[Bug 222309] graphics/ImageMagick and graphics/ImageMagick7: remove FPX from default options
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Sep 13 19:18:23 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222309
Bug ID: 222309
Summary: graphics/ImageMagick and graphics/ImageMagick7: remove
FPX from default options
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: kwm at FreeBSD.org
Reporter: citrin+pr at citrin.ru
Assignee: kwm at FreeBSD.org
Flags: maintainer-feedback?(kwm at FreeBSD.org)
Created attachment 186354
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=186354&action=edit
remove FPX from default options
Please remove FPX from default options for graphics/ImageMagick and
graphics/ImageMagick7.
1. FlashPix images are very rare noways. I was not able to found them on the
Internet except in ImageMagick test cases. In rare case when fpx support is
needed it is possible to rebuild ImageMagick from ports with this option
enabled.
2. libfpx contains multiple DoS vulnerabilities:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12924
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12919
and it is unlikely that they will be fixed in near future, because libfxp is
not actively developed:
https://blogs.gentoo.org/ago/2017/08/09/libfpx-null-pointer-dereference-in-wchar-c/
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list