Bug 207574
| Summary: | security/vuxml: Entry for graphics/silgraphite missing or insufficient information (vid 8f10fa04-cf6a-11e5-96d6-14dae9d210b8) | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Sevan Janiyan <venture37> |
| Component: | Individual Port(s) | Assignee: | Mark Felder <feld> |
| Status: | Closed FIXED | ||
| Severity: | Affects Some People | CC: | ports-secteam |
| Priority: | --- | Keywords: | security |
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
Sevan Janiyan
2016-02-29 01:28:36 UTC
Assigning to feld, who wrote the vuxml entry. CVE details: http://www.talosintel.com/reports/TALOS-2016-0061/ Don Lewis <truckman@FreeBSD.org> crafted the following patch to mitigate the issue in silgraphite. https://svnweb.freebsd.org/ports/head/graphics/silgraphite/files/patch-engine_src_font_TtfUtil.cpp?revision=409139&view=markup This patch looks to be relevant to the CVE and to be solving the same issue to me. I have not taken a detailed look or examined any discussions on the internet, so I'm not aware if there is wider discussion detailing the reason that silgraphite is not actually affected. Hi Mark, Vuln id 8f10fa04-cf6a-11e5-96d6-14dae9d210b8 is pointing to http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html however. This is what caused my false alarm. It seems that this link & the one you referenced cover CVE-2016-1521. This has highlighted that I need to double check things my end as I missed http://www.talosintel.com/reports/TALOS-2016-0061/ Apologies. Thanks for the feedback. Let me know what you find. A commit references this bug: Author: feld Date: Wed Mar 2 13:53:06 UTC 2016 New revision: 409939 URL: https://svnweb.freebsd.org/changeset/ports/409939 Log: Update graphite vuxml entry to add another relevant URL PR: 207574 Changes: head/security/vuxml/vuln.xml Update summary so that summary with state closed:fixed is meaningful and closer to actual problem. |
