Bug 211562

Summary: graphics/gd - multiple vulnerabilities
Product: Ports & Packages Reporter: Sevan Janiyan <venture37>
Component: Individual Port(s)Assignee: Dirk Meyer <dinoex>
Status: Closed FIXED    
Severity: Affects Only Me CC: feld, ports-secteam
Priority: --- Flags: bugzilla: maintainer-feedback? (dinoex)
Version: Latest   
Hardware: Any   
OS: Any   

Description Sevan Janiyan 2016-08-04 00:54:20 UTC
currently vulnerable and missing vuxml entry for
CVE-2016-6207
CVE-2016-6214
CVE-2016-6132
CVE-2016-5766
Comment 1 commit-hook freebsd_committer 2016-08-04 14:50:16 UTC
A commit references this bug:

Author: feld
Date: Thu Aug  4 14:49:49 UTC 2016
New revision: 419621
URL: https://svnweb.freebsd.org/changeset/ports/419621

Log:
  Document gd vulnerabilities

  PR:		211562

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Mark Felder freebsd_committer 2016-08-04 15:21:50 UTC
I have a patch to update to 2.2.3 but the shlib is moving from libgd.so.6.0.20202 to lib/libgd.so.6.0.3 and I think there was special handling of the shlib here, so I'd like maintainer to weigh in.
Comment 3 commit-hook freebsd_committer 2016-08-28 17:43:33 UTC
A commit references this bug:

Author: dinoex
Date: Sun Aug 28 17:42:43 UTC 2016
New revision: 421029
URL: https://svnweb.freebsd.org/changeset/ports/421029

Log:
  - update to 2.2.3
  - remove option VPX
  Security: CVE-2016-6207
  Security: CVE-2016-6214
  Security: CVE-2016-6132
  Security: CVE-2016-5766
  PR:		211562
  MFH:		2016Q3

Changes:
  head/graphics/gd/Makefile
  head/graphics/gd/distinfo
  head/graphics/gd/files/patch-configure
  head/graphics/gd/files/patch-gd_tga.c
  head/graphics/gd/files/patch-gdft.c
  head/graphics/gd/pkg-plist