From owner-freebsd-gnome@FreeBSD.ORG  Thu Oct 30 17:06:53 2008
Return-Path: <owner-freebsd-gnome@FreeBSD.ORG>
Delivered-To: gnome@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5345D1065687
	for <gnome@freebsd.org>; Thu, 30 Oct 2008 17:06:53 +0000 (UTC)
	(envelope-from oberman@es.net)
Received: from postal1.es.net (postal4.es.net [198.124.252.66])
	by mx1.freebsd.org (Postfix) with ESMTP id 106F68FC2B
	for <gnome@freebsd.org>; Thu, 30 Oct 2008 17:06:52 +0000 (UTC)
	(envelope-from oberman@es.net)
Received: from postal1.es.net (postal3.es.net [198.128.3.207])
	by postal4.es.net (Postal Node 4) with ESMTP (SSL) id KBK57951;
	Thu, 30 Oct 2008 10:06:51 -0700
Received: from ptavv.es.net (ptavv.es.net [198.128.4.29])
	by postal3.es.net (Postal Node 3) with ESMTP (SSL) id KBK58250;
	Thu, 30 Oct 2008 10:06:50 -0700
Received: from ptavv.es.net (localhost [127.0.0.1])
	by ptavv.es.net (Tachyon Server) with ESMTP id 7944F45048;
	Thu, 30 Oct 2008 10:06:50 -0700 (PDT)
To: "matt donovan" <kitchetech@gmail.com>
In-Reply-To: Your message of "Thu, 30 Oct 2008 12:51:09 EDT."
	<28283d910810300951g603b72bfj8db2b1c07826ce2@mail.gmail.com> 
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1225386410_93044P";
	micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Thu, 30 Oct 2008 10:06:50 -0700
From: "Kevin Oberman" <oberman@es.net>
Message-Id: <20081030170650.7944F45048@ptavv.es.net>
X-Sender-IP: 198.128.3.207
X-Sender-Domain: es.net
X-Recipent: <gnome@freebsd.org>;<kitchetech@gmail.com>;<renguoqin@gmail.com>;
X-Sender: <oberman@es.net>
X-To_Name: matt donovan
X-To_Domain: gmail.com
X-To: "matt donovan" <kitchetech@gmail.com>
X-To_Email: kitchetech@gmail.com
X-To_Alias: kitchetech
Cc: gnome@freebsd.org, Guoqin Ren <renguoqin@gmail.com>
Subject: Re: error: libxml2-2.6.32_1 has known vulnerabilities 
X-BeenThere: freebsd-gnome@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GNOME for FreeBSD -- porting and maintaining
	<freebsd-gnome.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gnome>,
	<mailto:freebsd-gnome-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gnome>
List-Post: <mailto:freebsd-gnome@freebsd.org>
List-Help: <mailto:freebsd-gnome-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gnome>,
	<mailto:freebsd-gnome-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2008 17:06:53 -0000

--==_Exmh_1225386410_93044P
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

> Date: Thu, 30 Oct 2008 12:51:09 -0400
> From: "matt donovan" <kitchetech@gmail.com>
> 
> On Thu, Oct 30, 2008 at 12:04 PM, Kevin Oberman <oberman@es.net> wrote:
> 
> > > Date: Wed, 29 Oct 2008 22:49:11 -0400
> > > From: "Guoqin Ren" <renguoqin@gmail.com>
> > > Sender: owner-freebsd-gnome@freebsd.org
> > >
> > > Hi,
> > >
> > >  I try to install libxml2, but get the following error message:
> > >
> > > cd /usr/ports/textproc/libxml2/ && make install clean
> > > ===>  libxml2-2.6.32_1 has known vulnerabilities:
> > > => libxml2 -- two vulnerabilities.
> > >    Reference: <
> > >
> > http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html
> > > >
> > > => Please update your ports tree and try again.
> > > *** Error code 1
> > >
> > > Stop in /usr/ports/textproc/libxml2.
> > > _______________________________________________
> > > freebsd-gnome@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-gnome
> > > To unsubscribe, send any mail to "freebsd-gnome-unsubscribe@freebsd.org"
> > >
> >
> > Update your vulnerability data:
> > portaudit -F
> > --
> > R. Kevin Oberman, Network Engineer
> > Energy Sciences Network (ESnet)
> > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > E-mail: oberman@es.net                  Phone: +1 510 486-8634
> > Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
> 
> 
> it will still show as vulnerability since I updated my database before, you
> either have to wait for 2.7 in ports to come out or man ports, search for
> DISABLE_VULNERABILITIES
> 

You are incorrect. From the latest database (and it's been there since
the day after the fix was committed:
libxml2<2.6.32_1|http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html|libxml2 -- two vulnerabilities.

Note the "<2.6.32_1". That means that all versions PRIOR to the listed
version are vulnerable. And, I can confirm that I have not had any
problems installing libxml2 since the database was updated.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

--==_Exmh_1225386410_93044P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Exmh version 2.5 06/03/2002

iD8DBQFJCemqkn3rs5h7N1ERApp8AJ9w/pV3AkCbdV4oqDmvkQyJvytR1QCfWIdR
5o41/1jLYdTPQfbtF2YXZiA=
=UC8I
-----END PGP SIGNATURE-----

--==_Exmh_1225386410_93044P--