From owner-freebsd-security@FreeBSD.ORG  Mon May  3 07:19:52 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 68CA916A4CE
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 07:19:52 -0700 (PDT)
Received: from kraid.nerim.net (smtp-101-monday.nerim.net [62.4.16.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 06CD843D46
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 07:19:52 -0700 (PDT)	(envelope-from artur@pydo.org)
Received: from bastion.pydo.net (bastion.pydo.net [62.212.97.116])
	by kraid.nerim.net (Postfix) with ESMTP id 06609418FC
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 16:19:47 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by bastion.pydo.net (Postfix) with ESMTP id 63E0C4C2E3
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 16:19:47 +0200 (CEST)
Received: from bastion.pydo.net ([127.0.0.1])
 by localhost (fw.pydo.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 93552-04 for <freebsd-security@freebsd.org>;
 Mon,  3 May 2004 16:19:44 +0200 (CEST)
Received: from pydo.org (univers.ipv6.pydo.org
	[IPv6:2001:618:472:0:250:8dff:fea5:1452])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by bastion.pydo.net (Postfix) with ESMTP id DD8AF4C2E2
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 16:19:44 +0200 (CEST)
Message-ID: <40965500.4040205@pydo.org>
Date: Mon, 03 May 2004 16:19:44 +0200
From: Artur Pydo <artur@pydo.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.6) Gecko/20040113
X-Accept-Language: fr-fr, fr, en-us, en
MIME-Version: 1.0
To: freebsd-security@freebsd.org
X-Enigmail-Version: 0.83.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at pydo.net
Subject: Bad VuXML check on PNG port ?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2004 14:19:52 -0000

Hello,

The current png-1.2.5_4 port has no more vulnerability.
It has been corrected by ache@FreeBSD.org yesterday.
But when i try to install the updated port to remplace
the vulnerable one this is what i am told :

# make install
===>  png-1.2.5_4 has known vulnerabilities:
 >> libpng denial-of-service.
    Reference: 
<http://people.freebsd.org/~eik/portaudit/3a408f6f-9c52-11d8-9366-0020ed76ef5a.html>
 >> Please update your ports tree and try again.
*** Error code 1

The 4-STABLE ports tree is up-to-date.

Isn't it a problem to be unable to update a vulnerable port ?

-- 

Best regards,

Artur Pydo.