Bug 250616 - graphics/jpeg: update or remove
Summary: graphics/jpeg: update or remove
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Port Management Team
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2020-10-25 22:45 UTC by Jan Beich
Modified: 2020-10-26 20:22 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (portmgr)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Beich freebsd_committer 2020-10-25 22:45:36 UTC
v8d was released on 2012-01-15 while v9d (current) was released on 2020-01-12. The version in ports is vulnerable to at least CVE-2020-14152 and CVE-2020-14153.

If you plan to update also add USES=cpe with CPE_VENDOR=ijg CPE_PRODUCT=libjpeg. Alternatively, there's no reason to keep this port after ports r397084 with review D18724 partially confirimng lack of interest.

https://www.ijg.org/files/
https://repology.org/project/jpeg/versions
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&seach_type=all&query=cpe:2.3:a:ijg:libjpeg:8d
Comment 1 commit-hook freebsd_committer 2020-10-26 20:21:47 UTC
A commit references this bug:

Author: antoine
Date: Mon Oct 26 20:21:06 UTC 2020
New revision: 553383
URL: https://svnweb.freebsd.org/changeset/ports/553383

Log:
  Deprecate graphics/jpeg

  PR:		250616

Changes:
  head/graphics/jpeg/Makefile
Comment 2 Antoine Brodin freebsd_committer 2020-10-26 20:22:11 UTC
graphics/jpeg was deprecated.