Bug 219783 - graphics/tiffgt is vulnerable, possibly duplicate
Summary: graphics/tiffgt is vulnerable, possibly duplicate
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Muhammad Moinur Rahman
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2017-06-04 18:38 UTC by Alaksiej Čarniajeŭ
Modified: 2017-06-06 14:29 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (bofh)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alaksiej Čarniajeŭ 2017-06-04 18:38:53 UTC
The port directs to a vulnerable verion of libtiff (4.0.7_1). Besides, is there any reason for it to exist at all, when there's graphics/tiff which installs libtiff too?
Comment 1 commit-hook freebsd_committer 2017-06-06 14:16:50 UTC
A commit references this bug:

Author: bofh
Date: Tue Jun  6 14:16:02 UTC 2017
New revision: 442775
URL: https://svnweb.freebsd.org/changeset/ports/442775

Log:
  graphics/tiffgt: Update version 4.0.7=>4.0.8

  PR:		219783
  Reported by:	a@carniajeu.com

Changes:
  head/graphics/tiffgt/Makefile
  head/graphics/tiffgt/distinfo
Comment 2 Muhammad Moinur Rahman freebsd_committer 2017-06-06 14:29:22 UTC
Vulnerable version has been updated. This is different from libtiff or tiff in the sense this port provides tools which are not provided by the graphics/tiff.