[Bug 234473] graphics/openjpeg: fix CVE-2018-6616

Fri Dec 28 18:40:28 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234473

            Bug ID: 234473
           Summary: graphics/openjpeg: fix CVE-2018-6616
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: sunpoet at FreeBSD.org
          Reporter: amontalban at gmail.com
             Flags: maintainer-feedback?(sunpoet at FreeBSD.org)
          Assignee: sunpoet at FreeBSD.org

Created attachment 200585
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=200585&action=edit
openjpeg.patch

Hi,

I'm submiting this patch trying to clean up the vulnerabilities this package
have, first some clarifications:

r477112 fixes CVE-2017-17479 and CVE-2017-17480 but is still showing as
vulnerable in openjpeg-2.3.0_2 is that intended until all vulnerabilities has
been fixed? If not then I have also attached a patch for vuxml.

Additionally I'm submitting a patch for CVE-2018-6616, so the only remaining
vulnerability is CVE-2018-5727.

Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.