From owner-svn-ports-branches@freebsd.org Sat Feb 15 16:28:42 2020 Return-Path: Delivered-To: svn-ports-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 741162401D0; Sat, 15 Feb 2020 16:28:42 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48KbKQ2YjMz4R7N; Sat, 15 Feb 2020 16:28:42 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 53110FB35; Sat, 15 Feb 2020 16:28:42 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 01FGSgKp084774; Sat, 15 Feb 2020 16:28:42 GMT (envelope-from dbaio@FreeBSD.org) Received: (from dbaio@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 01FGSgOY084773; Sat, 15 Feb 2020 16:28:42 GMT (envelope-from dbaio@FreeBSD.org) Message-Id: <202002151628.01FGSgOY084773@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dbaio set sender to dbaio@FreeBSD.org using -f From: "Danilo G. Baio" Date: Sat, 15 Feb 2020 16:28:42 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r526229 - in branches/2020Q1/graphics/libexif: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: dbaio X-SVN-Commit-Paths: in branches/2020Q1/graphics/libexif: . files X-SVN-Commit-Revision: 526229 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Feb 2020 16:28:42 -0000 Author: dbaio Date: Sat Feb 15 16:28:41 2020 New Revision: 526229 URL: https://svnweb.freebsd.org/changeset/ports/526229 Log: MFH: r526071 graphics/libexif: Fix security vulnerabilities - Fix CVE-2019-9278 In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. - Fix a buffer read overflow in exif_entry_get_value - Fix a buffer overread in exif_mnote_data_olympus_load PR: 244060 Reported by: tj@mrsk.me (email) Approved by: former maintainer Security: 00f30cba-4d23-11ea-86ba-641c67a117d8 Approved by: ports-secteam (blanket, backport of security fixes) Added: branches/2020Q1/graphics/libexif/files/ - copied from r526071, head/graphics/libexif/files/ Modified: branches/2020Q1/graphics/libexif/Makefile Directory Properties: branches/2020Q1/ (props changed) Modified: branches/2020Q1/graphics/libexif/Makefile ============================================================================== --- branches/2020Q1/graphics/libexif/Makefile Sat Feb 15 16:05:44 2020 (r526228) +++ branches/2020Q1/graphics/libexif/Makefile Sat Feb 15 16:28:41 2020 (r526229) @@ -3,11 +3,11 @@ PORTNAME= libexif PORTVERSION= 0.6.21 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= graphics MASTER_SITES= SF -MAINTAINER= marius@nuenneri.ch +MAINTAINER= dbaio@FreeBSD.org COMMENT= Library to read digital camera file meta-data LICENSE= LGPL21