Bug 123366

Summary: [patch] Security update for graphics/swfdec
Product: Ports & Packages Reporter: Henrik Brix Andersen <brix>
Component: Individual Port(s)Assignee: Alexander Botero-Lowry <alexbl>
Status: Closed FIXED    
Severity: Affects Only Me CC: alexbl
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
swfdec.diff none

Description Henrik Brix Andersen 2008-05-03 13:40:00 UTC 
From http://secunia.com/advisories/29915/ :

"A vulnerability has been reported in swfdec, which can be exploited
by malicious people to disclose sensitive information.

The vulnerability is caused due to swfdec not properly restricting
untrusted sandboxes from reading local files, which can be exploited
to disclose the content of arbitrary local files by e.g. tricking a
user into visiting a malicious website.

The vulnerability is reported in versions prior to 0.6.4."

Fix: Below is a patch for updating graphics/swfdec to version 0.6.6. Please
note that the patch removes files/patch-swfdec-gtk_swfdec_gtk_system.c
which is no longer needed with this release.

The patch also corrects the include of bsd.port.*.mk - .pre.mk must be
included before testing OPTIONS.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-05-03 13:40:07 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->alexbl

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Henrik Brix Andersen freebsd_committer freebsd_triage 2008-05-08 16:58:40 UTC 
State Changed
From-To: open->closed

This is a duplicate of ports/123373