Bug 214952

Summary: graphics/tiff - CVE-2016-8331
Product: Ports & Packages Reporter: Sevan Janiyan <venture37>
Component: Individual Port(s)Assignee: Port Management Team <portmgr>
Status: Closed Not Enough Information    
Severity: Affects Many People CC: feld, ports-secteam
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (portmgr)
Hardware: Any   
OS: Any   

Description Sevan Janiyan 2016-11-30 15:07:37 UTC 
Missing vuxml entry, no fix yet
http://www.talosintelligence.com/reports/TALOS-2016-0190/
Comment 1 Mark Felder freebsd_committer freebsd_triage 2016-12-04 22:32:08 UTC 
They didn't test 4.0.7? I'm not sure if that's vulnerable. Hard to make a vuxml entry without further details.
Comment 2 Sevan Janiyan 2016-12-05 00:36:22 UTC 
(In reply to Mark Felder from comment #1)
The release notes do not indicate this issue as fixed but do cite other CVEs. I will dig in tomorrow & see if it was just a case of being missed out.