svn commit: r316157 - in head: graphics/jasper graphics/jasper/files security/vuxml

Dirk Meyer dinoex at FreeBSD.org
Sat Apr 20 16:01:57 UTC 2013 

Author: dinoex
Date: Sat Apr 20 16:01:55 2013
New Revision: 316157
URL: http://svnweb.freebsd.org/changeset/ports/316157

Log:
  - Security fix
  Security: CVE-2011-4517 execute arbitrary code on decodes images
  Submitted by:   naddy (Christian Weisgerber)
  Obtained from:  Fedora
  Feature safe: yes

Modified:
  head/graphics/jasper/Makefile
  head/graphics/jasper/files/patch-jpc_cs.c
  head/security/vuxml/vuln.xml

Modified: head/graphics/jasper/Makefile
==============================================================================
--- head/graphics/jasper/Makefile	Sat Apr 20 15:53:03 2013	(r316156)
+++ head/graphics/jasper/Makefile	Sat Apr 20 16:01:55 2013	(r316157)
@@ -3,7 +3,7 @@
 
 PORTNAME=	jasper
 PORTVERSION=	1.900.1
-PORTREVISION=	11
+PORTREVISION=	12
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.ece.uvic.ca/~mdadams/jasper/software/ \
 		${MASTER_SITE_IMAGEMAGICK}

Modified: head/graphics/jasper/files/patch-jpc_cs.c
==============================================================================
--- head/graphics/jasper/files/patch-jpc_cs.c	Sat Apr 20 15:53:03 2013	(r316156)
+++ head/graphics/jasper/files/patch-jpc_cs.c	Sat Apr 20 16:01:55 2013	(r316157)
@@ -75,7 +75,7 @@
  	uint_fast16_t compno;
  	crg->numcomps = cstate->numcomps;
 -	if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) {
-+	if (!(crg->comps = jas_malloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
++	if (!(crg->comps = jas_malloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
  		return -1;
  	}
  	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sat Apr 20 15:53:03 2013	(r316156)
+++ head/security/vuxml/vuln.xml	Sat Apr 20 16:01:55 2013	(r316157)
@@ -115,7 +115,7 @@ Note:  Please add new entries to the beg
     <affects>
       <package>
 	<name>jasper</name>
-	<range><lt>1.900.1_11</lt></range>
+	<range><lt>1.900.1_12</lt></range>
       </package>
     </affects>
     <description>

More information about the svn-ports-all mailing list