Created attachment 211573 [details] libexif-security-full-ports.patch - Fix CVE-2019-9278 In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. - Fix a buffer read overflow in exif_entry_get_value - Fix a buffer overread in exif_mnote_data_olympus_load - Bump PORTREVISION for libexif related ports Reported by: tj@mrsk.me (email)
A commit references this bug: Author: dbaio Date: Wed Feb 12 00:19:39 UTC 2020 New revision: 525894 URL: https://svnweb.freebsd.org/changeset/ports/525894 Log: security/vuxml: Document graphics/libexif issue PR: 244060 Reported by: tj@mrsk.me (email) Security: CVE-2019-9278 Changes: head/security/vuxml/vuln.xml
Antoine and Chromium, do we need an exp-run here?
I don't understand, why do you bump all the PORTREVISION? The shared library version doesn't change.
Created attachment 211587 [details] libexif-security.patch my mistake
I don't think this needs an exp-run, API and ABI are identical
(In reply to Antoine Brodin from comment #5) Thank you Antoine
Thanks for working on this. I'm not using libexif anymore, could you remove me as maintainer? Also libexif-gtk. Thanks.
A commit references this bug: Author: dbaio Date: Thu Feb 13 22:59:13 UTC 2020 New revision: 526071 URL: https://svnweb.freebsd.org/changeset/ports/526071 Log: graphics/libexif: Fix security vulnerabilities - Fix CVE-2019-9278 In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. - Fix a buffer read overflow in exif_entry_get_value - Fix a buffer overread in exif_mnote_data_olympus_load PR: 244060 Reported by: tj@mrsk.me (email) Approved by: former maintainer MFH: 2020Q1 Security: 00f30cba-4d23-11ea-86ba-641c67a117d8 Changes: head/graphics/libexif/Makefile head/graphics/libexif/files/ head/graphics/libexif/files/patch-CVE-2019-9278 head/graphics/libexif/files/patch-chromium-7344-and-14543 head/graphics/libexif/files/patch-chromium-8884
A commit references this bug: Author: dbaio Date: Thu Feb 13 23:00:12 UTC 2020 New revision: 526072 URL: https://svnweb.freebsd.org/changeset/ports/526072 Log: graphics/libexif-gtk: Take MAINTAINER'ship PR: 244060 Approved by: former maintainer Changes: head/graphics/libexif-gtk/Makefile
(In reply to marius from comment #7) Done, and thanks for your contributions.
A commit references this bug: Author: dbaio Date: Sat Feb 15 16:28:42 UTC 2020 New revision: 526229 URL: https://svnweb.freebsd.org/changeset/ports/526229 Log: MFH: r526071 graphics/libexif: Fix security vulnerabilities - Fix CVE-2019-9278 In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. - Fix a buffer read overflow in exif_entry_get_value - Fix a buffer overread in exif_mnote_data_olympus_load PR: 244060 Reported by: tj@mrsk.me (email) Approved by: former maintainer Security: 00f30cba-4d23-11ea-86ba-641c67a117d8 Approved by: ports-secteam (blanket, backport of security fixes) Changes: _U branches/2020Q1/ branches/2020Q1/graphics/libexif/Makefile branches/2020Q1/graphics/libexif/files/