Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Feb 2006 21:10:07 -0600
From:      Mark Lubratt <mark.lubratt@indeq.com>
To:        anholt@FreeBSD.org
Cc:        ports@FreeBSD.org
Subject:   FreeBSD Port: paraview-2.4.2 - security vulnerabilities
Message-ID:  <E342ABF2-28C7-4C73-AB7B-EF1A0A82CCF4@indeq.com>
next in thread | raw e-mail | index | archive | help 
Hello!

I originally posted this to the questions list.  But, now I realize  
that it's probably better posted here.

I'm trying to install the OpenFoam port on 6.0 Stable with the  
current ports tree.  During the install, I get the following errors  
from the paraview dependency:

    Verifying install for /usr/local/lib/paraview-2.4/ 
ParaViewConfig.cmake i
n /usr/ports/science/paraview
===>  paraview-2.4.2 has known vulnerabilities:
=> tiff -- buffer overflow vulnerability.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
68222076-010b-11da-bc08-00
01020eed82.html>
=> tiff -- divide-by-zero denial-of-service.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
b58ff497-6977-11d9-ae49-00
0c41e2cdad.html>
=> tiff -- directory entry count integer overflow vulnerability.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
fc7e6a42-6012-11d9-a9e7-00
01020eed82.html>
=> tiff -- multiple integer overflows.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
3897a2f8-1d57-11d9-bc4a-00
0c41e2cdad.html>
=> tiff -- RLE decoder heap overflows.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
f6680c03-0bd8-11d9-8a8a-00
0c41e2cdad.html>
=> Please update your ports tree and try again.


I've updated the ports tree multiple times.  I've perused the  
archives and found that all of these vulnerabilities should already  
be fixed (to the best of my understanding).  Portaudit doesn't report  
the current linux-tiff-3.6.1_5 has having these vulnerabilities.   
I've tried deinstalling and reinstalling linux-tiff.  Portversion  
reports that linux-tiff is up to date.

I'm not sure what to do next, or how to get around this error.  Any  
help would be appreciated!

Thanks!
Mark

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E342ABF2-28C7-4C73-AB7B-EF1A0A82CCF4>