Bug 209241
| Summary: | graphics/ImageMagick: Add VuXML entry to report vulnerability for CVE-2016-3714 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Ben Woods <woodsb02> | ||||
| Component: | Individual Port(s) | Assignee: | Koop Mast <kwm> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | junovitch, ports-secteam | ||||
| Priority: | --- | Keywords: | security | ||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(kwm) |
||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| URL: | https://medium.com/@rhuber/imagemagick-is-on-fire-cve-2016-3714-379faf762247#.yqywcwi29 | ||||||
| Attachments: |
|
||||||
|
Description
Ben Woods
2016-05-03 17:40:28 UTC
Created attachment 169972 [details]
Patch to add VuXML entry for graphics/ImageMagick multiple vulnerabilities (including "ImageTragick")
A commit references this bug: Author: kwm Date: Fri May 6 15:27:50 UTC 2016 New revision: 414710 URL: https://svnweb.freebsd.org/changeset/ports/414710 Log: Document ImageMagick vulnabilities. PR: 209241 Submitted by: Ben Woods Changes: head/security/vuxml/vuln.xml Koop, Ben, This doesn't look right with PORTEPOCH. Can you check 'pkg audit `make -VPKGNAME -C /usr/ports/graphics/ImageMagick`' actually works for the fixed and unfixed version? (In reply to Jason Unovitch from comment #3) Indeed, the VuXML entry is missing the PORTEPOCH for graphics/ImageMagick. I believe the change should be: - <range><lt>6.9.3.9_1</lt></range> + <range><lt>6.9.3.9_1,1</lt></range> A commit references this bug: Author: kwm Date: Sat May 7 07:30:32 UTC 2016 New revision: 414760 URL: https://svnweb.freebsd.org/changeset/ports/414760 Log: Add forgotten portepoch to the ImageMagick 6.x version. PR: 209241 Reported by: Ben Woods, Jason Unovitch Changes: head/security/vuxml/vuln.xml Good catch, I completly forgot to check that ... |