From owner-freebsd-ports@FreeBSD.ORG Thu Feb 2 05:53:05 2006 Return-Path: X-Original-To: ports@FreeBSD.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D24116A422; Thu, 2 Feb 2006 05:53:05 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3211043D46; Thu, 2 Feb 2006 05:53:05 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 141D61A3C1F; Wed, 1 Feb 2006 21:53:05 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id E87CF512A5; Thu, 2 Feb 2006 00:53:03 -0500 (EST) Date: Thu, 2 Feb 2006 00:53:02 -0500 From: Kris Kennaway To: Mark Lubratt Message-ID: <20060202055302.GA87420@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: ports@FreeBSD.org, anholt@FreeBSD.org Subject: Re: FreeBSD Port: paraview-2.4.2 - security vulnerabilities X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Feb 2006 05:53:05 -0000 --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 01, 2006 at 09:10:07PM -0600, Mark Lubratt wrote: > Hello! >=20 > I originally posted this to the questions list. But, now I realize =20 > that it's probably better posted here. >=20 > I'm trying to install the OpenFoam port on 6.0 Stable with the =20 > current ports tree. During the install, I get the following errors =20 > from the paraview dependency: >=20 > Verifying install for /usr/local/lib/paraview-2.4/=20 > ParaViewConfig.cmake i > n /usr/ports/science/paraview > =3D=3D=3D> paraview-2.4.2 has known vulnerabilities: > =3D> tiff -- buffer overflow vulnerability. > Reference: 68222076-010b-11da-bc08-00 > 01020eed82.html> > =3D> tiff -- divide-by-zero denial-of-service. > Reference: b58ff497-6977-11d9-ae49-00 > 0c41e2cdad.html> > =3D> tiff -- directory entry count integer overflow vulnerability. > Reference: fc7e6a42-6012-11d9-a9e7-00 > 01020eed82.html> > =3D> tiff -- multiple integer overflows. > Reference: 3897a2f8-1d57-11d9-bc4a-00 > 0c41e2cdad.html> > =3D> tiff -- RLE decoder heap overflows. > Reference: f6680c03-0bd8-11d9-8a8a-00 > 0c41e2cdad.html> > =3D> Please update your ports tree and try again. >=20 >=20 > I've updated the ports tree multiple times. I've perused the =20 > archives and found that all of these vulnerabilities should already =20 > be fixed (to the best of my understanding). Portaudit doesn't report =20 > the current linux-tiff-3.6.1_5 has having these vulnerabilities. =20 > I've tried deinstalling and reinstalling linux-tiff. Portversion =20 > reports that linux-tiff is up to date. >=20 Did you update your portaudit database? Kris --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD4Z49Wry0BWjoQKURAoNdAJ4o1tuMBL2hKkp+W9QXQ7FFdrRidwCgjqyf O2SaQ8INDMzS/Ch3qUHot/U= =SDsb -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--