From owner-freebsd-gnome@freebsd.org Mon Aug 21 22:02:36 2017 Return-Path: Delivered-To: freebsd-gnome@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EB603DD68E0 for ; Mon, 21 Aug 2017 22:02:36 +0000 (UTC) (envelope-from robbelics@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id CAC9B6369A for ; Mon, 21 Aug 2017 22:02:36 +0000 (UTC) (envelope-from robbelics@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id C9F33DD68DF; Mon, 21 Aug 2017 22:02:36 +0000 (UTC) Delivered-To: gnome@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9705DD68DC for ; Mon, 21 Aug 2017 22:02:36 +0000 (UTC) (envelope-from robbelics@gmail.com) Received: from mail-pg0-x22c.google.com (mail-pg0-x22c.google.com [IPv6:2607:f8b0:400e:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9DACF63699 for ; Mon, 21 Aug 2017 22:02:36 +0000 (UTC) (envelope-from robbelics@gmail.com) Received: by mail-pg0-x22c.google.com with SMTP id s14so2567028pgs.1 for ; Mon, 21 Aug 2017 15:02:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=oxZKYN3OD5DMfDuH0Eqh2TR8bTSOVt231STm13801IY=; b=l1LAGWDE/kNPYX1E8VUexLgnizACXl2eRi8G/zwOH8Id46eT1mG/DeJtna+DZzgi+e aoCxzu7hDNLEiTpf1Jbl2H5AqsvCRaRmH7fTWYHENYZSXrdvyAVr2k3H6ySiNDwEiwx3 CL02h1TLPV+wkmlXdch5MF1K7KykasHVReg1fOv6U3UZPmsyQcLxPiLZn5j+zSS9Y0Km aVzTfKuQRwcbbBNNsPQKZSMaA4qFkOdS9+IO4uWbahEwuPJ/wBzFn8BQxo3OQa4aEGZh oeABg4YoksccxgFi9hskx3ObvejYLeUDUA2Bzfan14YjNjce1++1YRNotEkXg5KINAEE U33g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=oxZKYN3OD5DMfDuH0Eqh2TR8bTSOVt231STm13801IY=; b=HvAqMnoaFgiLKQJHPofXpZdD8zFS1NXQN5NLoclHBY1/KepwXLB43p7/U6/zRDNSRL CKVvXrwXHw1IpKKAqjuCz67V2y2xKgT01u05ETqzYz2J7/gfCG60yx+Ob108ci777A4y 265C6T60Aqm+JDTQjxkH3hyHK4ZFGnbeDamFYA329Z4r7P16zAhy6ZWXbO5ArIIKKaZ+ KLvhJuiu9lM/HdHDb31ny629wLpi0XSpc9GfjHH894BTpyNlTxIp3S50glVqCG1uJZKg EfTgS7sbBtJiorwIKdoWqhjTW3Q9GNl845sZgm6xfmQPFkBWAeja6DhloAwD1hzzAnzy No4g== X-Gm-Message-State: AHYfb5iXqv5fG1tHNapJqVtR6xlfW+nopI4eawcPrQ1V3xROreo4HNId gLDmZo1kBwTPJ+6D4hTTV5VV7EX85kp42bU= X-Received: by 10.98.30.131 with SMTP id e125mr2729602pfe.244.1503352955452; Mon, 21 Aug 2017 15:02:35 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.170.14 with HTTP; Mon, 21 Aug 2017 15:02:34 -0700 (PDT) From: Rob Belics Date: Mon, 21 Aug 2017 17:02:34 -0500 Message-ID: Subject: libsoup-2.52.2_1 still listed as vulnerable To: gnome@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Aug 2017 22:02:37 -0000 I don't see in bugzilla where this port is vulnerable yet, when I update ports and build it, it complains thus: ===> Cleaning for libsoup-2.52.2_1 ===> libsoup-2.52.2_1 has known vulnerabilities: libsoup-2.52.2_1 is vulnerable: libsoup -- stack based buffer overflow CVE: CVE-2017-2885 WWW: https://vuxml.FreeBSD.org/freebsd/8e7bbddd-8338-11e7-867f-b499baebfeaf.html 1 problem(s) in the installed packages found. => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make: stopped in /usr/ports/devel/libsoup ===>>> make build failed for devel/libsoup ===>>> Aborting update ===>>> Update for libsoup-2.52.2 failed ===>>> Aborting update I wasn't sure if I should post this as a bug or email you. Or am I looking t this wrong? Thanks, Rob