Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Jun 2018 19:38:13 +0000 (UTC)
From:      Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r472936 - head/security/vuxml
Message-ID:  <201806201938.w5KJcDie062724@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: sunpoet
Date: Wed Jun 20 19:38:12 2018
New Revision: 472936
URL: https://svnweb.freebsd.org/changeset/ports/472936

Log:
  Document GraphicsMagick vulnerability
  
  PR:		223629
  Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Jun 20 19:38:07 2018	(r472935)
+++ head/security/vuxml/vuln.xml	Wed Jun 20 19:38:12 2018	(r472936)
@@ -58,6 +58,41 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba">
+    <topic>GraphicsMagick -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>GraphicsMagick</name>
+	<range><lt>1.3.26,1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>GraphicsMagick reports:</p>
+	<blockquote cite="http://www.graphicsmagick.org/NEWS.html">;
+	  <p>Multiple vulnerabilities have been found in GraphicsMagick 1.3.26
+	    or earlier. Please refer to the CVE list for details.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.graphicsmagick.org/NEWS.html</url>;
+      <cvename>CVE-2016-7800</cvename>
+      <cvename>CVE-2016-7996</cvename>
+      <cvename>CVE-2016-7997</cvename>
+      <cvename>CVE-2016-9830</cvename>
+      <cvename>CVE-2017-6335</cvename>
+      <cvename>CVE-2017-8350</cvename>
+      <cvename>CVE-2017-10794</cvename>
+      <cvename>CVE-2017-10799</cvename>
+      <cvename>CVE-2017-10800</cvename>
+    </references>
+    <dates>
+      <discovery>2017-07-04</discovery>
+      <entry>2018-06-18</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="3a66cb69-716f-11e8-be54-3085a9a47796">
     <topic>slurm -- insecure handling of user_name and gid fields</topic>
     <affects>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201806201938.w5KJcDie062724>