Bug 223629

Summary: security/vuxml: Document multiple vulnerabilities in GraphicsMagick 1.3.26
Product: Ports & Packages Reporter: VK <vlad-fbsd>
Component: Individual Port(s)Assignee: Po-Chuan Hsieh <sunpoet>
Status: Closed FIXED    
Severity: Affects Some People CC: pi, sunpoet
Priority: --- Keywords: needs-qa, patch, security
Version: LatestFlags: bugzilla: maintainer-feedback? (ports-secteam)
vlad-fbsd: maintainer-feedback? (sunpoet)
Hardware: Any   
OS: Any   
URL: https://sourceforge.net/p/graphicsmagick/code/ci/default/tree/ChangeLog
Bug Depends on: 224228    
Bug Blocks:    
Attachments:
Description Flags
Document multiple vulns in GraphicsMagick 1.3.26 none

Description VK 2017-11-12 12:23:03 UTC 
Created attachment 187939 [details]
Document multiple vulns in GraphicsMagick 1.3.26

Multiple vulnerabilities have been fixed since GraphicsMagick 1.3.26 has been released. This patch documents those.

In addition, some of the vulns are not listed here, because they're already listed for ImageMagick (as cvenames):

* CVE-2017-8350
* CVE-2017-8351
* CVE-2017-8353
* CVE-2017-9142

Therefore VUID 50776801-4183-11e7-b291-b499baebfeaf (that lists those) would have to be modified to include GraphicsMagick.

I'm marking this with `needs-qa` as I'd like the GraphicsMagick's maintainer feedback on this (cc'd) first. All these are documented in commits _after_ 1.3.26 was released and there's no newer upstream release yet.
Comment 1 VK 2017-12-27 21:49:32 UTC 
Bump.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-06-20 19:39:15 UTC 
A commit references this bug:

Author: sunpoet
Date: Wed Jun 20 19:38:13 UTC 2018
New revision: 472936
URL: https://svnweb.freebsd.org/changeset/ports/472936

Log:
  Document GraphicsMagick vulnerability

  PR:		223629
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Changes:
  head/security/vuxml/vuln.xml
Comment 3 Po-Chuan Hsieh freebsd_committer freebsd_triage 2018-06-20 19:40:06 UTC 
Committed. Thanks!