Bug 79158 - [patch] [security] graphics/libexif update to 0.6.12
Summary: [patch] [security] graphics/libexif update to 0.6.12
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Cheng-Lung Sung
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-23 10:10 UTC by Oliver Fromme
Modified: 2005-04-04 06:32 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.52 KB, patch)
2005-03-23 10:10 UTC, Oliver Fromme
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Fromme 2005-03-23 10:10:02 UTC
    This patch updates the graphics/libexif port from 0.6.10
    to 0.6.12.  The version currently in the ports contains
    remotely exploitable buffer overflows, as reported by
    portaudit (see URL below).  The problems are supposed to
    be fixed in version 0.6.12.

    For this PR, I chose to select severity "serious" and
    priority "medium" (instead of "low") because libexif is
    a default dependency of GIMP, gphoto and several other
    ports, so a significant number of users might be affected.

    By the way, I tried to contact the maintainer of the port
    but did not get a reply so far.

Fix: Remove the "files" directory (it contains a patch for
    configure which is obsolete) and apply the following
    patch.  It modifies Makefile, distinfo and pkg-plist.
    The pkg-descr file is not changed.

    The complete new port can also be found here:
    http://www.secnetix.de/~olli/libexif-0.6.12/
How-To-Repeat: 
    URL from portaudit:
    http://www.FreeBSD.org/ports/portaudit/624fe633-9006-11d9-a22c-0001020eed82.html
Comment 1 Cheng-Lung Sung freebsd_committer 2005-03-27 17:38:05 UTC
Responsible Changed
From-To: freebsd-ports-bugs->clsung

Grab. Also, maintainer is on the way.
Comment 2 olli 2005-03-28 13:00:32 UTC
The maintainer updated my patch and submitted PR ports/79281,
which supersedes this PR.  Therefore, please close this PR.

Thanks!

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
Comment 3 Cheng-Lung Sung freebsd_committer 2005-04-04 06:32:42 UTC
State Changed
From-To: open->closed

Committed, Thank you.