Date: Tue, 2 Jul 2013 13:30:08 -0700 (PDT) From: Charlie & <root@numail.brianwhalen.net> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/180215: After a portsnap fetch update, portupgrade of ftp/curl to 7.24.0.4 wont proceed due to a vulnerablity Message-ID: <20130702203008.600D52843B@numail.brianwhalen.net> Resent-Message-ID: <201307022040.r62Ke0J2009399@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 180215 >Category: ports >Synopsis: After a portsnap fetch update, portupgrade of ftp/curl to 7.24.0.4 wont proceed due to a vulnerablity >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 02 20:40:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Charlie & >Release: FreeBSD 9.1-RELEASE-p4 i386 >Organization: Just a guy >Environment: System: FreeBSD numail.brianwhalen.net 9.1-RELEASE-p4 FreeBSD 9.1-RELEASE-p4 #0: Mon Jun 17 11:38:17 UTC 2013 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: amd am2 cpu raptor hd. This was a 7.x stable system till recently >How-To-Repeat: I have a newports script which does portsnap fetch update && portupgrade -aP --batch. I ran this, saw the issue, then ran and reproduced it again. The displayed message is ===> curl-7.24.0_4 has known vulnerabilities: Affected package: curl-7.24.0_4 Type of problem: cURL library -- heap corruption in curl_easy_unescape. Reference: http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html => Please update your ports tree and try again. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130702203008.600D52843B>