On Sat, Nov 07, 2009 at 08:52:25AM +0000, N.J. Mann wrote: > In message <[email protected]>, > Dirk Meyer ([email protected]) wrote: > > dinoex 2009-11-06 21:37:16 UTC > > > > FreeBSD ports repository > > > > Modified files: > > graphics/gd Makefile > > Added files: > > graphics/gd/files patch-cve-2009-3546 > > Log: > > - Security patch > > Security: CVE-2009-3546 > > Security: > > http://portaudit.freebsd.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html > > PR: 140335 > > Submitted by: Eygene Ryabinkin > > Obtained from: PHP project > > > > Revision Changes Path > > 1.92 +1 -1 ports/graphics/gd/Makefile > > 1.1 +15 -0 ports/graphics/gd/files/patch-cve-2009-3546 (new) > > I think there is something wrong with the vulnerabilities entry for this > port which stops this update completing. I just tried updating this > port from gd-2.0.35_1,1 to gd-2.0.35_2,1 and got: > > > ===> gd-2.0.35_2,1 has known vulnerabilities: > => gd -- '_gdGetColors' remote buffer overflow vulnerability. > Reference: > <http://portaudit.FreeBSD.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html> > => Please update your ports tree and try again. > *** Error code 1 > > Stop in /usr/ports/graphics/gd. > *** Error code 1 > > Stop in /usr/ports/graphics/gd. > > > I had a look at the portaudit entry at the URL given. I am unfamiliar > with the syntax of these entries, but the 'Affects' entries look > suspicious to me, e.g. "gd >0'. Does it need correcting?
Yes, and I have fixed it for graphics/gd. I'm unsure about the status of the other ports mentioned in the entry so I left them alone. Thanks! -- WXS _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[email protected]"
