Date: Fri, 28 Jun 2013 12:49:54 GMT From: Frank Broniewski <brfr@metrico.lu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/180058: ftp/curl-7.24.0_3 library has known vulnerabilities Message-ID: <201306281249.r5SCns8k032302@oldred.freebsd.org> Resent-Message-ID: <201306281300.r5SD004N005816@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 180058 >Category: ports >Synopsis: ftp/curl-7.24.0_3 library has known vulnerabilities >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Jun 28 13:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Frank Broniewski >Release: 9.1-RELEASE-p4 >Organization: Metrico s.à r.l >Environment: FreeBSD frodo.metrico 9.1-RELEASE-p4 FreeBSD 9.1-RELEASE-p4 #0: Mon Jun 17 11:42:37 UTC 2013 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 >Description: curl fails to build because it is marked as vulnerable: # portmaster curl ===>>> Currently installed version: curl-7.24.0_3 ===>>> Port directory: /usr/ports/ftp/curl ===>>> Gathering distinfo list for installed ports ===>>> Launching 'make checksum' for ftp/curl in background ===>>> Gathering dependency list for ftp/curl from ports ===>>> Initial dependency check complete for ftp/curl ===>>> Starting build for ftp/curl <<<=== ===>>> All dependencies are up to date ===> Cleaning for curl-7.24.0_3 ===>>> Waiting on fetch & checksum for ftp/curl <<<=== ===> curl-7.24.0_3 has known vulnerabilities: Affected package: curl-7.24.0_3 Type of problem: cURL library -- heap corruption in curl_easy_unescape. Reference: http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html => Please update your ports tree and try again. *** [check-vulnerable] Error code 1 Stop in /usr/ports/ftp/curl. ===> Deleting distfiles for curl-7.24.0_3 ===>>> RE-STARTING FETCH <<<=== ===> curl-7.24.0_3 has known vulnerabilities: Affected package: curl-7.24.0_3 Type of problem: cURL library -- heap corruption in curl_easy_unescape. Reference: http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html => Please update your ports tree and try again. *** [check-vulnerable] Error code 1 Stop in /usr/ports/ftp/curl. *** [build] Error code 1 Stop in /usr/ports/ftp/curl. ===>>> make failed for ftp/curl ===>>> Aborting update ===>>> Killing background jobs Terminated ===>>> You can restart from the point of failure with this command line: portmaster <flags> ftp/curl ===>>> Exiting >How-To-Repeat: portmaster curl >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306281249.r5SCns8k032302>