Date: Sun, 08 Nov 2009 20:30:36 -0800 From: Xin LI <delphij@delphij.net> To: Wesley Shields <wxs@FreeBSD.ORG> Cc: Dirk Meyer <dinoex@FreeBSD.ORG>, cvs-ports@FreeBSD.ORG, cvs-all@FreeBSD.ORG, ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/graphics/gd Makefile ports/graphics/gd/files patch-cve-2009-3546 Message-ID: <4AF79AEC.9060408@delphij.net> In-Reply-To: <20091108233413.GA85488@atarininja.org> References: <200911062137.nA6LbG1U080346@repoman.freebsd.org> <20091107085225.GA10184@titania.njm.me.uk> <20091108233413.GA85488@atarininja.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wesley Shields wrote: > On Sat, Nov 07, 2009 at 08:52:25AM +0000, N.J. Mann wrote: >> In message <200911062137.nA6LbG1U080346@repoman.freebsd.org>, >> Dirk Meyer (dinoex@FreeBSD.org) wrote: >>> dinoex 2009-11-06 21:37:16 UTC >>> >>> FreeBSD ports repository >>> >>> Modified files: >>> graphics/gd Makefile >>> Added files: >>> graphics/gd/files patch-cve-2009-3546 >>> Log: >>> - Security patch >>> Security: CVE-2009-3546 >>> Security: http://portaudit.freebsd.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html >>> PR: 140335 >>> Submitted by: Eygene Ryabinkin >>> Obtained from: PHP project >>> >>> Revision Changes Path >>> 1.92 +1 -1 ports/graphics/gd/Makefile >>> 1.1 +15 -0 ports/graphics/gd/files/patch-cve-2009-3546 (new) >> I think there is something wrong with the vulnerabilities entry for this >> port which stops this update completing. I just tried updating this >> port from gd-2.0.35_1,1 to gd-2.0.35_2,1 and got: >> >> >> ===> gd-2.0.35_2,1 has known vulnerabilities: >> => gd -- '_gdGetColors' remote buffer overflow vulnerability. >> Reference: <http://portaudit.FreeBSD.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html>; >> => Please update your ports tree and try again. >> *** Error code 1 >> >> Stop in /usr/ports/graphics/gd. >> *** Error code 1 >> >> Stop in /usr/ports/graphics/gd. >> >> >> I had a look at the portaudit entry at the URL given. I am unfamiliar >> with the syntax of these entries, but the 'Affects' entries look >> suspicious to me, e.g. "gd >0'. Does it need correcting? > > Yes, and I have fixed it for graphics/gd. I'm unsure about the status of > the other ports mentioned in the entry so I left them alone. Thanks! Note that I remember that there is some other problems with the current gd version, I'll follow up with dinoex@ and ale@ later for these issue, if they really exist. Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iEYEARECAAYFAkr3muwACgkQi+vbBBjt66CUKACgg/Aw717R2kSqi6z7yGzkuQty 0gAAoJ7CY6BRmkEPQfHC8aCmFxuAurWQ =AF2S -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AF79AEC.9060408>