Date: Sun, 14 Oct 2007 15:44:32 +0200 From: Tobias Roth <freebsd.lists@fsck.ch> To: "L. Derksen" <LDerksen@Conzales.demon.nl> Cc: ports@FreeBSD.org Subject: Re: FreeBSD Port: png-1.2.22 Message-ID: <47121D40.7040708@fsck.ch> In-Reply-To: <47120F03.6070905@Conzales.demon.nl> References: <47120F03.6070905@Conzales.demon.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
L. Derksen wrote: > Hello, > > I did get a message from portaudit that my 'png-1.2.18'-package was a > security risk. So I updated my portstree with 'portsnap fetch update', > deleted the png-package (make deinstall) and then tried to install the > current png-package (1.2.22). Now the tree gives me the message: > > ===> png-1.2.18 has known vulnerabilities: > => png -- multiple vulnerabilities. > Reference: > <http://www.FreeBSD.org/ports/portaudit/172acf78-780c-11dc-b3f4-0016179b2dd5.html>; > > => Please update your ports tree and try again. > *** Error code 1 > > Question: > Why is my ports tree not up to date with png-1.2.22? When i do a > 'portsnap fetch update' it gives me that my tree is up to date. The portsnap server hardware is experiencing problems at the moment, this is being worked on. I figured since the png vulnerability is only DoS, and not code execution, I'll just wait until the hardware is fixed. If you don't want to wait, I suggest you get the update manually via cvs: CVSROOT="anoncvs@anoncvs1.FreeBSD.org:/home/ncvs" cvs co png Cheers, Tobias
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47121D40.7040708>