Aggressively mark more consumers of bundled dcraw as vulnerable

ljpeg_start() originates from dcraw, no need to list every package with copy of it at the expense of readability.
author: jbeich <jbeich@FreeBSD.org> 2015-06-25 02:54:36 +0800
committer: jbeich <jbeich@FreeBSD.org> 2015-06-25 02:54:36 +0800
commit: 59d06e4d630f8b34af884d1308295ea85384f400 (patch)
tree: 93952a021eea4094532aaa4e596991143be0a883 /security
parent: ebc5de977644f4bad757d3107c9b315bae239a5d (diff)
download: freebsd-ports-gnome-59d06e4d630f8b34af884d1308295ea85384f400.tar.gz
freebsd-ports-gnome-59d06e4d630f8b34af884d1308295ea85384f400.tar.zst
freebsd-ports-gnome-59d06e4d630f8b34af884d1308295ea85384f400.zip
1 files changed, 47 insertions, 2 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 56f40b9424df..a77a384ed2e2 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -2540,13 +2540,42 @@ Notes:
   </vuln>
 
   <vuln vid="57325ecf-facc-11e4-968f-b888e347c638">
-    <topic>dcraw, kodi, libraw, rawstudio, and ufraw -- integer overflow condition</topic>
+    <topic>dcraw -- integer overflow condition</topic>
     <affects>
       <package>
+	<name>cinepaint</name>
+	<!-- no known fixed version -->
+	<range><ge>0.22.0</ge></range>
+      </package>
+      <package>
+	<name>darktable</name>
+	<range><lt>1.6.7</lt></range>
+      </package>
+      <package>
 	<name>dcraw</name>
 	<range><ge>7.00</ge><lt>9.26</lt></range>
       </package>
       <package>
+	<name>dcraw-m</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>exact-image</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>flphoto</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>freeimage</name>
+	<!-- no known fixed version -->
+	<range><ge>3.13.0</ge></range>
+      </package>
+      <package>
 	<name>kodi</name>
 	<range><lt>14.2_1</lt></range>
       </package>
@@ -2555,6 +2584,21 @@ Notes:
 	<range><lt>0.16.1</lt></range>
       </package>
       <package>
+	<name>lightzone</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
+	<name>netpbm</name>
+	<range><lt>10.47.56</lt></range>
+	<range><ge>10.70</ge><lt>10.70.06</lt></range>
+      </package>
+      <package>
+	<name>opengtl</name>
+	<!-- no known fixed version -->
+	<range><ge>0</ge></range>
+      </package>
+      <package>
 	<name>rawstudio</name>
 	<range><lt>2.0_11</lt></range>
       </package>
@@ -2583,11 +2627,12 @@ Notes:
       <url>http://www.ocert.org/advisories/ocert-2015-006.html</url>
       <url>https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e</url>
       <url>https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5</url>
+      <url>https://sourceforge.net/p/netpbm/code/2512/</url>
     </references>
     <dates>
       <discovery>2015-04-24</discovery>
       <entry>2015-05-15</entry>
-      <modified>2015-06-06</modified>
+      <modified>2015-06-24</modified>
     </dates>
   </vuln>
author	jbeich <jbeich@FreeBSD.org>	2015-06-25 02:54:36 +0800
committer	jbeich <jbeich@FreeBSD.org>	2015-06-25 02:54:36 +0800
commit	59d06e4d630f8b34af884d1308295ea85384f400 (patch)
tree	93952a021eea4094532aaa4e596991143be0a883 /security
parent	ebc5de977644f4bad757d3107c9b315bae239a5d (diff)
download	freebsd-ports-gnome-59d06e4d630f8b34af884d1308295ea85384f400.tar.gz freebsd-ports-gnome-59d06e4d630f8b34af884d1308295ea85384f400.tar.zst freebsd-ports-gnome-59d06e4d630f8b34af884d1308295ea85384f400.zip