Opened 9 years ago

Closed 9 years ago

#50642 closed update (fixed)

graphite2: Update to 1.3.5 to fix CVE-2016-1521, CVE-2016-1522, CVE-2016-1523

Reported by: raimue (Rainer Müller) Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: High Milestone:
Component: ports Version: 2.3.4
Keywords: security Cc:
Port: graphite2

Description

graphite2 @1.2.4 contains multiple security vulnerabilities, which could be exploited remotely.

For example Debian fixed these by upgrading to version 1.3.5, which leads me to the conclusion these are both API and ABI compatible. I recommend we follow that and upgrade to graphite2 @1.3.5.

Change History (2)

comment:1 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

Priority: NormalHigh
Status: newassigned

I had been waiting to update graphite2 until I had time to check whether the various hacks in the current portfile are still needed with the new version, and to check whether this version includes a new library version which would necessitate revbumping all ports that use graphite2. But if there's a security issue I should update it immediately...

comment:2 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

Resolution: fixed
Status: assignedclosed
Note: See TracTickets for help on using tickets.