Bug 271695

Summary: graphics/webp: Patch CVE-2023-1999
Product: Ports & Packages Reporter: Daniel Engberg <diizzy>
Component: Individual Port(s)Assignee: Daniel Engberg <diizzy>
Status: Closed FIXED    
Severity: Affects Many People CC: ports-secteam
Priority: Normal Keywords: security
Version: LatestFlags: sunpoet: maintainer-feedback+
Hardware: Any   
OS: Any   
URL: https://security-tracker.debian.org/tracker/CVE-2023-1999
Attachments:
Description Flags
Patch for webp none

Description Daniel Engberg freebsd_committer freebsd_triage 2023-05-28 15:17:09 UTC 
Created attachment 242465 [details]
Patch for webp

Backport upstream commit a486d800b60d0af4cc0836bf7ed8f21e12974129

Compile tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist)
Poudriere testport OK 12.4-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)
Comment 1 Po-Chuan Hsieh freebsd_committer freebsd_triage 2023-06-05 19:32:48 UTC 
LGTM. Please change ${PORTNAME} to webp since the substitution is not needed. Thanks.
Comment 2 commit-hook freebsd_committer freebsd_triage 2023-06-06 07:25:48 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=41f2a787491797e152be1e93e545293a271695fd

commit 41f2a787491797e152be1e93e545293a271695fd
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-06-06 07:14:02 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-06-06 07:25:29 +0000

    graphics/webp: Patch CVE-2023-1999

    Backport upstream commit a486d800b60d0af4cc0836bf7ed8f21e12974129 to
    fix CVE-2023-1999

    Reference:
    https://security-tracker.debian.org/tracker/CVE-2023-1999

    PR:             271695
    Reviewed by:    sunpoet (maintainer)

 graphics/webp/Makefile | 4 ++++
 graphics/webp/distinfo | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2023-06-06 07:35:54 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8dadbcdb581566d4327a2b2d97ad3f6aedbdd274

commit 8dadbcdb581566d4327a2b2d97ad3f6aedbdd274
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2023-06-06 07:33:34 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-06-06 07:33:37 +0000

    graphics/webp: Minor style fix

    Adjust PATCH_SITES, requested by maintainer

    PR:             271695
    Reviewed by:    sunpoet (maintainer)

 graphics/webp/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)