Date: Sat, 20 Apr 2013 16:01:56 +0000 (UTC) From: Dirk Meyer <dinoex@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r316157 - in head: graphics/jasper graphics/jasper/files security/vuxml Message-ID: <201304201601.r3KG1u9s006398@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dinoex Date: Sat Apr 20 16:01:55 2013 New Revision: 316157 URL: http://svnweb.freebsd.org/changeset/ports/316157 Log: - Security fix Security: CVE-2011-4517 execute arbitrary code on decodes images Submitted by: naddy (Christian Weisgerber) Obtained from: Fedora Feature safe: yes Modified: head/graphics/jasper/Makefile head/graphics/jasper/files/patch-jpc_cs.c head/security/vuxml/vuln.xml Modified: head/graphics/jasper/Makefile ============================================================================== --- head/graphics/jasper/Makefile Sat Apr 20 15:53:03 2013 (r316156) +++ head/graphics/jasper/Makefile Sat Apr 20 16:01:55 2013 (r316157) @@ -3,7 +3,7 @@ PORTNAME= jasper PORTVERSION= 1.900.1 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= graphics MASTER_SITES= http://www.ece.uvic.ca/~mdadams/jasper/software/ \ ${MASTER_SITE_IMAGEMAGICK} Modified: head/graphics/jasper/files/patch-jpc_cs.c ============================================================================== --- head/graphics/jasper/files/patch-jpc_cs.c Sat Apr 20 15:53:03 2013 (r316156) +++ head/graphics/jasper/files/patch-jpc_cs.c Sat Apr 20 16:01:55 2013 (r316157) @@ -75,7 +75,7 @@ uint_fast16_t compno; crg->numcomps = cstate->numcomps; - if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) { -+ if (!(crg->comps = jas_malloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { ++ if (!(crg->comps = jas_malloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) { return -1; } for (compno = 0, comp = crg->comps; compno < cstate->numcomps; Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Apr 20 15:53:03 2013 (r316156) +++ head/security/vuxml/vuln.xml Sat Apr 20 16:01:55 2013 (r316157) @@ -115,7 +115,7 @@ Note: Please add new entries to the beg <affects> <package> <name>jasper</name> - <range><lt>1.900.1_11</lt></range> + <range><lt>1.900.1_12</lt></range> </package> </affects> <description>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304201601.r3KG1u9s006398>