Date: Wed, 24 Jun 2015 18:54:36 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r390513 - head/security/vuxml Message-ID: <201506241854.t5OIsaDE015526@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Wed Jun 24 18:54:36 2015 New Revision: 390513 URL: https://svnweb.freebsd.org/changeset/ports/390513 Log: Aggressively mark more consumers of bundled dcraw as vulnerable ljpeg_start() originates from dcraw, no need to list every package with copy of it at the expense of readability. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jun 24 18:37:59 2015 (r390512) +++ head/security/vuxml/vuln.xml Wed Jun 24 18:54:36 2015 (r390513) @@ -2540,13 +2540,42 @@ Notes: </vuln> <vuln vid="57325ecf-facc-11e4-968f-b888e347c638"> - <topic>dcraw, kodi, libraw, rawstudio, and ufraw -- integer overflow condition</topic> + <topic>dcraw -- integer overflow condition</topic> <affects> <package> + <name>cinepaint</name> + <!-- no known fixed version --> + <range><ge>0.22.0</ge></range> + </package> + <package> + <name>darktable</name> + <range><lt>1.6.7</lt></range> + </package> + <package> <name>dcraw</name> <range><ge>7.00</ge><lt>9.26</lt></range> </package> <package> + <name>dcraw-m</name> + <!-- no known fixed version --> + <range><ge>0</ge></range> + </package> + <package> + <name>exact-image</name> + <!-- no known fixed version --> + <range><ge>0</ge></range> + </package> + <package> + <name>flphoto</name> + <!-- no known fixed version --> + <range><ge>0</ge></range> + </package> + <package> + <name>freeimage</name> + <!-- no known fixed version --> + <range><ge>3.13.0</ge></range> + </package> + <package> <name>kodi</name> <range><lt>14.2_1</lt></range> </package> @@ -2555,6 +2584,21 @@ Notes: <range><lt>0.16.1</lt></range> </package> <package> + <name>lightzone</name> + <!-- no known fixed version --> + <range><ge>0</ge></range> + </package> + <package> + <name>netpbm</name> + <range><lt>10.47.56</lt></range> + <range><ge>10.70</ge><lt>10.70.06</lt></range> + </package> + <package> + <name>opengtl</name> + <!-- no known fixed version --> + <range><ge>0</ge></range> + </package> + <package> <name>rawstudio</name> <range><lt>2.0_11</lt></range> </package> @@ -2583,11 +2627,12 @@ Notes: <url>http://www.ocert.org/advisories/ocert-2015-006.html</url>; <url>https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e</url>; <url>https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5</url>; + <url>https://sourceforge.net/p/netpbm/code/2512/</url>; </references> <dates> <discovery>2015-04-24</discovery> <entry>2015-05-15</entry> - <modified>2015-06-06</modified> + <modified>2015-06-24</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506241854.t5OIsaDE015526>