Opened 10 years ago
Closed 10 years ago
#43308 closed update (fixed)
jbigkit security update to version 2.1
| Reported by: | Schamschula (Marius Schamschula) | Owned by: | ryandesign (Ryan Carsten Schmidt) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | haspatch | Cc: | |
| Port: | jbigkit |
Description
I've updated jbigkit to @2.1.
The release notes for this version are as follows: This is a security-critical bugfix release which remains API and ABI backwards-compatible to version 2.0. Users who decompress JBIG data from untrusted sources should upgrade. It fixes a buffer overflow vulnerability in the jbig.c decoder (CVE-2013-6369), a bug in the way jbig.c processes the option DPPRIV=1 (not usually used in practice), and the ability of a specially-crafted input file to force the jbig85.c decoder into an endless loop.
Attachments (3)
Change History (6)
Changed 10 years ago by Schamschula (Marius Schamschula)
| Attachment: | Portfile-jbigkit.diff added |
|---|
Changed 10 years ago by Schamschula (Marius Schamschula)
| Attachment: | patch-libjbig_Makefile_darwin added |
|---|
Changed 10 years ago by Schamschula (Marius Schamschula)
| Attachment: | patch-Makefile added |
|---|
comment:1 Changed 10 years ago by mf2k (Frank Schima)
| Keywords: | haspatch added |
|---|---|
| Version: | 2.2.1 |
comment:2 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
| Owner: | changed from macports-tickets@… to ryandesign@… |
|---|---|
| Status: | new → assigned |
comment:3 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
r118745