Index: graphics/libsixel/Makefile =================================================================== --- graphics/libsixel/Makefile +++ graphics/libsixel/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= libsixel -PORTVERSION= 1.8.1 +PORTVERSION= 1.8.2 PORTEPOCH= 1 CATEGORIES= graphics MASTER_SITES= https://github.com/saitoha/libsixel/releases/download/v${PORTVERSION}/ Index: graphics/libsixel/distinfo =================================================================== --- graphics/libsixel/distinfo +++ graphics/libsixel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1528698296 -SHA256 (libsixel-1.8.1.tar.gz) = 6f31a5db6a195155b2168aad5c1b6b62ac3b10919e16576029f9b4ced5384e8d -SIZE (libsixel-1.8.1.tar.gz) = 4777791 +TIMESTAMP = 1532317736 +SHA256 (libsixel-1.8.2.tar.gz) = c464d2a6fcf35e9e6bad1876729e853a8b9f6abfe97d9e3487c9bfac45cf2a5f +SIZE (libsixel-1.8.2.tar.gz) = 4778776 Index: security/vuxml/vuln.xml =================================================================== --- security/vuxml/vuln.xml +++ security/vuxml/vuln.xml @@ -58,6 +58,36 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + Memory leak in different components + + + libsixel + 1.8.2,1 + + + + +

MITRE reports:

+
bsixel 1.8.1 has a memory leak in sixel_decoder_decode in + decoder.c, image_buffer_resize in fromsixel.c, sixel_decode_raw in + fromsixel.c and sixel_allocator_new in allocator.c
+

+ + + + CVE-2018-14072 + CVE-2018-14073 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14072 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14073 + + + 2018-07-15 + 2018-07-24 + + + vlc -- Use after free vulnerability