[MacPorts] #50642: graphite2: Update to 1.3.5 to fix CVE-2016-1521, CVE-2016-1522, CVE-2016-1523
MacPorts
noreply at macports.org
Tue Feb 16 08:28:08 PST 2016
#50642: graphite2: Update to 1.3.5 to fix CVE-2016-1521, CVE-2016-1522,
CVE-2016-1523
----------------------+--------------------------
Reporter: raimue@… | Owner: ryandesign@…
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.3.4
Keywords: security | Port: graphite2
----------------------+--------------------------
graphite2 @1.2.4 contains multiple security vulnerabilities, which could
be [http://blog.talosintel.com/2016/02/vulnerability-spotlight-
libgraphite.html exploited remotely].
For example [https://security-tracker.debian.org/tracker/CVE-2016-1521
Debian fixed these] by upgrading to version 1.3.5, which leads me to the
conclusion these are both API and ABI compatible. I recommend we follow
that and upgrade to graphite2 @1.3.5.
--
Ticket URL: <https://trac.macports.org/ticket/50642>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list