Date: Fri, 1 Oct 2010 12:14:20 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Updating bzip2 to remove potential security vulnerability Message-ID: <20101001171420.GE40148@dan.emsphone.com> In-Reply-To: <20101001121332.5b04fa61@scorpio> References: <20101001121332.5b04fa61@scorpio>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Oct 01), Jerry said: > I have seen several notices on other forums regarding the update of bzip2 > to correct a potential security problem. From the bzip2 web site: > > <quote> > The current version is 1.0.6, released 20 Sept 2010. > > Version 1.0.6 removes a potential security vulnerability, > CVE-2010-0405, so all users are recommended to upgrade immediately. > </quote> > > The version supplied on FreeBSD-8.1/amd64 is version 1.0.5, > 10-Dec-2007. Are there any plans to update this supplied version? You must have missed http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; patches for 6, 7, and 8 are available there, and freebsd-update has fixed binaries if you use that. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101001171420.GE40148>