From owner-freebsd-questions@FreeBSD.ORG  Tue Oct 17 14:31:05 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@FreeBSD.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 16EB816A412
	for <questions@FreeBSD.org>; Tue, 17 Oct 2006 14:31:05 +0000 (UTC)
	(envelope-from freebsd@meijome.net)
Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9D71F43D4C
	for <questions@FreeBSD.org>; Tue, 17 Oct 2006 14:31:04 +0000 (GMT)
	(envelope-from freebsd@meijome.net)
Received: (qmail 31396 invoked from network); 18 Oct 2006 00:31:03 +1000
Received: from 124-168-3-158.dyn.iinet.net.au (HELO localhost) (124.168.3.158)
	by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP;
	18 Oct 2006 00:31:03 +1000
Date: Wed, 18 Oct 2006 00:30:59 +1000
From: Norberto Meijome <freebsd@meijome.net>
To: Filippo Moretti <gunnut@2ainfo.it>
Message-ID: <20061018003059.11deef50@localhost>
In-Reply-To: <4534DB69.1000802@2ainfo.it>
References: <4534DB69.1000802@2ainfo.it>
X-Mailer: Sylpheed-Claws 2.5.2 (GTK+ 2.10.6; i386-portbld-freebsd6.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: questions@FreeBSD.org
Subject: Re: Problem updating mplayer
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2006 14:31:05 -0000

On Tue, 17 Oct 2006 15:32:25 +0200
Filippo Moretti <gunnut@2ainfo.it> wrote:

> ===>    Verifying reinstall for   
> /usr/local/lib/win32/win32-codecs-3.1.0.p8_1,1 in 
> /usr/ports/multimedia/win32-codecs
> ===>  win32-codecs-3.1.0.p8_1,1 is forbidden: Remote code execution:   
> http://vuxml.FreeBSD.org/24f6b1eb-43d5-11db-81e1-000e0c2e438a.html.
> *** Error code 1
> What can be done to solve this problem
> sincerely

Hi Filippo,
a) you can work with the win32-codecs team to solve the remote code execution
vulnerability
b) you can be brave, reckless and probably 0wn3d  soon by disabling the
vulnerability checks and upgrading anyway (dont know how to do this, sorry)
c) you can keep the slightly older port .... but it seems it is still
vulnerable:
$ sudo portaudit
[...]
Affected package: win32-codecs-3.1.0.p8,1
Type of problem: win32-codecs -- multiple vulnerabilities.
Reference:
<http://www.FreeBSD.org/ports/portaudit/24f6b1eb-43d5-11db-81e1-000e0c2e438a.html>

d) you can uninstall win32-codecs :)

other options may be available, but i can't think of them atm :)

B

_________________________
{Beto|Norberto|Numard} Meijome

RTFM and STFW before anything bad happens.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.