[Bug 223629] security/vuxml: Document multiple vulnerabilities in GraphicsMagick 1.3.26

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223629

            Bug ID: 223629
           Summary: security/vuxml: Document multiple vulnerabilities in
                    GraphicsMagick 1.3.26
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://sourceforge.net/p/graphicsmagick/code/ci/defau
                    lt/tree/ChangeLog
                OS: Any
            Status: New
          Keywords: needs-qa, patch, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam at FreeBSD.org
          Reporter: vlad-fbsd at acheronmedia.com
                CC: sunpoet at FreeBSD.org
             Flags: maintainer-feedback?(ports-secteam at FreeBSD.org),
                    maintainer-feedback?(sunpoet at FreeBSD.org)
          Assignee: ports-secteam at FreeBSD.org

Created attachment 187939
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=187939&action=edit
Document multiple vulns in GraphicsMagick 1.3.26

Multiple vulnerabilities have been fixed since GraphicsMagick 1.3.26 has been
released. This patch documents those.

In addition, some of the vulns are not listed here, because they're already
listed for ImageMagick (as cvenames):

* CVE-2017-8350
* CVE-2017-8351
* CVE-2017-8353
* CVE-2017-9142

Therefore VUID 50776801-4183-11e7-b291-b499baebfeaf (that lists those) would
have to be modified to include GraphicsMagick.

I'm marking this with `needs-qa` as I'd like the GraphicsMagick's maintainer
feedback on this (cc'd) first. All these are documented in commits _after_
1.3.26 was released and there's no newer upstream release yet.

-- 
You are receiving this mail because:
You are the assignee for the bug.