Bug 206372 - graphics/imlib2: Update to 1.4.7
Summary: graphics/imlib2: Update to 1.4.7
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Mark Felder
URL:
Keywords: needs-qa, patch, security
Depends on:
Blocks:
 
Reported: 2016-01-18 17:40 UTC by Fabian Keil
Modified: 2016-01-22 19:24 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (bf)
feld: merge-quarterly+


Attachments
graphics/imlib2: Update to 1.4.7 (6.41 KB, patch)
2016-01-18 17:40 UTC, Fabian Keil
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Keil 2016-01-18 17:40:26 UTC
Created attachment 165769 [details]
graphics/imlib2: Update to 1.4.7

The attached patch updates graphics/imlib2 to 1.4.7 which
fixes a couple of vulnerabilities:
https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog
Comment 1 Mark Felder freebsd_committer 2016-01-20 17:33:32 UTC
I emailed oss-sec to get these changes reviewed. There may be some CVEs assigned in the near future.
Comment 2 Mark Felder freebsd_committer 2016-01-20 17:37:11 UTC
Fix was committed to ports HEAD in r406782. I mistakenly left out this PR# from the log.
Comment 3 commit-hook freebsd_committer 2016-01-20 17:37:15 UTC
A commit references this bug:

Author: feld
Date: Wed Jan 20 17:36:52 UTC 2016
New revision: 406783
URL: https://svnweb.freebsd.org/changeset/ports/406783

Log:
  MFH: r406782

  graphics/imlib2: Update to 1.4.7

  This update includes fixes for potential security issues. No CVEs have
  been assigned yet.

  https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog

  Approved by:	ports-secteam (with hat)
  PR:		206372

Changes:
_U  branches/2016Q1/
  branches/2016Q1/graphics/imlib2/Makefile
  branches/2016Q1/graphics/imlib2/distinfo
  branches/2016Q1/graphics/imlib2/files/
  branches/2016Q1/graphics/imlib2/pkg-plist
Comment 4 Mark Felder freebsd_committer 2016-01-20 17:38:07 UTC
I am taking this PR and will keep an eye out for any CVE assignment. I have not yet drafted a vuxml entry.
Comment 5 commit-hook freebsd_committer 2016-01-22 19:21:30 UTC
A commit references this bug:

Author: feld
Date: Fri Jan 22 19:21:17 UTC 2016
New revision: 406940
URL: https://svnweb.freebsd.org/changeset/ports/406940

Log:
  Document graphics/imlib2 vulnerabilities

  PR:		206372
  Security:	CVE-2014-9762
  Security:	CVE-2014-9763
  Security:	CVE-2014-9764

Changes:
  head/security/vuxml/vuln.xml