From owner-freebsd-ports@FreeBSD.ORG  Sat Mar 24 17:54:34 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0D4A8106566B;
	Sat, 24 Mar 2012 17:54:34 +0000 (UTC)
	(envelope-from kob6558@gmail.com)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com
	[209.85.212.178])
	by mx1.freebsd.org (Postfix) with ESMTP id 6F23B8FC16;
	Sat, 24 Mar 2012 17:54:33 +0000 (UTC)
Received: by wibhq7 with SMTP id hq7so2518741wib.13
	for <multiple recipients>; Sat, 24 Mar 2012 10:54:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=W+4C+cLWtNRmaguTUpjJGKnUBEqIrRggwf9rStjGA1E=;
	b=iD3x4AkZcDDi5wheL2djnAm5m5i+gG3oO4cKO3wDHnzhJojX4viOquPZDQRewpWo0J
	sDBF/gMzAftpaydQlprsStaQq3yvgDUygms0pTJQaSQTYPBxwpPl4egPV/irooYX8iy3
	j2yMfNXIm46X0iJ8GFikkIGYFLhdARuQkupiTWjNDI5wIYIN7mh/6zuakWnuKUH66lfH
	yJQO011I2esIO9/Hrc2Np6a9c45PlGB6EH9P8uxn8D8Gk57s5ODpkV8HXuvm9Wu5V5X9
	t0X6btxAasXuefvbrvyjSAI+SyjIZdYvj5oKLCd8dKiC6SrmOCYP6GWBUqziZNYex7nY
	9Tig==
MIME-Version: 1.0
Received: by 10.180.103.134 with SMTP id fw6mr5672015wib.0.1332611672325; Sat,
	24 Mar 2012 10:54:32 -0700 (PDT)
Received: by 10.223.143.3 with HTTP; Sat, 24 Mar 2012 10:54:32 -0700 (PDT)
In-Reply-To: <20120324172937.GA43822@DataIX.net>
References: <20120324172937.GA43822@DataIX.net>
Date: Sat, 24 Mar 2012 10:54:32 -0700
Message-ID: <CAN6yY1sZRYYB0ZGCp7J6yJUMyXtmjsNKnNPYn9O2_XorMRi3cQ@mail.gmail.com>
From: Kevin Oberman <kob6558@gmail.com>
To: Jason Hellenthal <jhellenthal@dataix.net>
Content-Type: text/plain; charset=ISO-8859-1
Cc: ports@freebsd.org, novel@freebsd.org
Subject: Re: security/gnutls update when...
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Mar 2012 17:54:34 -0000

On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal
<jhellenthal@dataix.net> wrote:
>
> Apparently this port has fell two versions behind. Is there anything
> that is going to happen to update it to the current stable version ?
>
>
> These advisories have been out for a week now. And the current version
> is 2.12.18.
>
>
> Database created: Sat Mar 24 13:15:03 EDT 2012
> Affected package: gnutls-2.12.16
> Type of problem: libtasn1 -- ASN.1 length decoding vulnerability.
> Reference:
> http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html
>
> Affected package: gnutls-2.12.16
> Type of problem: gnutls -- possible overflow/Denial of service
> vulnerabilities.
> Reference:
> http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html
>
> 2 problem(s) in your installed packages found.
>
>
>
> --
> ;s =;

Note that one of these problems is with libtasn1 and is not a gnutls
problems at all. So updating libtasn1actually fixes this one, although
the other does require an update to a version of gnutls that has yet
to be ported.
-- 
R. Kevin Oberman, Network Engineer
E-mail: kob6558@gmail.com