Date: Tue, 30 May 2017 10:26:22 +0000 (UTC) From: Koop Mast <kwm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r442056 - head/security/vuxml Message-ID: <201705301026.v4UAQMNb038821@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kwm Date: Tue May 30 10:26:21 2017 New Revision: 442056 URL: https://svnweb.freebsd.org/changeset/ports/442056 Log: Update imagemagick entry * Fix indention * Add ranges to the imagemagick 6 version check, to prep for ImageMagick patch for the branch. * Add portepoch's to the imagemagick 6 versions. * Bump imagemagick 6 version. This version fixes at least one of the mentioned CVE's. * Change CVE-2017-8365 to CVE-2017-8765. CVE-2017-8365 is a libsndfile CVE. * Add modified tag. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue May 30 09:44:52 2017 (r442055) +++ head/security/vuxml/vuln.xml Tue May 30 10:26:21 2017 (r442056) @@ -227,14 +227,15 @@ Notes: <topic>ImageMagick -- multiple vulnerabilities</topic> <affects> <package> - <name>ImageMagick</name> - <name>ImageMagick-nox11</name> - <range><lt>6.9.8.6</lt></range> + <name>ImageMagick</name> + <name>ImageMagick-nox11</name> + <range><lt>6.9.6.4_2,1</lt></range> + <range><ge>6.9.7.0,1</ge><lt>6.9.8.8,1</lt></range> </package> <package> - <name>ImageMagick7</name> - <name>ImageMagick7-nox11</name> - <range><lt>7.0.5.9</lt></range> + <name>ImageMagick7</name> + <name>ImageMagick7-nox11</name> + <range><lt>7.0.5.9</lt></range> </package> </affects> <description> @@ -335,7 +336,7 @@ Notes: to cause a denial of service (memory leak) via a crafted file.</li> <li>CVE-2017-8357: ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.</li> - <li>CVE-2017-8365: The function named ReadICONImage in coders\icon.c + <li>CVE-2017-8765: The function named ReadICONImage in coders\icon.c has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.</li> <li>CVE-2017-8830: ReadBMPImage function in bmp.c:1379 allows @@ -392,7 +393,7 @@ Notes: <cvename>CVE-2017-8355</cvename> <cvename>CVE-2017-8356</cvename> <cvename>CVE-2017-8357</cvename> - <cvename>CVE-2017-8365</cvename> + <cvename>CVE-2017-8765</cvename> <cvename>CVE-2017-8830</cvename> <cvename>CVE-2017-9141</cvename> <cvename>CVE-2017-9142</cvename> @@ -402,6 +403,7 @@ Notes: <dates> <discovery>2017-03-05</discovery> <entry>2017-05-25</entry> + <modified>2017-05-29</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705301026.v4UAQMNb038821>