[Bug 260590] graphics/p5-Image-ExifTool: Update to 12.30
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260590] graphics/p5-Image-ExifTool: Update to 12.30"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 19 Jan 2022 00:28:48 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260590
Kubilay Kocak <koobs@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|Affects Only Me |Affects Many People
Status|New |Open
Priority|--- |Normal
URL| |https://metacpan.org/dist/I
| |mage-ExifTool/changes
CC| |ports-secteam@FreeBSD.org
Keywords| |needs-patch, needs-qa,
| |security
Flags| |merge-quarterly?
--- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> ---
Among a substantial number of bugfixes, there have been multiple security
vulnerabilities addressed in versions between current port version and the
latest:
July 9, 2021 - Version 12.29
..
- Patched a security issue
May 20, 2021 - Version 12.26 (production release)
..
- Patched security vulnerability in argument of -lang option
Apr. 13, 2021 - Version 12.24
...
- Patched security vulnerability in DjVu reader
1) We'll need security/vuxml entries for these along with additional
information from upstream on their nature, including CVE and other upstream
(issue, pr, commit) reference links where available
So that the security changes can be merged to quarterly branch, and given there
have been some API changes in prior versions, either:
- Separation/backporting of the security fixes (commits) separately and prior
to the version update, OR
- Confirmation that the latest version is supported by, and works with all
ports that depend on it, so that the latest version can be merged to quarterly
without regression.
--
You are receiving this mail because:
You are the assignee for the bug.