219783 – graphics/tiffgt is vulnerable, possibly duplicate

Bug 219783 - graphics/tiffgt is vulnerable, possibly duplicate

Summary: graphics/tiffgt is vulnerable, possibly duplicate

Status:	Closed Overcome By Events

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Muhammad Moinur Rahman

URL:
Keywords:	security

Depends on:
Blocks:

Reported:	2017-06-04 18:38 UTC by Alaksiej Čarniajeŭ
Modified:	2017-06-06 14:29 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (bofh)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alaksiej Čarniajeŭ 2017-06-04 18:38:53 UTC

The port directs to a vulnerable verion of libtiff (4.0.7_1). Besides, is there any reason for it to exist at all, when there's graphics/tiff which installs libtiff too?

Comment 1 commit-hook freebsd_committer

2017-06-06 14:16:50 UTC

A commit references this bug:

Author: bofh
Date: Tue Jun  6 14:16:02 UTC 2017
New revision: 442775
URL: https://svnweb.freebsd.org/changeset/ports/442775

Log:
  graphics/tiffgt: Update version 4.0.7=>4.0.8

  PR:		219783
  Reported by:	a@carniajeu.com

Changes:
  head/graphics/tiffgt/Makefile
  head/graphics/tiffgt/distinfo

Comment 2 Muhammad Moinur Rahman freebsd_committer

2017-06-06 14:29:22 UTC

Vulnerable version has been updated. This is different from libtiff or tiff in the sense this port provides tools which are not provided by the graphics/tiff.