>Number: 181384 >Category: misc >Synopsis: /var/db/pkg/auditfile has a type for lcms2 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Aug 18 19:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Derek Schrock >Release: FreeBSD 9.1-RELEASE-p5 >Organization: >Environment: >Description: /var/db/pkg/auditfile has a typo for lcms2
$ grep ^lcms2 /var/db/pkg/auditfile lcms2>0|http://portaudit.FreeBSD.org/9a0a892e-05d8-11e3-ba09-000c29784fd1.html|lcms2 -- Null Pointer Dereference Denial of Service Vulnerability Unless I'm reading the bug incorrectly teh CVE was fixed in 2.5: https://bugs.mageia.org/show_bug.cgi?id=10816 graphics/lcms2 is lcms 2.5 >How-To-Repeat: Building from port fails: $ sudo make -C /usr/ports/graphics/lcms2/ ===> lcms2-2.5 has known vulnerabilities: lcms2-2.5 is vulnerable: lcms2 -- Null Pointer Dereference Denial of Service Vulnerability WWW: http://portaudit.FreeBSD.org/9a0a892e-05d8-11e3-ba09-000c29784fd1.html => Please update your ports tree and try again. *** [check-vulnerable] Error code 1 Stop in /usr/ports/graphics/lcms2. *** [build] Error code 1 Stop in /usr/ports/graphics/lcms2. >Fix: Change /var/db/pkg/auditfile lcms2 entry to <2.5: lcms2<2.5|http://portaudit.FreeBSD.org/9a0a892e-05d8-11e3-ba09-000c29784fd1.html|lcms2 -- Null Pointer Dereference Denial of Service Vulnerability >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
