Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Apr 2007 10:10:41 +0800
From:      Foxfair Hu <foxfair@drago.fomokka.net>
To:        Lowell Gilbert <freebsd-ports-local@be-well.ilk.org>
Cc:        ports@freebsd.org, jharris@widomaker.com, foxfair@freebsd.org, David Southwell <david@vizion2000.net>
Subject:   Re: Lynx -vulnerabilities- is this permanent?
Message-ID:  <4626CFA1.1070209@drago.fomokka.net>
In-Reply-To: <44wt09ilei.fsf@be-well.ilk.org>
References:  <200704181057.34795.david@vizion2000.net> <44wt09ilei.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.
--------------020601090607050000050006
Content-Type: text/plain; charset=Big5
Content-Transfer-Encoding: 7bit

Lowell Gilbert wrote:
> David Southwell <david@vizion2000.net> writes:
> 
>> portupgrade -a produces following output for lynx on cvsup from today.
>> freebsd 6.1
>> -----------------------------------------
>> --->  Upgrading 'lynx-2.8.5_2' to 'lynx-2.8.6_4' (www/lynx)
>> --->  Building '/usr/ports/www/lynx'
>> ===>  Cleaning for lynx-2.8.6_4
>> ===>  lynx-2.8.6_4 has known vulnerabilities:
>> => lynx -- remote buffer overflow.
>>    Reference: 
>> <http://www.FreeBSD.org/ports/portaudit/c01170bf-4990-11da-a1b8-000854d03344.html>;
>> => Please update your ports tree and try again.
>> *** Error code 1
>>
>> Stop in /usr/ports/www/lynx.
>>
>> Any news or advice forthcoming?
> 
> That doesn't *seem* to be applicable to the current version.
> It looks like a version-number parsing problem producing a false warning.
> I don't have access to my build machine to check more closely, though...
> 
> .
> 

Definitely a false alert, lynx 2.8.5rel4 had fixed the problem, and it
was rev1.112 of Makefile
in www/lynx. If no one objects, I'll put this diff to prevent portaudit
send wrong warning again:



--------------020601090607050000050006
Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="patch.lynx"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="patch.lynx"

LS0tIC91c3IvcG9ydHMvd3d3L2x5bngvTWFrZWZpbGUJTW9uIEFwciAxNiAwMDowNDo0NyAy
MDA3CisrKyAuL01ha2VmaWxlCVRodSBBcHIgMTkgMTA6MDY6NTkgMjAwNwpAQCAtNywxMSAr
NywxMSBAQAogCiBQT1JUTkFNRT0JbHlueAogUE9SVFZFUlNJT049CTIuOC42Ci1QT1JUUkVW
SVNJT049CTQKK1BPUlRSRVZJU0lPTj0JNQogQ0FURUdPUklFUz0Jd3d3IGlwdjYKIE1BU1RF
Ul9TSVRFUz0JaHR0cDovL2x5bnguaXNjLm9yZy9jdXJyZW50LyBcCiAJCWZ0cDovL2x5bngu
aXNjLm9yZy9seW54JHtQT1JUVkVSU0lPTn0vcGF0Y2hlcy86cGF0Y2hlcwotRElTVE5BTUU9
CSR7UE9SVE5BTUV9JHtQT1JUVkVSU0lPTn1yZWwuJHtQT1JUUkVWSVNJT059CitESVNUTkFN
RT0JJHtQT1JUTkFNRX0ke1BPUlRWRVJTSU9OfXJlbC40CiAKIE1BSU5UQUlORVI/PQlqaGFy
cmlzQHdpZG9tYWtlci5jb20KIENPTU1FTlQ/PQlBIG5vbi1ncmFwaGljYWwsIHRleHQtYmFz
ZWQgV29ybGQtV2lkZSBXZWIgY2xpZW50CkBAIC0yOCw2ICsyOCw5IEBACiAuaWYgZGVmaW5l
ZChFTkFCTEVfREVGQVVMVF9DT0xPUlMpCiBDT05GSUdVUkVfQVJHUys9LS1lbmFibGUtZGVm
YXVsdC1jb2xvcnMKIC5lbmRpZgorCisjIENWRS0yMDA1LTMxMjAgd2FzIGZpeGVkIGluIGx5
bnggMi44LjVyZWw0CitESVNBQkxFX1ZVTE5FUkFCSUxJVElFUz0JWUVTCiAKIE1BS0VfQVJH
Uz0JaGVscGRpcj0ke0xfSEVMUH0gZG9jZGlyPSR7RE9DU0RJUn0KIE1BS0VGSUxFPQltYWtl
ZmlsZQo=
--------------020601090607050000050006--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4626CFA1.1070209>