Opened 11 years ago

Closed 11 years ago

#43308 closed update (fixed)

jbigkit security update to version 2.1

Reported by: Schamschula (Marius Schamschula) Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: ports Version:
Keywords: haspatch Cc:
Port: jbigkit

Description

I've updated jbigkit to @2.1.

The release notes for this version are as follows:

This is a security-critical bugfix release which remains API and ABI backwards-compatible to version 2.0.

Users who decompress JBIG data from untrusted sources should upgrade.

It fixes a buffer overflow vulnerability in the jbig.c decoder (CVE-2013-6369), a bug in the way jbig.c processes the option 
DPPRIV=1 (not usually used in practice), and the ability of a specially-crafted input file to force the jbig85.c decoder into 
an endless loop.

Attachments (3)

Portfile-jbigkit.diff (1.1 KB) - added by Schamschula (Marius Schamschula) 11 years ago.
patch-libjbig_Makefile_darwin (867 bytes) - added by Schamschula (Marius Schamschula) 11 years ago.
patch-Makefile (464 bytes) - added by Schamschula (Marius Schamschula) 11 years ago.

Download all attachments as: .zip

Change History (6)

Changed 11 years ago by Schamschula (Marius Schamschula)

Attachment: Portfile-jbigkit.diff added

Changed 11 years ago by Schamschula (Marius Schamschula)

Changed 11 years ago by Schamschula (Marius Schamschula)

Attachment: patch-Makefile added

comment:1 Changed 11 years ago by mf2k (Frank Schima)

Keywords: haspatch added
Version: 2.2.1

comment:2 Changed 11 years ago by ryandesign (Ryan Carsten Schmidt)

Owner: changed from macports-tickets@… to ryandesign@…
Status: newassigned

comment:3 Changed 11 years ago by ryandesign (Ryan Carsten Schmidt)

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.