Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Jun 2009 09:52:50 +0300
From:      "Sergey V. Dyatko" <sergey.dyatko@gmail.com>
To:        Scott Bennett <bennett@cs.niu.edu>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: next abort of perl upgrade encountered--linux-pango security problem :-(
Message-ID:  <20090625095250.703f3ed9@tiger.minsk.domain>
In-Reply-To: <20090625093752.5719bb39@tiger.minsk.domain>
References:  <200906250621.n5P6LJfC015754@mp.cs.niu.edu> <20090625093752.5719bb39@tiger.minsk.domain>
next in thread | previous in thread | raw e-mail | index | archive | help 
В Thu, 25 Jun 2009 09:37:52 +0300
"Sergey V. Dyatko" <sergey.dyatko@gmail.com> пишет:

SVD> В Thu, 25 Jun 2009 01:21:19 -0500 (CDT)
SVD> Scott Bennett <bennett@cs.niu.edu> пишет:
SVD> 
SVD> SB>      The saga of failures in the perl upgrade continues with
SVD> SB> the following:
SVD> SB> 
SVD> SB> ===>   linux-gtk2-2.6.10_3 depends on
SVD> SB> file: /compat/linux/usr/lib/libpango-1.0.so.0.1001.1 - not
SVD> SB> found ===>    Verifying install
SVD> SB> for /compat/linux/usr/lib/libpango-1.0.so.0.1001.1
SVD> SB> in /usr/ports/x11-toolkits/linux-pango ===>
SVD> SB> linux-pango-1.10.2_3 has known vulnerabilities: => pango --
SVD> SB> integer overflow. Reference:
SVD> SB> <http://www.FreeBSD.org/ports/portaudit/4b172278-3f46-11de-becb-001cc0377035.html>;
SVD> SB> => Please update your ports tree and try again. *** Error code
SVD> SB> 1
SVD> [skipped]
SVD> SB> 
SVD> SB>      There doesn't seem to be a more recent version of the
SVD> SB> x11-toolkits/linux-pango port available.  What is the best way
SVD> SB> to proceed? Will a "portmaster -fv x11-toolkits/linux-pango"
SVD> SB> do the job for now?  (I'm not too worried about the security
SVD> SB> bug for the moment.  Although I use mplayer to play files,
SVD> SB> they don't generally involve .png files, and I don't use
SVD> SB> mplayer to play streaming files.) Please copy me in on
SVD> SB> responses, otherwise I won't see them till the next
SVD> SB> freebsd-ports digest is sent out.  Thanks!
SVD> SB> 
SVD> SB> 
SVD> SB>                                   Scott Bennett, Comm. ASMELG,
SVD> SB> CFIAG
SVD> 1) deinstall portaudit
SVD> 2) upgrate all ports
SVD> 3) install portaudit if you need it
SVD> 
SVD> or
SVD> 
SVD> 1)rm /var/db/portaudit/auditfile.tbz
SVD> 2) upgrate all ports
SVD> 3) portaudit -F
SVD> 
or set environment variable DISABLE_VULNERABILITIES and
upgrade port(s)

--
wbr, tiger

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090625095250.703f3ed9>