From owner-freebsd-security@FreeBSD.ORG  Mon May  3 07:43:36 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9366C16A4CE
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 07:43:36 -0700 (PDT)
Received: from gw.celabo.org (gw.celabo.org [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 52D7D43D2D
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 07:43:36 -0700 (PDT)
	(envelope-from nectar@celabo.org)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified))
	by gw.celabo.org (Postfix) with ESMTP
	id A868B5482B; Mon,  3 May 2004 09:43:35 -0500 (CDT)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id 4C1646FF34; Mon,  3 May 2004 09:43:35 -0500 (CDT)
Date: Mon, 3 May 2004 09:43:35 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: Artur Pydo <artur@pydo.org>
Message-ID: <20040503144335.GA15293@madman.celabo.org>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Artur Pydo <artur@pydo.org>, freebsd-security@freebsd.org
References: <40965500.4040205@pydo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <40965500.4040205@pydo.org>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.6i
cc: freebsd-security@freebsd.org
Subject: Re: Bad VuXML check on PNG port ?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2004 14:43:36 -0000

On Mon, May 03, 2004 at 04:19:44PM +0200, Artur Pydo wrote:
> Hello,
> 
> The current png-1.2.5_4 port has no more vulnerability.
> It has been corrected by ache@FreeBSD.org yesterday.
> But when i try to install the updated port to remplace
> the vulnerable one this is what i am told :
> 
> # make install
> ===>  png-1.2.5_4 has known vulnerabilities:
> >> libpng denial-of-service.
>    Reference: 
> <http://people.freebsd.org/~eik/portaudit/3a408f6f-9c52-11d8-9366-0020ed76ef5a.html>
> >> Please update your ports tree and try again.
> *** Error code 1
> 
> The 4-STABLE ports tree is up-to-date.
> 
> Isn't it a problem to be unable to update a vulnerable port ?

The VuXML document needed to be updated after ache@ made the fix.
I've done so now.

Cheers,
-- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org