Bug 267276 - graphics/tiff: Backport fixes for CVE-2022-2519, CVE-2022-2520 and CVE-2022-2521
Summary: graphics/tiff: Backport fixes for CVE-2022-2519, CVE-2022-2520 and CVE-2022-2521
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-desktop (Team)
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2022-10-22 20:24 UTC by Daniel Engberg
Modified: 2023-02-23 21:16 UTC (History)
3 users (show)

See Also:
fluffy: maintainer-feedback+

Attachments
Patch for tiff (6.51 KB, patch)
2022-10-22 20:24 UTC, Daniel Engberg 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer freebsd_triage 2022-10-22 20:24:52 UTC 
Created attachment 237539 [details]
Patch for tiff

Backport upstream commits 8fe3735942ea1d90d8cef843b55b3efe8ab6feaf and bad48e90b410df32172006c7876da449ba62cdba

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2521

Compile tested on FreeBSD 13.1-STABLE (amd64) (make, make test, make check-plist)
Poudriere testport OK 12.3-RELEASE (amd64)
Poudriere testport OK 13.1-RELEASE (i386)
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2022-11-15 20:12:29 UTC 
Friendly ping
Comment 2 Graham Perrin freebsd_committer freebsd_triage 2023-02-22 23:04:24 UTC 
From <https://github.com/freebsd/meetings/blob/master/graphics/20230109.md>: 

> tiff security fix 267276 ready to land
Comment 3 Dima Panov freebsd_committer freebsd_triage 2023-02-23 21:16:52 UTC 
btw, 4.5.0 is already out