Date: Sun, 27 Aug 2017 21:00:51 +0000 From: bugzilla-noreply@freebsd.org To: gnome@FreeBSD.org Subject: [Bug 221867] [patch] graphics/atril update to 1.18.1 to fix CVE-2017-1000083 Message-ID: <bug-221867-6497@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221867 Bug ID: 221867 Summary: [patch] graphics/atril update to 1.18.1 to fix CVE-2017-1000083 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: gnome@FreeBSD.org Reporter: rkoberman@gmail.com Flags: maintainer-feedback?(gnome@FreeBSD.org) Keywords: patch Assignee: gnome@FreeBSD.org Created attachment 185828 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D185828&action= =3Dedit svn diff to update graphics/atril to 1.18.1 (Vulnerability fix) Atril is vulnerable to CVE-2017-1000083. This was resolved upstream over a month ago by disabling .cbt files and the fix was merged into 1.18.1. This = is a simple PORTVERSION change plus updated distfiles. Tested on amd64 on 11.1. NOTE: The vuxml file shows this as fixed in 1.19.0. This is incorrect becau= se 1.19.0 does not fix hte vulnerability and the fix was merged into both 1.18= and 1.19 and new releases generated as 1.18.1 and 1.19.1. 1.19 is a development release, so the update is to 1.18.1. I am not sure how to get the vuxml updated. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-221867-6497>