Vulnerability on these ports!

[gessel]

graphics/jasper is a (the?) alternate JPEG 2000 CODEC project. It has good support and no currently reported vulns. It is used by graphics/GraphicsMagick and might be an altnernatative. graphics/darktable seems to have optional graphics/ImageMagick and graphics/openjpeg support, so simply unselecting those options should get you past the vulnerability fail. If you need JPEG200 support, I seem to remember in the distant past doing something like this site describes to use graphics/GraphicsMagick instead of graphics/ImageMagick, which would then optionally install graphics/jasper for JPEG2000 support rather than graphics/openjpeg.

 

[shkhln]

graphics/jasper is a (the?) alternate JPEG 2000 CODEC project. It has good support and no currently reported vulns.

How about https://github.com/mdadams/jasper/issues/147?

 

[gessel]

The last remaining vuln was closed a few days ago, see: https://github.com/uclouvain/openjpeg/issues/1053. Hopefully this patch will make it through to ports quickly.

 

[Vull]

My delight in learning of these fixes to openjpeg, and 6 other ports I've been using cautiously, seemed complete until yesterday, April 2, when several previously unreported vulnerabilities showed up for Apache web server version 2.4.38, which I've been using since some time shortly after its commit date of January 23. Users should upgrade to version 2.4.39 as soon as possible. Version 2.4.39 has been available since yesterday in ports, but not yet in packages.