In message <[email protected]>, Dirk Meyer ([email protected]) wrote: > dinoex 2009-11-06 21:37:16 UTC > > FreeBSD ports repository > > Modified files: > graphics/gd Makefile > Added files: > graphics/gd/files patch-cve-2009-3546 > Log: > - Security patch > Security: CVE-2009-3546 > Security: > http://portaudit.freebsd.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html > PR: 140335 > Submitted by: Eygene Ryabinkin > Obtained from: PHP project > > Revision Changes Path > 1.92 +1 -1 ports/graphics/gd/Makefile > 1.1 +15 -0 ports/graphics/gd/files/patch-cve-2009-3546 (new)
I think there is something wrong with the vulnerabilities entry for this port which stops this update completing. I just tried updating this port from gd-2.0.35_1,1 to gd-2.0.35_2,1 and got: ===> gd-2.0.35_2,1 has known vulnerabilities: => gd -- '_gdGetColors' remote buffer overflow vulnerability. Reference: <http://portaudit.FreeBSD.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html> => Please update your ports tree and try again. *** Error code 1 Stop in /usr/ports/graphics/gd. *** Error code 1 Stop in /usr/ports/graphics/gd. I had a look at the portaudit entry at the URL given. I am unfamiliar with the syntax of these entries, but the 'Affects' entries look suspicious to me, e.g. "gd >0'. Does it need correcting? Cheers, Nick. -- _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[email protected]"
