Date: Sat, 24 Mar 2012 10:54:32 -0700 From: Kevin Oberman <kob6558@gmail.com> To: Jason Hellenthal <jhellenthal@dataix.net> Cc: ports@freebsd.org, novel@freebsd.org Subject: Re: security/gnutls update when... Message-ID: <CAN6yY1sZRYYB0ZGCp7J6yJUMyXtmjsNKnNPYn9O2_XorMRi3cQ@mail.gmail.com> In-Reply-To: <20120324172937.GA43822@DataIX.net> References: <20120324172937.GA43822@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal <jhellenthal@dataix.net> wrote: > > Apparently this port has fell two versions behind. Is there anything > that is going to happen to update it to the current stable version ? > > > These advisories have been out for a week now. And the current version > is 2.12.18. > > > Database created: Sat Mar 24 13:15:03 EDT 2012 > Affected package: gnutls-2.12.16 > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. > Reference: > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html > > Affected package: gnutls-2.12.16 > Type of problem: gnutls -- possible overflow/Denial of service > vulnerabilities. > Reference: > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html > > 2 problem(s) in your installed packages found. > > > > -- > ;s =; Note that one of these problems is with libtasn1 and is not a gnutls problems at all. So updating libtasn1actually fixes this one, although the other does require an update to a version of gnutls that has yet to be ported. -- R. Kevin Oberman, Network Engineer E-mail: kob6558@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1sZRYYB0ZGCp7J6yJUMyXtmjsNKnNPYn9O2_XorMRi3cQ>