From owner-freebsd-ports@FreeBSD.ORG Sat Mar 24 19:41:34 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5EF18106566C for ; Sat, 24 Mar 2012 19:41:34 +0000 (UTC) (envelope-from bogorodskiy@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id D2E7F8FC1F for ; Sat, 24 Mar 2012 19:41:33 +0000 (UTC) Received: by bkcjc3 with SMTP id jc3so4410361bkc.13 for ; Sat, 24 Mar 2012 12:41:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=EZ1PDvEaeEhwcsIJ4eX4PPQGU/bHX4+uMOO2NPv/o04=; b=u946NbHlHSc80MeIWIdZr4DPo+IClwR0Y9fj0olFKUo2DCyTmDOg70rIfhvDdB6y0G isdd4B5ghwnJD4Kntb3TZPpNykQOUlHhgDVQxTIyPCbLZIa3Nh1HNc1KTemMNQ1UsWC8 56aZb/907TSjQfm+AAuUQExgfG4FjcybrbXzbGjkpN9UUp/cT85Qjz0K9e84lrqle9zr bx+FF63VN72v5GRtaBAtrWx0LgWwa3oZ2GBHMw/QxLozRUgzJ3QNBY7jzvKv/2NqZA09 Xqf/AeNjtZsJDOsevvOU5R/6O7QuBE+284ZGMhWDev1mDX11cUcurCbEMwOSK6JIDtZG 7kxA== Received: by 10.205.135.132 with SMTP id ig4mr6555085bkc.20.1332618092639; Sat, 24 Mar 2012 12:41:32 -0700 (PDT) Received: from kloomba ([95.104.138.75]) by mx.google.com with ESMTPS id zx16sm22838838bkb.13.2012.03.24.12.41.29 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 24 Mar 2012 12:41:30 -0700 (PDT) Sender: Roman Bogorodskiy Date: Sat, 24 Mar 2012 23:41:27 +0400 From: Roman Bogorodskiy To: Kevin Oberman Message-ID: <20120324194126.GA1296@kloomba> References: <20120324172937.GA43822@DataIX.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: ports@freebsd.org Subject: Re: security/gnutls update when... X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Mar 2012 19:41:34 -0000 --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Kevin Oberman wrote: > On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal > wrote: > > > > Apparently this port has fell two versions behind. Is there anything > > that is going to happen to update it to the current stable version ? > > > > > > These advisories have been out for a week now. And the current version > > is 2.12.18. > > > > > > Database created: Sat Mar 24 13:15:03 EDT 2012 > > Affected package: gnutls-2.12.16 > > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. > > Reference: > > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html > > > > Affected package: gnutls-2.12.16 > > Type of problem: gnutls -- possible overflow/Denial of service > > vulnerabilities. > > Reference: > > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html > > > > 2 problem(s) in your installed packages found. > > > > > > > > -- > > ;s =3D; >=20 > Note that one of these problems is with libtasn1 and is not a gnutls > problems at all. So updating libtasn1actually fixes this one, although > the other does require an update to a version of gnutls that has yet > to be ported. There's a vulnerability in gnutls also: http://www.gnu.org/software/gnutls/security.html Mu Dynamics released an advisory for both libtasn1 and gnutls: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959 gnutls one is tagged MU-201202-01 and libtasn1 on is MU-201202-02. Roman Bogorodskiy --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iQEcBAEBAgAGBQJPbiNmAAoJEMltX/4IwiJqcSoIAKkVuwXfNOjO78wTACw4lbXb Cu0aLKwVu1dE+7PDH+1beGnCZSHn7vBbxXh7hZBi7AVXSm59Jf7CscUaAx11/sKS LijusGXyLTz/GeMq32ncf/JoCw6EBqnwoet1W044jc49A+GEKYg0W+0p4ui+Xkco pAKyC2psiYPBL7N4EZPGfty4JXalhPmfDzEf+EPvJk5WcsllodU7wBrqIOU9EcQe xIKzS/yfx88tffU9Q2OFKyTBnJTFNQ9wdKy0WyhQwfeWqxEnAKi8LUWp4VW3BEdB iF+I27tFLbzx3wzxlz8qSSWqqyyRQSYbkhXTlxcCMAkc1onWp9WtzgjtlZwATcE= =IpEM -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--