Date: Wed, 04 Oct 2023 14:50:27 +0000 From: bugzilla-noreply@freebsd.org To: x11@FreeBSD.org Subject: maintainer-feedback requested: [Bug 274265] x11/libXpm: update vulnerable port to 3.5.17 Message-ID: <bug-274265-7141-kh2rFv77FK@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-274265-7141@https.bugs.freebsd.org/bugzilla/> References: <bug-274265-7141@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-x11 (Nobody) <x11@FreeBSD.org> for maintainer-feedback: Bug 274265: x11/libXpm: update vulnerable port to 3.5.17 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274265 --- Description --- X11 has published a security bulletin [1] that exposes the following CVEs in our x11/libXpm version 3.5.15: CVE-2023-43786: stack exhaustion in XPutImage CVE-2023-43787: integer overflow in XCreateImage CVE-2023-43788: Out of bounds read in XpmCreateXpmImageFromBuffer CVE-2023-43789: Out of bounds read on XPM with corrupted colormap See changelog for a full list of changes in the release [2]. The attached patch bumps the Makefile and distinfo. 1. https://lists.x.org/archives/xorg/2023-October/061506.html 2. https://gitlab.freedesktop.org/xorg/lib/libxpm/-/compare/libXpm-3.5.15...li= bXpm -3.5.17
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274265-7141-kh2rFv77FK>