Bug 222622 - graphics/ImageMagick7: Please MFH r450491 (contains a security vulnerability fix)
Summary: graphics/ImageMagick7: Please MFH r450491 (contains a security vulnerability ...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Koop Mast
URL: https://svnweb.freebsd.org/ports?view...
Keywords: security
Depends on:
Blocks:
 
Reported: 2017-09-26 12:07 UTC by VK
Modified: 2017-09-27 16:43 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (kwm)
vlad-fbsd: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2017-09-26 12:07:09 UTC 
Please MFH r450491, as it contains a secvuln fix. Thanks.
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-09-27 16:42:31 UTC 
A commit references this bug:

Author: swills
Date: Wed Sep 27 16:41:53 UTC 2017
New revision: 450766
URL: https://svnweb.freebsd.org/changeset/ports/450766

Log:
  MFH: r450128 r450491

  ImageMagick7 to 7.0.7-2.

  Disable FPX (FlashPix) support by default. This image format is really
  rare these days coupled with that there are known CVE's in libfpx and
  it doesn't seem to be maintained these days. It doesn't make sense to
  keep it enabled by default anymore. [1]

  Bump vapoursynth for sharedi library bumps in IM7.

  PR:		222309 [1]
  Submitted by:	Anton Yuzhaninov <citrin+pr@citrin.ru> [1]

  Update ImageMagick7 to 7.0.7-4.

  PR:		222622
  Security:	16fb4f83-a2ab-11e7-9c14-009c02a2ab30

  Approved by:	ports-secteam@ (implicit)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/graphics/ImageMagick7/Makefile
  branches/2017Q3/graphics/ImageMagick7/distinfo
  branches/2017Q3/graphics/ImageMagick7/pkg-plist
  branches/2017Q3/multimedia/vapoursynth/Makefile
Comment 2 Steve Wills freebsd_committer freebsd_triage 2017-09-27 16:43:30 UTC 
Done, thanks for the heads up.