#50642: graphite2: Update to 1.3.5 to fix CVE-2016-1521, CVE-2016-1522, CVE-2016-1523 ----------------------+-------------------------- Reporter: raimue@… | Owner: ryandesign@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.4 Keywords: security | Port: graphite2 ----------------------+-------------------------- graphite2 @1.2.4 contains multiple security vulnerabilities, which could be [http://blog.talosintel.com/2016/02/vulnerability-spotlight- libgraphite.html exploited remotely]. For example [https://security-tracker.debian.org/tracker/CVE-2016-1521 Debian fixed these] by upgrading to version 1.3.5, which leads me to the conclusion these are both API and ABI compatible. I recommend we follow that and upgrade to graphite2 @1.3.5. -- Ticket URL: <https://trac.macports.org/ticket/50642> MacPorts <https://www.macports.org/> Ports system for OS X