Bug 219783

Summary: graphics/tiffgt is vulnerable, possibly duplicate
Product: Ports & Packages Reporter: Alaksiej Čarniajeŭ <a>
Component: Individual Port(s)Assignee: Muhammad Moinur Rahman <bofh>
Status: Closed Overcome By Events    
Severity: Affects Some People Keywords: security
Priority: --- Flags: bugzilla: maintainer-feedback? (bofh)
Version: Latest   
Hardware: Any   
OS: Any   

Description Alaksiej Čarniajeŭ 2017-06-04 18:38:53 UTC 
The port directs to a vulnerable verion of libtiff (4.0.7_1). Besides, is there any reason for it to exist at all, when there's graphics/tiff which installs libtiff too?
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-06-06 14:16:50 UTC 
A commit references this bug:

Author: bofh
Date: Tue Jun  6 14:16:02 UTC 2017
New revision: 442775
URL: https://svnweb.freebsd.org/changeset/ports/442775

Log:
  graphics/tiffgt: Update version 4.0.7=>4.0.8

  PR:		219783
  Reported by:	a@carniajeu.com

Changes:
  head/graphics/tiffgt/Makefile
  head/graphics/tiffgt/distinfo
Comment 2 Muhammad Moinur Rahman freebsd_committer freebsd_triage 2017-06-06 14:29:22 UTC 
Vulnerable version has been updated. This is different from libtiff or tiff in the sense this port provides tools which are not provided by the graphics/tiff.