Date: Tue, 1 Mar 2005 16:46:22 -0500 From: daniel quinn <freebsd@danielquinn.org> To: ports@freebsd.org Subject: curl -- authentication buffer overflow vulnerability. Message-ID: <200503011646.22680.freebsd@danielquinn.org>
next in thread | raw e-mail | index | archive | help
i ran my daily portaudit today and got the following: portaudit Affected package: curl-7.12.3_2 Type of problem: curl -- authentication buffer overflow vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/96df5fd0-8900-11d9-aa18-0001020eed82.html>; 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. so i ran: # cvsup ports-all ...and watched it refresh the tree. then i ran: # portupgrade curl and nothing happened. i went looking around and found that the port hasn't been updated: http://www.freebsd.org/cgi/cvsweb.cgi/ports/ftp/curl/ so my question is: "is this normal"? i'm new to freebsd (formerly gentoo linux) and i'm not used to security warnings that can't be fixed right away. curl's website tells me that version 7.13.1 is available, so i'm thinking this is isolated to freebsd. should i be emailing the maintainer? isn't that rude? what are my options here? -- what a country calls its vital economic interests are not the things which enable its citizens to live, but the things which enable it to make war. petrol is much more likely than wheat to be a cause of international conflict. - simone weil, the need for roots (1949)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503011646.22680.freebsd>