[Bug 212207] graphics/mupdf: CVE-2016-6525, CVE-2016-6265
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 27 22:44:59 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212207
Bug ID: 212207
Summary: graphics/mupdf: CVE-2016-6525, CVE-2016-6265
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: needs-qa, patch, security
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: t at tobik.me
CC: udvzsolt at gmail.com
Attachment #174138 maintainer-approval?(udvzsolt at gmail.com)
Flags:
CC: udvzsolt at gmail.com
Flags: maintainer-feedback?(udvzsolt at gmail.com),
merge-quarterly?
Created attachment 174138
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=174138&action=edit
mupdf.diff
Seen on the OpenBSD Ports mailing list.
These should affect the version in the FreeBSD ports tree too. This also
affects graphics/llpp and graphics/zathura-pdf-mupdf since both statically link
with mupdf.
I'm attaching a patch that bumps portrevisions of all 3 ports and includes
patches that are supposed to fix these issues.
OpenBSD commit message:
-------------------------
revision 1.65
date: 2016/08/27 20:58:48; author: jca; state: Exp; lines: +2 -2; commitid:
7TTHy8bFvHVkME08;
SECURITY fixes for CVE-2016-6525 & CVE-2016-6265
CVE-2016-6525 heap overflow in pdf_load_mesh_params()
CVE-2016-6265 use-after-free
Reported by & looks good to stsp@, ok sthen@ (maintainer)
------------------------
More info:
- https://marc.info/?l=oss-security&m=147022667716011&w=2
- https://marc.info/?l=oss-security&m=146911020216511&w=2
I haven't done any test builds in Poudriere yet. Mupdf still builds fine
outside of it however. Doing poudriere builds will take a while.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list