Date: Sun, 27 Aug 2017 21:00:51 +0000 From: bugzilla-noreply@freebsd.org To: gnome@FreeBSD.org Subject: [Bug 221867] [patch] graphics/atril update to 1.18.1 to fix CVE-2017-1000083 Message-ID: <bug-221867-6497@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221867 Bug ID: 221867 Summary: [patch] graphics/atril update to 1.18.1 to fix CVE-2017-1000083 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: gnome@FreeBSD.org Reporter: rkoberman@gmail.com Flags: maintainer-feedback?(gnome@FreeBSD.org) Keywords: patch Assignee: gnome@FreeBSD.org Created attachment 185828 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=185828&action=edit svn diff to update graphics/atril to 1.18.1 (Vulnerability fix) Atril is vulnerable to CVE-2017-1000083. This was resolved upstream over a month ago by disabling .cbt files and the fix was merged into 1.18.1. This is a simple PORTVERSION change plus updated distfiles. Tested on amd64 on 11.1. NOTE: The vuxml file shows this as fixed in 1.19.0. This is incorrect because 1.19.0 does not fix hte vulnerability and the fix was merged into both 1.18 and 1.19 and new releases generated as 1.18.1 and 1.19.1. 1.19 is a development release, so the update is to 1.18.1. I am not sure how to get the vuxml updated. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-221867-6497>