Vulnerable packages in ports tree 29/12

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Vulnerable packages in ports tree 29/12

Sevan / Venture37-2
graphics/giflib https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7555
graphics/tiff CVE-2015-7554 CVE-2015-8668
www/phpmyadmin https://www.phpmyadmin.net/security/PMASA-2015-6/


Sevan / Venture37

Reply | Threaded
Open this post in threaded view
|

Re: Vulnerable packages in ports tree 29/12

Giovanni Bechis-7
On 12/29/15 05:05, Sevan / Venture37 wrote:
> graphics/giflib https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7555
> graphics/tiff CVE-2015-7554 CVE-2015-8668
> www/phpmyadmin https://www.phpmyadmin.net/security/PMASA-2015-6/
>
just committed phpmyadmin update, ok for 5.8 for the same diff ?
 Cheers
  Giovanni


phpmyadmin-4.4.15.2.diff (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Vulnerable packages in ports tree 29/12

Stuart Henderson-6
In reply to this post by Sevan / Venture37-2
On 2015/12/29 04:05, Sevan / Venture37 wrote:
> graphics/giflib https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7555

no upstream fix, redhat are "CLOSED WONTFIX".. fortunately it's only in the
giffix binary and not the library.

> graphics/tiff CVE-2015-7554 CVE-2015-8668

I don't think this is fixed upstream either.