Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 04 Feb 2017 13:01:56 +0000
From:      bugzilla-noreply@freebsd.org
To:        emulation@FreeBSD.org
Subject:   maintainer-feedback requested: [Bug 216778] graphics/linux-c7-tiff: update to 4.0.3-27.el7_3
Message-ID:  <bug-216778-4077-AAb8BGUX4L@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-216778-4077@https.bugs.freebsd.org/bugzilla/>
References:  <bug-216778-4077@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
Piotr Kubaj <pkubaj@anongoth.pl> has reassigned Bugzilla Automation
<bugzilla@FreeBSD.org>'s request for maintainer-feedback to
emulation@FreeBSD.org:
Bug 216778: graphics/linux-c7-tiff: update to 4.0.3-27.el7_3
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216778



--- Description ---
Created attachment 179592
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D179592&action=
=3Dedit
patch

This patch updates the port to the newest version.

Changelog:
* Multiple flaws have been discovered in libtiff. A remote attacker could
exploit these flaws to cause a crash or memory corruption and, possibly,
execute
arbitrary code by tricking an application linked against libtiff into
processing
specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)

* Multiple flaws have been discovered in various libtiff tools (tiff2pdf,
tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially
crafted file, a remote attacker could exploit these flaws to cause a crash =
or
memory corruption and, possibly, execute arbitrary code with the privileges=
 of
the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652,
CVE-2016-9540,
CVE-2016-9537, CVE-2016-9536)

As such, MFH is necessary.

Builds fine on Poudriere on 10.3.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216778-4077-AAb8BGUX4L>