Date: Tue, 22 Aug 2017 13:11:13 -0700 From: Kevin Oberman <rkoberman@gmail.com> To: Rob Belics <robbelics@gmail.com> Cc: FreeBSD GNOME Users <gnome@freebsd.org> Subject: Re: libsoup-2.52.2_1 still listed as vulnerable Message-ID: <CAN6yY1s0wGed1_FJwbQywQ6C13u9bPwbjZoM%2BqvUQ41L2pVKUg@mail.gmail.com> In-Reply-To: <CAPu-kW8HRDHqFCSvmAGYuW-4f9yG-iwAxonqYxdPQNjT3Q1_WA@mail.gmail.com> References: <CAPu-kW8HRDHqFCSvmAGYuW-4f9yG-iwAxonqYxdPQNjT3Q1_WA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 21, 2017 at 3:02 PM, Rob Belics <robbelics@gmail.com> wrote: > I don't see in bugzilla where this port is vulnerable yet, when I update > ports and build it, it complains thus: > > ===> Cleaning for libsoup-2.52.2_1 > ===> libsoup-2.52.2_1 has known vulnerabilities: > libsoup-2.52.2_1 is vulnerable: > libsoup -- stack based buffer overflow > CVE: CVE-2017-2885 > WWW: > https://vuxml.FreeBSD.org/freebsd/8e7bbddd-8338-11e7- > 867f-b499baebfeaf.html > > 1 problem(s) in the installed packages found. > => Please update your ports tree and try again. > => Note: Vulnerable ports are marked as such even if there is no update > available. > => If you wish to ignore this vulnerability rebuild with 'make > DISABLE_VULNERABILITIES=yes' > *** Error code 1 > > Stop. > make: stopped in /usr/ports/devel/libsoup > > ===>>> make build failed for devel/libsoup > ===>>> Aborting update > > ===>>> Update for libsoup-2.52.2 failed > ===>>> Aborting update > > I wasn't sure if I should post this as a bug or email you. Or am I looking > t this wrong? > > Thanks, > Rob > _______________________________________________ > freebsd-gnome@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-gnome > To unsubscribe, send any mail to "freebsd-gnome-unsubscribe@freebsd.org" > Your ports tree is out of date. libsoup is no longer vulnerable with libsoup-2.52.2_1. Use the "pkg audit" command to check the status of vulnerabilities. Use -F to fetch the latest data. pkg audit -F libsoup-2.52.2 vulnxml file up-to-date libsoup-2.52.2 is vulnerable: libsoup -- stack based buffer overflow CVE: CVE-2017-2885 WWW: https://vuxml.FreeBSD.org/freebsd/8e7bbddd-8338-11e7-867f-b499baebfeaf.html 1 problem(s) in the installed packages found. Exit 1 rogue# pkg audit -F libsoup-2.52.2_1 vulnxml file up-to-date 0 problem(s) in the installed packages found. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1s0wGed1_FJwbQywQ6C13u9bPwbjZoM%2BqvUQ41L2pVKUg>