19f10">
    <topic>libpano13 -- arbitrary memory access through format string vulnerability</topic>
    <affects>
      <package>
	<name>libpano13</name>
	<range><lt>2.9.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>libpano13-2.9.20 release notes state:</p>
	<blockquote cite="https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/README.txt">
	  <p>Fix crash and security issue caused by malformed filename prefix</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-20307</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-20307</url>
    </references>
    <dates>
      <discovery>2021-05-04</discovery>
      <entry>2021-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="0e561173-0fa9-11ec-a2fa-080027948c12">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
- 

Return to bug 258354

Lines 1-12 Link Here

(-)b/graphics/libpano13/Makefile (-4 / +3 lines)
1	# Created by: Vasil Dimov <vd@FreeBSD.org>	1	# Created by: Vasil Dimov <vd@FreeBSD.org>
2		2
3	PORTNAME= libpano13	3	PORTNAME= libpano13
4	PORTVERSION= 2.9.19	4	PORTVERSION= 2.9.20
5	PORTREVISION= 1
6	CATEGORIES= graphics java	5	CATEGORIES= graphics java
7	MASTER_SITES= SF/panotools/${PORTNAME}/${PORTNAME}-${PORTVERSION}	6	MASTER_SITES= SF/panotools/${PORTNAME}/${PORTNAME}-${PORTVERSION}
8		7
9	MAINTAINER= ports@FreeBSD.org	8	MAINTAINER= fuz@fuz.su
10	COMMENT= Cross-platform library behind Panorama Tools and other photo stitchers	9	COMMENT= Cross-platform library behind Panorama Tools and other photo stitchers
11		10
12	LICENSE= GPLv2+	11	LICENSE= GPLv2+
Lines 15-23 LICENSE_FILE= ${WRKSRC}/COPYING Link Here
15	LIB_DEPENDS= libpng.so:graphics/png \	14	LIB_DEPENDS= libpng.so:graphics/png \
16	libtiff.so:graphics/tiff	15	libtiff.so:graphics/tiff
17		16
		17	USES= autoreconf gnome jpeg libtool pathfix
18	USE_GNOME= gtk20 glib20 pango atk	18	USE_GNOME= gtk20 glib20 pango atk
19		19
20	USES= autoreconf gnome jpeg libtool pathfix
21	GNU_CONFIGURE= yes	20	GNU_CONFIGURE= yes
22	CPPFLAGS+= -I${LOCALBASE}/include/gtk-2.0 \	21	CPPFLAGS+= -I${LOCALBASE}/include/gtk-2.0 \
23	-I${LOCALBASE}/include/glib-2.0 \	22	-I${LOCALBASE}/include/glib-2.0 \

Lines 1-3 Link Here

(-)b/security/vuxml/vuln-2021.xml (-1 / +26 lines)
		1	<vuln vid="15e74795-0fd7-11ec-9f2e-dca632b19f10">
		2	<topic>libpano13 -- arbitrary memory access through format string vulnerability</topic>
		3	<affects>
		4	<package>
		5	<name>libpano13</name>
		6	<range><lt>2.9.20</lt></range>
		7	</package>
		8	</affects>
		9	<description>
		10	<body xmlns="http://www.w3.org/1999/xhtml">
		11	<p>libpano13-2.9.20 release notes state:</p>
		12	<blockquote cite="https://sourceforge.net/projects/panotools/files/libpano13/libpano13-2.9.20/README.txt">
		13	<p>Fix crash and security issue caused by malformed filename prefix</p>
		14	</blockquote>
		15	</body>
		16	</description>
		17	<references>
		18	<cvename>CVE-2021-20307</cvename>
		19	<url>https://nvd.nist.gov/vuln/detail/CVE-2021-20307</url>
		20	</references>
		21	<dates>
		22	<discovery>2021-05-04</discovery>
		23	<entry>2021-09-07</entry>
		24	</dates>
		25	</vuln>
		26
1	<vuln vid="0e561173-0fa9-11ec-a2fa-080027948c12">	27	<vuln vid="0e561173-0fa9-11ec-a2fa-080027948c12">
2	<topic>Python -- multiple vulnerabilities</topic>	28	<topic>Python -- multiple vulnerabilities</topic>
3	<affects>	29	<affects>
4	-