Bug 222622

Summary:	graphics/ImageMagick7: Please MFH r450491 (contains a security vulnerability fix)
Product:	Ports & Packages	Reporter:	VK <vlad-fbsd>
Component:	Individual Port(s)	Assignee:	Koop Mast <kwm>
Status:	Closed FIXED
Severity:	Affects Only Me	CC:	ports-secteam, swills
Priority:	---	Keywords:	security
Version:	Latest	Flags:	bugzilla: maintainer-feedback? (kwm) vlad-fbsd: merge-quarterly?
Hardware:	Any
OS:	Any
URL:	https://svnweb.freebsd.org/ports?view=revision&revision=450491

Description VK 2017-09-26 12:07:09 UTC

Please MFH r450491, as it contains a secvuln fix. Thanks.

Comment 1 commit-hook freebsd_committer

2017-09-27 16:42:31 UTC

A commit references this bug:

Author: swills
Date: Wed Sep 27 16:41:53 UTC 2017
New revision: 450766
URL: https://svnweb.freebsd.org/changeset/ports/450766

Log:
  MFH: r450128 r450491

  ImageMagick7 to 7.0.7-2.

  Disable FPX (FlashPix) support by default. This image format is really
  rare these days coupled with that there are known CVE's in libfpx and
  it doesn't seem to be maintained these days. It doesn't make sense to
  keep it enabled by default anymore. [1]

  Bump vapoursynth for sharedi library bumps in IM7.

  PR:		222309 [1]
  Submitted by:	Anton Yuzhaninov <citrin+pr@citrin.ru> [1]

  Update ImageMagick7 to 7.0.7-4.

  PR:		222622
  Security:	16fb4f83-a2ab-11e7-9c14-009c02a2ab30

  Approved by:	ports-secteam@ (implicit)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/graphics/ImageMagick7/Makefile
  branches/2017Q3/graphics/ImageMagick7/distinfo
  branches/2017Q3/graphics/ImageMagick7/pkg-plist
  branches/2017Q3/multimedia/vapoursynth/Makefile

Comment 2 Steve Wills freebsd_committer

2017-09-27 16:43:30 UTC

Done, thanks for the heads up.