maintainer-feedback requested: [Bug 221867] [patch] graphics/atril update to 1.18.1 to fix CVE-2017-1000083
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Aug 27 21:00:52 UTC 2017
rkoberman at gmail.com has reassigned Bugzilla Automation <bugzilla at FreeBSD.org>'s
request for maintainer-feedback to gnome at FreeBSD.org:
Bug 221867: [patch] graphics/atril update to 1.18.1 to fix CVE-2017-1000083
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221867
--- Description ---
Created attachment 185828
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=185828&action=edit
svn diff to update graphics/atril to 1.18.1 (Vulnerability fix)
Atril is vulnerable to CVE-2017-1000083. This was resolved upstream over a
month ago by disabling .cbt files and the fix was merged into 1.18.1. This is a
simple PORTVERSION change plus updated distfiles.
Tested on amd64 on 11.1.
NOTE: The vuxml file shows this as fixed in 1.19.0. This is incorrect because
1.19.0 does not fix hte vulnerability and the fix was merged into both 1.18 and
1.19 and new releases generated as 1.18.1 and 1.19.1. 1.19 is a development
release, so the update is to 1.18.1. I am not sure how to get the vuxml
updated.
More information about the freebsd-gnome
mailing list