Date: Sun, 12 Nov 2017 12:23:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 223629] security/vuxml: Document multiple vulnerabilities in GraphicsMagick 1.3.26 Message-ID: <bug-223629-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223629 Bug ID: 223629 Summary: security/vuxml: Document multiple vulnerabilities in GraphicsMagick 1.3.26 Product: Ports & Packages Version: Latest Hardware: Any URL: https://sourceforge.net/p/graphicsmagick/code/ci/defau lt/tree/ChangeLog OS: Any Status: New Keywords: needs-qa, patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-secteam@FreeBSD.org Reporter: vlad-fbsd@acheronmedia.com CC: sunpoet@FreeBSD.org Flags: maintainer-feedback?(ports-secteam@FreeBSD.org), maintainer-feedback?(sunpoet@FreeBSD.org) Assignee: ports-secteam@FreeBSD.org Created attachment 187939 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D187939&action= =3Dedit Document multiple vulns in GraphicsMagick 1.3.26 Multiple vulnerabilities have been fixed since GraphicsMagick 1.3.26 has be= en released. This patch documents those. In addition, some of the vulns are not listed here, because they're already listed for ImageMagick (as cvenames): * CVE-2017-8350 * CVE-2017-8351 * CVE-2017-8353 * CVE-2017-9142 Therefore VUID 50776801-4183-11e7-b291-b499baebfeaf (that lists those) would have to be modified to include GraphicsMagick. I'm marking this with `needs-qa` as I'd like the GraphicsMagick's maintainer feedback on this (cc'd) first. All these are documented in commits _after_ 1.3.26 was released and there's no newer upstream release yet. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-223629-13>