Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 04 Feb 2017 13:01:56 +0000
From:      bugzilla-noreply@freebsd.org
To:        emulation@FreeBSD.org
Subject:   [Bug 216778] graphics/linux-c7-tiff: update to 4.0.3-27.el7_3
Message-ID:  <bug-216778-4077@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216778

            Bug ID: 216778
           Summary: graphics/linux-c7-tiff: update to 4.0.3-27.el7_3
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: emulation@FreeBSD.org
          Reporter: pkubaj@anongoth.pl
          Assignee: emulation@FreeBSD.org
             Flags: maintainer-feedback?(emulation@FreeBSD.org)

Created attachment 179592
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D179592&action=
=3Dedit
patch

This patch updates the port to the newest version.

Changelog:
* Multiple flaws have been discovered in libtiff. A remote attacker could
exploit these flaws to cause a crash or memory corruption and, possibly,
execute
arbitrary code by tricking an application linked against libtiff into
processing
specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535)

* Multiple flaws have been discovered in various libtiff tools (tiff2pdf,
tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially
crafted file, a remote attacker could exploit these flaws to cause a crash =
or
memory corruption and, possibly, execute arbitrary code with the privileges=
 of
the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652,
CVE-2016-9540,
CVE-2016-9537, CVE-2016-9536)

As such, MFH is necessary.

Builds fine on Poudriere on 10.3.

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216778-4077>