From owner-freebsd-ports@FreeBSD.ORG Thu Mar 29 23:30:43 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 80DC01065675 for ; Thu, 29 Mar 2012 23:30:43 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id D00FA8FC1B for ; Thu, 29 Mar 2012 23:30:41 +0000 (UTC) Received: by iahk25 with SMTP id k25so135852iah.13 for ; Thu, 29 Mar 2012 16:30:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=T/ocRPTtviMWuvMLVTSvujFZQOKe9hJyRrx6Imjk5nY=; b=HaMa7tMMqk/csmTJaZVMyGk0J53dUbfRJA/UXKiYCXYvCHqtxA6ECkNOGXBQScN8XG 617FWQbvmKhU7vkJEgArxJ3y2P9t90IEcrtSa0NsGpNXfqWRupmtuSpDLtD6U6by7CG+ ZWIkz3ebv9nX9xOrOq8WjU01Tt1xKNnG3a7NI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=T/ocRPTtviMWuvMLVTSvujFZQOKe9hJyRrx6Imjk5nY=; b=T6ViP0lvF/SXe8VbS1ePpFtK/vtUyzRHQllETjgTHmkb5mMiRfyiknNfwLCv49iUma Ey7ZLLR9wTAzt+cqgFHU3ZVaOC0eYlkoaTSvwgOrfQ9b8KOuhZl21K+k6FENf5bW99tv 1GOUNmTZ+P/IO8VI4L+vSM5fjowtC3jY+hP9HOntSGLzgYs/ij2qGo9uyJ6AVcrrP2vX 3bZHW5ZLtu9EDtTpTLZqe/B1EPDpYX+CzdrKuWFYvPeYdtImnAL8slG5PSlFcTSQfoKf vK8f4ojBH0O7pA2776uXG5DdT0a6QEP5bfd7Z27yD2r0AbIfpHhmiGN6BtWUpaCKqQfw t2dg== Received: by 10.50.185.230 with SMTP id ff6mr2986509igc.70.1333063841399; Thu, 29 Mar 2012 16:30:41 -0700 (PDT) Received: from DataIX.net (adsl-99-19-43-184.dsl.klmzmi.sbcglobal.net. [99.19.43.184]) by mx.google.com with ESMTPS id kn3sm268774igc.15.2012.03.29.16.30.40 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 29 Mar 2012 16:30:40 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q2TNUcY9086410 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Mar 2012 19:30:38 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jhellenthal@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q2TNUc7g085923; Thu, 29 Mar 2012 19:30:38 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Thu, 29 Mar 2012 19:30:38 -0400 From: Jason Hellenthal To: Roman Bogorodskiy Message-ID: <20120329233037.GA98244@DataIX.net> References: <20120324172937.GA43822@DataIX.net> <20120325152632.GC1293@kloomba> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="r5Pyd7+fXNt84Ff3" Content-Disposition: inline In-Reply-To: <20120325152632.GC1293@kloomba> X-Gm-Message-State: ALoCoQlDsAApjW2wWnoV+yQMEXIg6ilEMt1fDb3FdJ1PpieGXXjTip1tZwwozWFm+rz0aTHsRF3B Cc: ports@freebsd.org, novel@freebsd.org Subject: Re: security/gnutls update when... X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Mar 2012 23:30:43 -0000 --r5Pyd7+fXNt84Ff3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable There are no problems with this that can be seen. Thank you Roman. On Sun, Mar 25, 2012 at 07:26:34PM +0400, Roman Bogorodskiy wrote: > Jason Hellenthal wrote: >=20 > >=20 > > Apparently this port has fell two versions behind. Is there anything > > that is going to happen to update it to the current stable version ? > >=20 > >=20 > > These advisories have been out for a week now. And the current version > > is 2.12.18. > >=20 > >=20 > > Database created: Sat Mar 24 13:15:03 EDT 2012 > > Affected package: gnutls-2.12.16 > > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. > > Reference: > > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html > >=20 > > Affected package: gnutls-2.12.16 > > Type of problem: gnutls -- possible overflow/Denial of service > > vulnerabilities. > > Reference: > > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html > >=20 > > 2 problem(s) in your installed packages found. >=20 > The port was updated to 2.12.18 with some hacks to prevent shlib version > bump. Please report if you have any problems with that. >=20 > Roman Bogorodskiy --=20 ;s =3D; --r5Pyd7+fXNt84Ff3 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJPdPCdAAoJEJBXh4mJ2FR+60cH/Ao3Kdfy+XiVqFrmojGnJTZo 6BrwOo35pfJK4HD6LI3L/6lhA0sQRmSZs8gqgdkMzpIOKsYXa4Y6e6Xq2bD5ItG4 etvCN5E0nDRndLGX3TPf049QpE224AoD3a2XGqu3Ayw27w/HllLV6KdZRhVvC7qq OPbGLxqiKJWeyKGC5c77Goxv4B+/L2kuk/4f9FB4asejwrbm8aQ/BJybjZmuIe7p ZWOKCdo1q5VHQ4Hek1sgcat9j+VB9X5g9p7LIRRqhRzy3F9/Req5zf7NHE63XuX6 jUdANkE6qf8fEOZbrPo2jMKDRFtjgiMi94IoP2Xgi/ny/iTqOo8QEyN/fDZX+sA= =7k83 -----END PGP SIGNATURE----- --r5Pyd7+fXNt84Ff3--