From owner-freebsd-questions@FreeBSD.ORG Tue Nov 16 20:29:50 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 26F3516A4CE for ; Tue, 16 Nov 2004 20:29:50 +0000 (GMT) Received: from obsecurity.dyndns.org (CPE0050040655c8-CM00111ae02aac.cpe.net.cable.rogers.com [69.194.102.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECCD043D2D for ; Tue, 16 Nov 2004 20:29:49 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 4EA6F51281; Tue, 16 Nov 2004 12:32:52 -0800 (PST) Date: Tue, 16 Nov 2004 12:32:52 -0800 From: Kris Kennaway To: John Cholewa Message-ID: <20041116203252.GC17125@xor.obsecurity.org> References: <419A0F74.7090904@jc-news.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Md/poaVZ8hnGTzuv" Content-Disposition: inline In-Reply-To: <419A0F74.7090904@jc-news.com> User-Agent: Mutt/1.4.2.1i cc: freebsd-questions@freebsd.org Subject: Re: Stop in /usr/ports/graphics/ImageMagick X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2004 20:29:50 -0000 --Md/poaVZ8hnGTzuv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 16, 2004 at 09:32:20AM -0500, John Cholewa wrote: > >=3D=3D=3D> giFT-0.11.6 depends on shared library: Magick.6 - not found > >=3D=3D=3D> Verifying install for Magick.6 in /usr/ports/graphics/Imag= eMagick > >=3D=3D=3D> ImageMagick-6.0.6.2 has known vulnerabilities: > >>> ImageMagick -- EXIF parser buffer overflow. > > Reference:=20 > > > >>> Please update your ports tree and try again. > >*** Error code 1 > > > >Stop in /usr/ports/graphics/ImageMagick. > >*** Error code 1 > > > >Stop in /usr/ports/net/gift. >=20 >=20 > Aargh. Over the past week or two, I've cvsupped several times, but I=20 > keep getting this. >=20 > I'm using 5.2.1, and I've tried this using both "portinstall",=20 > "portinstall -P" and "make" (while in both "/usr/ports/net/gift" and=20 > "/usr/ports/graphics/ImageMagick"). And I've "make clean"ed beforehand. >=20 > Nothing relevant seems to be listed in /usr/ports/UPDATING. Any=20 > suggestions? The port maintainer, or someone in the FreeBSD community needs to submit an update to the port to update it to a non-vulnerable version. Kris --Md/poaVZ8hnGTzuv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBmmPzWry0BWjoQKURAsUmAJ9gXh1wo5kIkm9FuPALSQi/68BzmwCg35C3 JfmBZfcbUBgYCYxFvWbynt0= =wJYK -----END PGP SIGNATURE----- --Md/poaVZ8hnGTzuv--