From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Jul 2 20:40:01 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 2EB41E07 for ; Tue, 2 Jul 2013 20:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id EEF1015F0 for ; Tue, 2 Jul 2013 20:40:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r62Ke0B1009400 for ; Tue, 2 Jul 2013 20:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r62Ke0J2009399; Tue, 2 Jul 2013 20:40:00 GMT (envelope-from gnats) Resent-Date: Tue, 2 Jul 2013 20:40:00 GMT Resent-Message-Id: <201307022040.r62Ke0J2009399@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Charlie & Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 4D8F6CB1 for ; Tue, 2 Jul 2013 20:35:28 +0000 (UTC) (envelope-from root@numail.brianwhalen.net) Received: from numail.brianwhalen.net (108-217-243-25.uvs.sndgca.sbcglobal.net [108.217.243.25]) by mx1.freebsd.org (Postfix) with ESMTP id 365A21561 for ; Tue, 2 Jul 2013 20:35:27 +0000 (UTC) Received: by numail.brianwhalen.net (Postfix, from userid 0) id 600D52843B; Tue, 2 Jul 2013 13:30:08 -0700 (PDT) Message-Id: <20130702203008.600D52843B@numail.brianwhalen.net> Date: Tue, 2 Jul 2013 13:30:08 -0700 (PDT) From: Charlie & To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/180215: After a portsnap fetch update, portupgrade of ftp/curl to 7.24.0.4 wont proceed due to a vulnerablity X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Charlie & List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jul 2013 20:40:01 -0000 >Number: 180215 >Category: ports >Synopsis: After a portsnap fetch update, portupgrade of ftp/curl to 7.24.0.4 wont proceed due to a vulnerablity >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 02 20:40:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Charlie & >Release: FreeBSD 9.1-RELEASE-p4 i386 >Organization: Just a guy >Environment: System: FreeBSD numail.brianwhalen.net 9.1-RELEASE-p4 FreeBSD 9.1-RELEASE-p4 #0: Mon Jun 17 11:38:17 UTC 2013 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: amd am2 cpu raptor hd. This was a 7.x stable system till recently >How-To-Repeat: I have a newports script which does portsnap fetch update && portupgrade -aP --batch. I ran this, saw the issue, then ran and reproduced it again. The displayed message is ===> curl-7.24.0_4 has known vulnerabilities: Affected package: curl-7.24.0_4 Type of problem: cURL library -- heap corruption in curl_easy_unescape. Reference: http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html => Please update your ports tree and try again. >Fix: >Release-Note: >Audit-Trail: >Unformatted: