Kris Kennaway wrote:
On Thu, Apr 19, 2007 at 10:10:41AM +0800, Foxfair Hu wrote:
Lowell Gilbert wrote:
David Southwell <[EMAIL PROTECTED]> writes:
portupgrade -a produces following output for lynx on cvsup from today.
freebsd 6.1
-----------------------------------------
---> Upgrading 'lynx-2.8.5_2' to 'lynx-2.8.6_4' (www/lynx)
---> Building '/usr/ports/www/lynx'
===> Cleaning for lynx-2.8.6_4
===> lynx-2.8.6_4 has known vulnerabilities:
=> lynx -- remote buffer overflow.
Reference:
<http://www.FreeBSD.org/ports/portaudit/c01170bf-4990-11da-a1b8-000854d03344.html>
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/www/lynx.
Any news or advice forthcoming?
That doesn't *seem* to be applicable to the current version.
It looks like a version-number parsing problem producing a false warning.
I don't have access to my build machine to check more closely, though...
.
Definitely a false alert, lynx 2.8.5rel4 had fixed the problem, and it
was rev1.112 of Makefile
in www/lynx. If no one objects, I'll put this diff to prevent portaudit
send wrong warning again:
Wrong fix, fix the vuxml instead of hacking around it.
Kris
.
vuxml -> security-team's baby.
Cc added.
foxfair
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"