Opened 8 years ago
Closed 8 years ago
#50642 closed update (fixed)
graphite2: Update to 1.3.5 to fix CVE-2016-1521, CVE-2016-1522, CVE-2016-1523
| Reported by: | raimue (Rainer Müller) | Owned by: | ryandesign (Ryan Carsten Schmidt) |
|---|---|---|---|
| Priority: | High | Milestone: | |
| Component: | ports | Version: | 2.3.4 |
| Keywords: | security | Cc: | |
| Port: | graphite2 |
Description
graphite2 @1.2.4 contains multiple security vulnerabilities, which could be exploited remotely.
For example Debian fixed these by upgrading to version 1.3.5, which leads me to the conclusion these are both API and ABI compatible. I recommend we follow that and upgrade to graphite2 @1.3.5.
Change History (2)
comment:1 Changed 8 years ago by ryandesign (Ryan Carsten Schmidt)
| Priority: | Normal → High |
|---|---|
| Status: | new → assigned |
comment:2 Changed 8 years ago by ryandesign (Ryan Carsten Schmidt)
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
I had been waiting to update graphite2 until I had time to check whether the various hacks in the current portfile are still needed with the new version, and to check whether this version includes a new library version which would necessitate revbumping all ports that use graphite2. But if there's a security issue I should update it immediately...