Summary: | graphics/xpdf3: Backport fix for CVE-2019-16927 and CVE-2019-9877 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Christian Weisgerber <naddy> | ||||
Component: | Individual Port(s) | Assignee: | Cy Schubert <cy> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | i.dani | ||||
Priority: | Normal | Keywords: | needs-patch, security | ||||
Version: | Latest | Flags: | cy:
maintainer-feedback+
koobs: merge-quarterly? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Christian Weisgerber
2019-10-04 20:06:57 UTC
A commit references this bug: Author: cy Date: Fri Oct 4 22:12:37 UTC 2019 New revision: 513784 URL: https://svnweb.freebsd.org/changeset/ports/513784 Log: Update MASTER_SITES removing dead URLs. PR: 241066 Submitted by: naddy Changes: head/graphics/xpdf3/Makefile A commit references this bug: Author: cy Date: Fri Oct 4 22:12:40 UTC 2019 New revision: 513785 URL: https://svnweb.freebsd.org/changeset/ports/513785 Log: Update WWW. PR: 241066 Submitted by: naddy MFH: 2019Q4 Changes: head/graphics/xpdf3/pkg-descr A commit references this bug: Author: cy Date: Fri Oct 4 22:12:44 UTC 2019 New revision: 513786 URL: https://svnweb.freebsd.org/changeset/ports/513786 Log: Backport fix for CVE-2019-16927 and CVE-2019-9877 from xpdf4. PR: 241066 Submitted by: naddy MFH: 2019Q4 Changes: head/graphics/xpdf3/Makefile head/graphics/xpdf3/files/patch-xpdf_TextOutputDev.cc Thank you for the patches. ^Triage: Re-open pending VuXML entries and merge MFC requests have been sent. I'll try to document the CVEs this week. A commit references this bug: Author: cy Date: Sun Oct 6 01:48:50 UTC 2019 New revision: 513861 URL: https://svnweb.freebsd.org/changeset/ports/513861 Log: Document two new Xpdf vulnerabilities: CVE-2019-16927 and CVE-2019-9877. PR: 241066 Security: https://nvd.nist.gov/vuln/detail/CVE-2019-16927 Security: https://nvd.nist.gov/vuln/detail/CVE-2019-9877 Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9877 Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16927 Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: cy Date: Sun Oct 6 05:52:59 UTC 2019 New revision: 513870 URL: https://svnweb.freebsd.org/changeset/ports/513870 Log: Take PORTEPOCH into account. PR: 241066 Reported by: tobik Changes: head/security/vuxml/vuln.xml The "fixed version" VuXML entries for version 3 never match, because the PKG is always named "xpdf" without a number and requires version 4+. Is there a way to fix these? Do not install xpdf3 with XPDF_VERSION?=3. A commit references this bug: Author: cy Date: Sat Oct 19 03:08:42 UTC 2019 New revision: 514746 URL: https://svnweb.freebsd.org/changeset/ports/514746 Log: MFH: r513783 r513785 r513786 Pacify stage-qa in DEVELOPER mode. Update WWW. PR: 241066 Submitted by: naddy Backport fix for CVE-2019-16927 and CVE-2019-9877 from xpdf4. PR: 241066 Submitted by: naddy Approved by: portmgr (miwi) Changes: _U branches/2019Q4/ branches/2019Q4/graphics/xpdf3/Makefile branches/2019Q4/graphics/xpdf3/files/patch-xpdf_TextOutputDev.cc branches/2019Q4/graphics/xpdf3/pkg-descr A commit references this bug: Author: cy Date: Sat Oct 19 03:08:42 UTC 2019 New revision: 514746 URL: https://svnweb.freebsd.org/changeset/ports/514746 Log: MFH: r513783 r513785 r513786 Pacify stage-qa in DEVELOPER mode. Update WWW. PR: 241066 Submitted by: naddy Backport fix for CVE-2019-16927 and CVE-2019-9877 from xpdf4. PR: 241066 Submitted by: naddy Approved by: portmgr (miwi) Changes: _U branches/2019Q4/ branches/2019Q4/graphics/xpdf3/Makefile branches/2019Q4/graphics/xpdf3/files/patch-xpdf_TextOutputDev.cc branches/2019Q4/graphics/xpdf3/pkg-descr Fixed. |