svn commit: r390513 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Wed Jun 24 18:54:37 UTC 2015
Author: jbeich
Date: Wed Jun 24 18:54:36 2015
New Revision: 390513
URL: https://svnweb.freebsd.org/changeset/ports/390513
Log:
Aggressively mark more consumers of bundled dcraw as vulnerable
ljpeg_start() originates from dcraw, no need to list every package with
copy of it at the expense of readability.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jun 24 18:37:59 2015 (r390512)
+++ head/security/vuxml/vuln.xml Wed Jun 24 18:54:36 2015 (r390513)
@@ -2540,13 +2540,42 @@ Notes:
</vuln>
<vuln vid="57325ecf-facc-11e4-968f-b888e347c638">
- <topic>dcraw, kodi, libraw, rawstudio, and ufraw -- integer overflow condition</topic>
+ <topic>dcraw -- integer overflow condition</topic>
<affects>
<package>
+ <name>cinepaint</name>
+ <!-- no known fixed version -->
+ <range><ge>0.22.0</ge></range>
+ </package>
+ <package>
+ <name>darktable</name>
+ <range><lt>1.6.7</lt></range>
+ </package>
+ <package>
<name>dcraw</name>
<range><ge>7.00</ge><lt>9.26</lt></range>
</package>
<package>
+ <name>dcraw-m</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>exact-image</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>flphoto</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>freeimage</name>
+ <!-- no known fixed version -->
+ <range><ge>3.13.0</ge></range>
+ </package>
+ <package>
<name>kodi</name>
<range><lt>14.2_1</lt></range>
</package>
@@ -2555,6 +2584,21 @@ Notes:
<range><lt>0.16.1</lt></range>
</package>
<package>
+ <name>lightzone</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
+ <name>netpbm</name>
+ <range><lt>10.47.56</lt></range>
+ <range><ge>10.70</ge><lt>10.70.06</lt></range>
+ </package>
+ <package>
+ <name>opengtl</name>
+ <!-- no known fixed version -->
+ <range><ge>0</ge></range>
+ </package>
+ <package>
<name>rawstudio</name>
<range><lt>2.0_11</lt></range>
</package>
@@ -2583,11 +2627,12 @@ Notes:
<url>http://www.ocert.org/advisories/ocert-2015-006.html</url>
<url>https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e</url>
<url>https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5</url>
+ <url>https://sourceforge.net/p/netpbm/code/2512/</url>
</references>
<dates>
<discovery>2015-04-24</discovery>
<entry>2015-05-15</entry>
- <modified>2015-06-06</modified>
+ <modified>2015-06-24</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list