Date: Wed, 30 Apr 2008 07:15:14 +0100 From: David Wood <david@wood2.org.uk> To: Frank <frank_s@bellsouth.net> Cc: Lowell Gilbert <freebsd-ports-local@be-well.ilk.org>, freebsd-ports@freebsd.org Subject: Re: Failed upgrade of png Message-ID: <cs9X3APy5AGIFA6Y@wood2.org.uk> In-Reply-To: <20080429214050.L1229@Ace.nina.org> References: <20080429205639.F1229@Ace.nina.org> <44fxt4azyy.fsf@Lowell-Desk.lan> <20080429214050.L1229@Ace.nina.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Frank and all, In message <20080429214050.L1229@Ace.nina.org>, Frank <frank_s@bellsouth.net> writes >On Tue, 29 Apr 2008, Lowell Gilbert wrote: > >> Frank <frank_s@bellsouth.net> writes: >> >>> The advisory affects png < 1.2.7 so why do I get this? >> >> Because the problem is multimedia/avifile, >> not graphics/png? > >Not according to the error message. > >===> png-1.2.27 has known vulnerabilities: >=> png -- unknown chunk processing uninitialized memory access. > Reference: ><http://www.FreeBSD.org/ports/portaudit/57c705d6-12ae-11dd-bab7-0016179b >2dd5.html> Your vulnerability database hasn't been updated. vuxml was updated after the fix was committed to show that 1.2.27 has this issue resolved. portaudit -F will do the necessary. Best wishes, David -- David Wood david@wood2.org.uk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cs9X3APy5AGIFA6Y>