Date: Fri, 8 Feb 2008 10:52:10 +0900 (JST) From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> To: FreeBSD-gnats-submit@FreeBSD.org Cc: turutani@scphys.kyoto-u.ac.jp Subject: ports/120379: devel/icu should be patched Message-ID: <200802080152.m181qAZr081153@polymer3.scphys.kyoto-u.ac.jp> Resent-Message-ID: <200802080200.m18202fW029339@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 120379 >Category: ports >Synopsis: devel/icu should be patched >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Feb 08 02:00:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Tsurutani Naoki >Release: FreeBSD 6.3-PRERELEASE i386 >Organization: >Environment: System: FreeBSD polymer3.scphys.kyoto-u.ac.jp 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #11: Wed Jan 16 16:30:07 JST 2008 turutani@polymer3.scphys.kyoto-u.ac.jp:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386 >Description: devel/icu has been updated (3.6 -> 3.8.1). i guess this is done because of CVE-2007-4770 etc, but this documents says v3.8.1 is still vulnerable. the patch to fix this can be availabe from http://bugs.icu-project.org/trac/changeset/23292?format=diff >How-To-Repeat: >Fix: add new patch. in addition, major version of libraries are changed. hence, building other ports fails, especially they depends devel/glib20 and glib is built with "WITH_COLLATION_FIX=1". i want some comments about this in UPDATING... >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200802080152.m181qAZr081153>