From owner-freebsd-security@FreeBSD.ORG Tue Oct 21 12:36:05 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 979331065675 for ; Tue, 21 Oct 2008 12:36:05 +0000 (UTC) (envelope-from spamd@stu.cn.ua) Received: from stu.cn.ua (stalker.stu.cn.ua [195.69.76.130]) by mx1.freebsd.org (Postfix) with ESMTP id 11E9B8FC29 for ; Tue, 21 Oct 2008 12:36:04 +0000 (UTC) (envelope-from spamd@stu.cn.ua) Received: from stu.cn.ua (localhost [127.0.0.1]) by stu.cn.ua (Postfix) with ESMTP id DC91E244DF2 for ; Tue, 21 Oct 2008 15:19:52 +0300 (EEST) Received: by stu.cn.ua (Postfix, from userid 58) id C1362244DE5; Tue, 21 Oct 2008 15:19:52 +0300 (EEST) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on stalker.stu.cn.ua X-Spam-Level: X-Spam-Status: No, score=-6.6 required=4.5 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_PASS autolearn=ham version=3.2.5 Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by stu.cn.ua (Postfix) with ESMTP id 3E8AF244F9E for ; Tue, 21 Oct 2008 15:01:35 +0300 (EEST) Received: from hub.freebsd.org (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 3831C164307; Tue, 21 Oct 2008 12:00:24 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 486D910656CF; Tue, 21 Oct 2008 12:00:23 +0000 (UTC) (envelope-from owner-freebsd-security@freebsd.org) From: freebsd-security-request@freebsd.org To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Sender: owner-freebsd-security@freebsd.org Errors-To: owner-freebsd-security@freebsd.org Message-Id: <20081021120023.486D910656CF@hub.freebsd.org> Date: Tue, 21 Oct 2008 12:00:23 +0000 (UTC) X-Virus-Scanned: ClamAV using ClamSMTP on stalker.stu.cn.ua X-Mailman-Approved-At: Tue, 21 Oct 2008 13:21:04 +0000 Subject: freebsd-security Digest, Vol 270, Issue 1 X-BeenThere: freebsd-security@freebsd.org Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2008 12:36:05 -0000 Send freebsd-security mailing list submissions to freebsd-security@freebsd.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freebsd.org/mailman/listinfo/freebsd-security or, via email, send a message with subject or body 'help' to freebsd-security-request@freebsd.org You can reach the person managing the list at freebsd-security-owner@freebsd.org When replying, please edit your Subject line so it is more specific than "Re: Contents of freebsd-security digest..." Today's Topics: 1. Secure libxml2? (Gunther Mayer) 2. Re: Secure libxml2? (Dag-Erling Sm?rgrav) ---------------------------------------------------------------------- Message: 1 Date: Mon, 20 Oct 2008 13:22:20 +0200 From: Gunther Mayer Subject: Secure libxml2? To: freebsd-security@freebsd.org Message-ID: <48FC69EC.9000609@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi there, We're using libxml2 and the version in ports (2.6.x) currently suffers from a rather serious security vulnerability already posted last Friday: http://www.freebsd.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html Yet there's no libxml2-2.7.x in ports as required by the above notice. So there's no solution other than compiling an up-to-date one by hand and that opens up a whole different can of worms regarding dependencies. I emailed the official maintainer (gnome@freebsd.org) but am not holding my breath, chances are they won't even see my mail amongst all the spam they must be getting. So I'm wondering does anybody know what's going on or what I could do to get my systems secure? Regards, Gunther ------------------------------ Message: 2 Date: Mon, 20 Oct 2008 14:57:10 +0200 From: Dag-Erling Sm?rgrav Subject: Re: Secure libxml2? To: Gunther Mayer Cc: freebsd-security@freebsd.org Message-ID: <861vybifvd.fsf@ds4.des.no> Content-Type: text/plain; charset=utf-8 Gunther Mayer writes: > I emailed the official maintainer (gnome@freebsd.org) but am not > holding my breath, chances are they won't even see my mail amongst all > the spam they must be getting. So I'm wondering does anybody know > what's going on or what I could do to get my systems secure? Actually, gnome@freebsd.org is a mailing list (freebsd-gnome) that gets very little spam. Feel free to subscribe and / or peruse the archive. In the meantime, there is a PR (ports/127661) with a patch that you might try. DES -- Dag-Erling Smørgrav - des@des.no ------------------------------ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" End of freebsd-security Digest, Vol 270, Issue 1 ************************************************