Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Jan 2022 00:28:48 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 260590] graphics/p5-Image-ExifTool: Update to 12.30
Message-ID:  <bug-260590-7788-cHf0sNRXry@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-260590-7788@https.bugs.freebsd.org/bugzilla/>
References:  <bug-260590-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260590

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|Affects Only Me             |Affects Many People
             Status|New                         |Open
           Priority|---                         |Normal
                URL|                            |https://metacpan.org/dist/I
                   |                            |mage-ExifTool/changes
                 CC|                            |ports-secteam@FreeBSD.org
           Keywords|                            |needs-patch, needs-qa,
                   |                            |security
              Flags|                            |merge-quarterly?

--- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> ---
Among a substantial number of bugfixes, there have been multiple security
vulnerabilities addressed in versions between current port version and the
latest:

July 9, 2021 - Version 12.29
..
  - Patched a security issue
May 20, 2021 - Version 12.26 (production release)
..
  - Patched security vulnerability in argument of -lang option
Apr. 13, 2021 - Version 12.24
...
  - Patched security vulnerability in DjVu reader

1) We'll need security/vuxml entries for these along with additional
information from upstream on their nature, including CVE and other upstream
(issue, pr, commit) reference links where available

So that the security changes can be merged to quarterly branch, and given t=
here
have been some API changes in prior versions, either:

- Separation/backporting of the security fixes (commits) separately and pri=
or
to the version update, OR

- Confirmation that the latest version is supported by, and works with all
ports that depend on it, so that the latest version can be merged to quarte=
rly
without regression.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260590-7788-cHf0sNRXry>