Date: Mon, 30 Oct 2023 22:57:04 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 274822] graphics/optipng: Update to 0.7.7_1 and fix CVE-2023-43907 Message-ID: <bug-274822-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274822 Bug ID: 274822 Summary: graphics/optipng: Update to 0.7.7_1 and fix CVE-2023-43907 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: tom@hur.st Created attachment 246007 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D246007&action= =3Dedit Patch for graphics/optipng Patch in a bounds check in gifread.c, verified as preventing the out of bou= nds 1 byte read demonstrated by https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffe= r-overflow1/optipng-global-buffer-overflow1.md The optional configuration for using bundled libraries has been removed due= to their age (with several CVEs noted in libpng since) and lack of any demonstrated benefit. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274822-7788>