Date: Wed, 14 Nov 2007 14:05:46 -0600 From: "Andrew Daugherity" <ADaugherity@vprmail.tamu.edu> To: freebsd-ports@freebsd.org Subject: Re: cups-base-1.3.3_2 issues-- Message-ID: <473B00BA.2689.00F2.0@vprmail.tamu.edu> References: <200711140449.49001.david@vizion2000.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>>> On 11/14/2007 at 6:49 AM, in message <200711140449.49001.david@vizion2000.net>, David Southwell<david@vizion2000.net> wrote: > ##Can anyone please advise best course of action??? > ##System is AMD 64 > > ##This is based upon an uptodate cvsup of ports all > > ---> Upgrading 'cups-base-1.3.3' to 'cups-base-1.3.3_2' (print/cups-base) > ---> Building '/usr/ports/print/cups-base' > ===> Cleaning for cups-base-1.3.3_2 > ===> cups-base-1.3.3_2 has known vulnerabilities: > => xpdf -- multiple remote Stream.CC vulnerabilities. > Reference: > <http://www.FreeBSD.org/ports/portaudit/2747fc39-915b-11dc-9239-001c251 > 4716c.html> > => Please update your ports tree and try again. > *** Error code 1 cups-base was patched for this vulnerability (with version 1.3.3_2), but the change to the vulnerabilities file erroneously has it marked as cups-base > 1.3.3_2, instead of cups-base < 1.3.3_2: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/vuln.xml?r1=1.148 1 (It was previously listed as cups-base > 0, i.e. all versions of cups-base were vulnerable.) Hopefully someone with the commit bit will see this and fix it. -Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?473B00BA.2689.00F2.0>