https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221058
--- Comment #12 from goffr...@gmail.com --- I modified the Makefile, and got this error: " Error: /usr/local/bin/luminance-hdr is linked to /usr/local/lib/libIlmImf-2_2.so.22 from graphics/OpenEXR but it is not declared as a dependency Warning: you need LIB_DEPENDS+=libIlmImf-2_2.so:graphics/OpenEXR " It installs e works fine. But, when I add libIlmImf-2_2.so:graphics/OpenEXR in LIB_DEPENDS I get this error: " ===> luminance-hdr-qt5-2.5.1 depends on shared library: libIlmImf-2_2.so - not found ===> OpenEXR-2.2.0_7 has known vulnerabilities: OpenEXR-2.2.0_7 is vulnerable: OpenEXR -- multiple remote code execution and denial of service vulnerabilities CVE: CVE-2017-9116 CVE: CVE-2017-9115 CVE: CVE-2017-9114 CVE: CVE-2017-9113 CVE: CVE-2017-9112 CVE: CVE-2017-9111 CVE: CVE-2017-9110 WWW: https://vuxml.FreeBSD.org/freebsd/803879e9-4195-11e7-9b08-080027ef73ec.html 1 problem(s) in the installed packages found. => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make[3]: stopped in /usr/ports/graphics/OpenEXR *** Error code 1 Stop. make[2]: stopped in /usr/ports/graphics/OpenEXR *** Error code 1 Stop. make[1]: stopped in /usr/ports/graphics/luminance-qt5 *** Error code 1 Stop. make: stopped in /usr/ports/graphics/luminance-qt5 " I know, there is this security issue in OpenEXR. And they know (https://github.com/openexr/openexr/issues/232). I sent this security issue message to then. But I have it installed: " root:SUPER[1068] pkg info | grep -i openexr OpenEXR-2.2.0_7 High dynamic-range (HDR) image file format " -- You are receiving this mail because: You are on the CC list for the bug.
