From owner-freebsd-ports@FreeBSD.ORG  Thu Feb  2 03:10:14 2006
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
X-Original-To: ports@FreeBSD.org
Delivered-To: freebsd-ports@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ABFE116A420
	for <ports@FreeBSD.org>; Thu,  2 Feb 2006 03:10:14 +0000 (GMT)
	(envelope-from mark.lubratt@indeq.com)
Received: from smtpout06-04.prod.mesa1.secureserver.net
	(smtpout06-01.prod.mesa1.secureserver.net [64.202.165.224])
	by mx1.FreeBSD.org (Postfix) with SMTP id 12F2443D48
	for <ports@FreeBSD.org>; Thu,  2 Feb 2006 03:10:13 +0000 (GMT)
	(envelope-from mark.lubratt@indeq.com)
Received: (qmail 21767 invoked from network); 2 Feb 2006 03:10:13 -0000
Received: from unknown (63.243.84.42)
	by smtpout06-04.prod.mesa1.secureserver.net (64.202.165.227) with ESMTP;
	02 Feb 2006 03:10:09 -0000
Mime-Version: 1.0 (Apple Message framework v746.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <E342ABF2-28C7-4C73-AB7B-EF1A0A82CCF4@indeq.com>
Content-Transfer-Encoding: 7bit
From: Mark Lubratt <mark.lubratt@indeq.com>
Date: Wed, 1 Feb 2006 21:10:07 -0600
To: anholt@FreeBSD.org
X-Mailer: Apple Mail (2.746.2)
Cc: ports@FreeBSD.org
Subject: FreeBSD Port: paraview-2.4.2 - security vulnerabilities
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Feb 2006 03:10:14 -0000

Hello!

I originally posted this to the questions list.  But, now I realize  
that it's probably better posted here.

I'm trying to install the OpenFoam port on 6.0 Stable with the  
current ports tree.  During the install, I get the following errors  
from the paraview dependency:

    Verifying install for /usr/local/lib/paraview-2.4/ 
ParaViewConfig.cmake i
n /usr/ports/science/paraview
===>  paraview-2.4.2 has known vulnerabilities:
=> tiff -- buffer overflow vulnerability.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
68222076-010b-11da-bc08-00
01020eed82.html>
=> tiff -- divide-by-zero denial-of-service.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
b58ff497-6977-11d9-ae49-00
0c41e2cdad.html>
=> tiff -- directory entry count integer overflow vulnerability.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
fc7e6a42-6012-11d9-a9e7-00
01020eed82.html>
=> tiff -- multiple integer overflows.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
3897a2f8-1d57-11d9-bc4a-00
0c41e2cdad.html>
=> tiff -- RLE decoder heap overflows.
    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
f6680c03-0bd8-11d9-8a8a-00
0c41e2cdad.html>
=> Please update your ports tree and try again.


I've updated the ports tree multiple times.  I've perused the  
archives and found that all of these vulnerabilities should already  
be fixed (to the best of my understanding).  Portaudit doesn't report  
the current linux-tiff-3.6.1_5 has having these vulnerabilities.   
I've tried deinstalling and reinstalling linux-tiff.  Portversion  
reports that linux-tiff is up to date.

I'm not sure what to do next, or how to get around this error.  Any  
help would be appreciated!

Thanks!
Mark