206372 – graphics/imlib2: Update to 1.4.7

Bug 206372 - graphics/imlib2: Update to 1.4.7

Summary: graphics/imlib2: Update to 1.4.7

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Mark Felder

URL:
Keywords:	needs-qa, patch, security

Depends on:
Blocks:

Reported:	2016-01-18 17:40 UTC by Fabian Keil
Modified:	2016-01-22 19:24 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (bf) feld: merge-quarterly+

Attachments
graphics/imlib2: Update to 1.4.7 (6.41 KB, patch) 2016-01-18 17:40 UTC, Fabian Keil	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Fabian Keil 2016-01-18 17:40:26 UTC

Created attachment 165769 [details]
graphics/imlib2: Update to 1.4.7

The attached patch updates graphics/imlib2 to 1.4.7 which
fixes a couple of vulnerabilities:
https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog

Comment 1 Mark Felder freebsd_committer

2016-01-20 17:33:32 UTC

I emailed oss-sec to get these changes reviewed. There may be some CVEs assigned in the near future.

Comment 2 Mark Felder freebsd_committer

2016-01-20 17:37:11 UTC

Fix was committed to ports HEAD in r406782. I mistakenly left out this PR# from the log.

Comment 3 commit-hook freebsd_committer

2016-01-20 17:37:15 UTC

A commit references this bug:

Author: feld
Date: Wed Jan 20 17:36:52 UTC 2016
New revision: 406783
URL: https://svnweb.freebsd.org/changeset/ports/406783

Log:
  MFH: r406782

  graphics/imlib2: Update to 1.4.7

  This update includes fixes for potential security issues. No CVEs have
  been assigned yet.

  https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog

  Approved by:	ports-secteam (with hat)
  PR:		206372

Changes:
_U  branches/2016Q1/
  branches/2016Q1/graphics/imlib2/Makefile
  branches/2016Q1/graphics/imlib2/distinfo
  branches/2016Q1/graphics/imlib2/files/
  branches/2016Q1/graphics/imlib2/pkg-plist

Comment 4 Mark Felder freebsd_committer

2016-01-20 17:38:07 UTC

I am taking this PR and will keep an eye out for any CVE assignment. I have not yet drafted a vuxml entry.

Comment 5 commit-hook freebsd_committer

2016-01-22 19:21:30 UTC

A commit references this bug:

Author: feld
Date: Fri Jan 22 19:21:17 UTC 2016
New revision: 406940
URL: https://svnweb.freebsd.org/changeset/ports/406940

Log:
  Document graphics/imlib2 vulnerabilities

  PR:		206372
  Security:	CVE-2014-9762
  Security:	CVE-2014-9763
  Security:	CVE-2014-9764

Changes:
  head/security/vuxml/vuln.xml