From owner-freebsd-security@FreeBSD.ORG Mon Nov 24 06:45:58 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A4101065670; Mon, 24 Nov 2008 06:45:58 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id D34A88FC1A; Mon, 24 Nov 2008 06:45:57 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=kbzeorTxzm9hvC5s8NWdnIlPFqW52n9sscn91xzw+cOrg6xdLCinVkqhjxIi0ezvI4nzFYlzyI0QEpn6WAFsFDMchNlTVww+8bv8kOaw/aXh43VtHXfgb7jUkH0zE3/VUE8O+vcVbNrCg3+f2UQ35B8VOIkMGPG1OvjwdEnf+t0=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1L4VCm-000AQJ-IA; Mon, 24 Nov 2008 09:45:56 +0300 Date: Mon, 24 Nov 2008 09:45:55 +0300 From: Eygene Ryabinkin To: Anish Mistry Message-ID: References: <20081123184449.6801AF181D@phoenix.codelabs.ru> <200811231446.43728.amistry@am-productions.biz> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jFijuCULRDbBA23d" Content-Disposition: inline In-Reply-To: <200811231446.43728.amistry@am-productions.biz> Sender: rea-fbsd@codelabs.ru Cc: freebsd-security@freebsd.org, bug-followup@freebsd.org Subject: Re: ports/129097: [vuxml] print/hplip: document CVE-2008-2940 and CVE-2008-2941 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Nov 2008 06:45:58 -0000 --jFijuCULRDbBA23d Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Anish, good day. Sun, Nov 23, 2008 at 02:46:26PM -0500, Anish Mistry wrote: > On Sunday 23 November 2008, Eygene Ryabinkin wrote: > > >Number: 129097 > > >Category: ports > > >Synopsis: [vuxml] print/hplip: document CVE-2008-2940 and > > > CVE-2008-2941 Confidential: no > > >Severity: serious > > >Priority: high > > >Responsible: freebsd-ports-bugs > > >State: open > > >Quarter: > > >Keywords: > > >Date-Required: > > >Class: sw-bug > > >Submitter-Id: current-users > > >Arrival-Date: Sun Nov 23 18:50:00 UTC 2008 > > >Closed-Date: > > >Last-Modified: > > >Originator: Eygene Ryabinkin > > >Release: FreeBSD 7.1-PRERELEASE i386 > > >Organization: > > Commit it. That's fine, thanks. But yesterday I had sent a patch that fixes the vulnerabilities for 2.8.2. What do you think about it? Could you test the patch? The VuXML entry details depend on this: I wrote that hplip >=3D 2.8.4 aren't vulnerable, but if you'll approve the patch that upgrades to 2.8.2_3, then VuXML entry should be corrected. Thanks again! --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --jFijuCULRDbBA23d Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkkqTaMACgkQthUKNsbL7YiDMgCeIrW3GANQwaHSH77rUqKpu6Yd GZoAn3+QVO1JCozTuRkOOACJV3jNe9fh =1tQU -----END PGP SIGNATURE----- --jFijuCULRDbBA23d--