Date: Fri, 1 Oct 2010 23:16:15 +0100 From: Bruce Cran <bruce@cran.org.uk> To: FreeBSD <freebsd-questions@freebsd.org> Cc: freebsd.user@seibercom.net Subject: Re: Updating bzip2 to remove potential security vulnerability Message-ID: <20101001231615.00007859@unknown> In-Reply-To: <20101001174929.16d43ac1@scorpio> References: <20101001121332.5b04fa61@scorpio> <20101001171420.GE40148@dan.emsphone.com> <20101001165940.5d0e73f5@scorpio> <20101001210014.GD86640@eggman.experts-exchange.com> <20101001222316.00004e8c@unknown> <20101001174929.16d43ac1@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Oct 2010 17:49:29 -0400 Jerry <freebsd.user@seibercom.net> wrote: > OK, I just updated my sources; however, this notation from the > UPDATING file does NOT appear in the UPDATING file on my machine: > > 20100920: p1 FreeBSD-SA-10:08.bzip2 > Fix an integer overflow in RLE length parsing when > decompressing corrupt bzip2 data. > > I am using this as the tag, which is probably incorrect. > > default release=cvs tag=RELENG_8 > > This is the stock standard-supfile. The stock stable-supfile has the > same tag. > Sorry, it seems stable/8 UPDATING hasn't been updated. Instead, check that you have rev 1.1.1.5.2.1 of contrib/bzip2/decompress.c . I guess that since -stable isn't a release branch that it doesn't get security issues logged in UPDATING? -- Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101001231615.00007859>