Date: Sat, 24 Mar 2012 23:41:27 +0400 From: Roman Bogorodskiy <novel@FreeBSD.org> To: Kevin Oberman <kob6558@gmail.com> Cc: ports@freebsd.org Subject: Re: security/gnutls update when... Message-ID: <20120324194126.GA1296@kloomba> In-Reply-To: <CAN6yY1sZRYYB0ZGCp7J6yJUMyXtmjsNKnNPYn9O2_XorMRi3cQ@mail.gmail.com> References: <20120324172937.GA43822@DataIX.net> <CAN6yY1sZRYYB0ZGCp7J6yJUMyXtmjsNKnNPYn9O2_XorMRi3cQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Kevin Oberman wrote: > On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal > <jhellenthal@dataix.net> wrote: > > > > Apparently this port has fell two versions behind. Is there anything > > that is going to happen to update it to the current stable version ? > > > > > > These advisories have been out for a week now. And the current version > > is 2.12.18. > > > > > > Database created: Sat Mar 24 13:15:03 EDT 2012 > > Affected package: gnutls-2.12.16 > > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability. > > Reference: > > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html > > > > Affected package: gnutls-2.12.16 > > Type of problem: gnutls -- possible overflow/Denial of service > > vulnerabilities. > > Reference: > > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html > > > > 2 problem(s) in your installed packages found. > > > > > > > > -- > > ;s =3D; >=20 > Note that one of these problems is with libtasn1 and is not a gnutls > problems at all. So updating libtasn1actually fixes this one, although > the other does require an update to a version of gnutls that has yet > to be ported. There's a vulnerability in gnutls also: http://www.gnu.org/software/gnutls/security.html Mu Dynamics released an advisory for both libtasn1 and gnutls: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959 gnutls one is tagged MU-201202-01 and libtasn1 on is MU-201202-02. Roman Bogorodskiy --IJpNTDwzlM2Ie8A6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iQEcBAEBAgAGBQJPbiNmAAoJEMltX/4IwiJqcSoIAKkVuwXfNOjO78wTACw4lbXb Cu0aLKwVu1dE+7PDH+1beGnCZSHn7vBbxXh7hZBi7AVXSm59Jf7CscUaAx11/sKS LijusGXyLTz/GeMq32ncf/JoCw6EBqnwoet1W044jc49A+GEKYg0W+0p4ui+Xkco pAKyC2psiYPBL7N4EZPGfty4JXalhPmfDzEf+EPvJk5WcsllodU7wBrqIOU9EcQe xIKzS/yfx88tffU9Q2OFKyTBnJTFNQ9wdKy0WyhQwfeWqxEnAKi8LUWp4VW3BEdB iF+I27tFLbzx3wzxlz8qSSWqqyyRQSYbkhXTlxcCMAkc1onWp9WtzgjtlZwATcE= =IpEM -----END PGP SIGNATURE----- --IJpNTDwzlM2Ie8A6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120324194126.GA1296>