On Wednesday 14 November 2007 04:32:12 pm Kurt Buff wrote: > On 11/14/07, Jonathan Horne <[EMAIL PROTECTED]> wrote: > > On Wednesday 14 November 2007 03:57:26 pm Kris Kennaway wrote: > > > Jonathan Horne wrote: > > > > On Wednesday 14 November 2007 03:39:47 pm Jonathan Horne wrote: > > > >> my jails server (6.2-p8) just ran portupgrade fine, and cups was one > > > >> of its items it updated: > > > >> > > > >> [EMAIL PROTECTED] ~]# pkg_info | grep cups- > > > >> cups-base-1.3.3_2 Common UNIX Printing System > > > >> > > > >> but my 7.0-b2 desktop, refuses to build the same package: > > > >> > > > >> ===> cups-base-1.3.3_2 has known vulnerabilities: > > > >> => cups -- off-by-one buffer overflow. > > > >> Reference: > > > >> <http://www.FreeBSD.org/ports/portaudit/8dd9722c-8e97-11dc-b8f6-001c > > > >>2514 716 c.html> => Please update your ports tree and try again. > > > >> *** Error code 1 > > > >> > > > >> what would be the differences between the 2 systems that one would > > > >> build it, and the other reject the same port? ive not tweaked any > > > >> port security settings on either one, so this is some curious > > > >> behavior to me. > > > >> > > > >> thanks, > > > > > > > > another interesting thing, when you read the portaudit page for this, > > > > it says: > > > > > > > > Affects: > > > > cups-base <1.3.3_1 > > > > > > > > but yet 1.3.3_2 still is rejected. > > > > > > One or the other has either a stale portaudit database or ports tree. > > > > > > Kris > > > > what is the method for updating the portaudit database? both have had > > their ports trees updated today, the 7.0 box multiple times. > > > > thanks, > > -- > > Jonathan Horne > > http://dfwlpiki.dfwlp.org > > [EMAIL PROTECTED] > > I ran into a similar issue with cups - what does 'portaudit -aF' give > on each machine? > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]"
interesting, portaudit seems to be part of the 7.0 base system now. on my BETA2 box: [EMAIL PROTECTED] /usr/ports]# portaudit -aF auditfile.tbz 100% of 45 kB 100 kBps New database installed. Affected package: cups-base-1.3.3 Type of problem: xpdf -- multiple remote Stream.CC vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/2747fc39-915b-11dc-9239-001c2514716c.html> Affected package: cups-base-1.3.3 Type of problem: cups -- off-by-one buffer overflow. Reference: <http://www.FreeBSD.org/ports/portaudit/8dd9722c-8e97-11dc-b8f6-001c2514716c.html> 2 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. portaudit is not installed on my 6.2 server, so i have no data to print for that one. thanks, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
