Bug 214952 - graphics/tiff - CVE-2016-8331
Summary: graphics/tiff - CVE-2016-8331
Status: Closed Not Enough Information
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Port Management Team
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-11-30 15:07 UTC by Sevan Janiyan
Modified: 2017-06-09 15:51 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (portmgr)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-11-30 15:07:37 UTC 
Missing vuxml entry, no fix yet
http://www.talosintelligence.com/reports/TALOS-2016-0190/
Comment 1 Mark Felder freebsd_committer freebsd_triage 2016-12-04 22:32:08 UTC 
They didn't test 4.0.7? I'm not sure if that's vulnerable. Hard to make a vuxml entry without further details.
Comment 2 Sevan Janiyan 2016-12-05 00:36:22 UTC 
(In reply to Mark Felder from comment #1)
The release notes do not indicate this issue as fixed but do cite other CVEs. I will dig in tomorrow & see if it was just a case of being missed out.