From owner-svn-ports-head@freebsd.org  Wed Jun 24 18:54:37 2015
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0D9CD916DB6;
 Wed, 24 Jun 2015 18:54:37 +0000 (UTC)
 (envelope-from jbeich@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E64631AA2;
 Wed, 24 Jun 2015 18:54:36 +0000 (UTC)
 (envelope-from jbeich@FreeBSD.org)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t5OIsa1d015527;
 Wed, 24 Jun 2015 18:54:36 GMT (envelope-from jbeich@FreeBSD.org)
Received: (from jbeich@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t5OIsaDE015526;
 Wed, 24 Jun 2015 18:54:36 GMT (envelope-from jbeich@FreeBSD.org)
Message-Id: <201506241854.t5OIsaDE015526@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: jbeich set sender to
 jbeich@FreeBSD.org using -f
From: Jan Beich <jbeich@FreeBSD.org>
Date: Wed, 24 Jun 2015 18:54:36 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r390513 - head/security/vuxml
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2015 18:54:37 -0000

Author: jbeich
Date: Wed Jun 24 18:54:36 2015
New Revision: 390513
URL: https://svnweb.freebsd.org/changeset/ports/390513

Log:
  Aggressively mark more consumers of bundled dcraw as vulnerable
  
  ljpeg_start() originates from dcraw, no need to list every package with
  copy of it at the expense of readability.

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Jun 24 18:37:59 2015	(r390512)
+++ head/security/vuxml/vuln.xml	Wed Jun 24 18:54:36 2015	(r390513)
@@ -2540,13 +2540,42 @@ Notes:
   </vuln>
 
   <vuln vid="57325ecf-facc-11e4-968f-b888e347c638">
-    <topic>dcraw, kodi, libraw, rawstudio, and ufraw -- integer overflow condition</topic>
+    <topic>dcraw -- integer overflow condition</topic>
     <affects>
       <package>
+	<name>cinepaint</name>
+	<!-- no known fixed version -->
+	<range><ge>0.22.0</ge></range>
+      </package>
+      <package>
+	<name>darktable</name>
+	<range><lt>1.6.7</lt></range>
+      </package>
+      <package>
 	<name>dcraw</name>
 	<range><ge>7.00</ge><lt>9.26</lt></range>
       </package>
       <package>
+	<name>dcraw-m</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>exact-image</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>flphoto</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>freeimage</name>
+	<!-- no known fixed version -->
+	<range><ge>3.13.0</ge></range>
+      </package>
+      <package>
 	<name>kodi</name>
 	<range><lt>14.2_1</lt></range>
       </package>
@@ -2555,6 +2584,21 @@ Notes:
 	<range><lt>0.16.1</lt></range>
       </package>
       <package>
+	<name>lightzone</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>netpbm</name>
+	<range><lt>10.47.56</lt></range>
+	<range><ge>10.70</ge><lt>10.70.06</lt></range>
+      </package>
+      <package>
+	<name>opengtl</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
 	<name>rawstudio</name>
 	<range><lt>2.0_11</lt></range>
       </package>
@@ -2583,11 +2627,12 @@ Notes:
       <url>http://www.ocert.org/advisories/ocert-2015-006.html</url>
       <url>https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e</url>
       <url>https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5</url>
+      <url>https://sourceforge.net/p/netpbm/code/2512/</url>
     </references>
     <dates>
       <discovery>2015-04-24</discovery>
       <entry>2015-05-15</entry>
-      <modified>2015-06-06</modified>
+      <modified>2015-06-24</modified>
     </dates>
   </vuln>