From owner-freebsd-questions@FreeBSD.ORG Fri Oct 1 17:14:23 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE9F7106566B for ; Fri, 1 Oct 2010 17:14:23 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from email1.allantgroup.com (email1.emsphone.com [199.67.51.115]) by mx1.freebsd.org (Postfix) with ESMTP id 853C38FC14 for ; Fri, 1 Oct 2010 17:14:23 +0000 (UTC) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by email1.allantgroup.com (8.14.0/8.14.0) with ESMTP id o91HELUC056066 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 1 Oct 2010 12:14:22 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1]) by dan.emsphone.com (8.14.4/8.14.4) with ESMTP id o91HELri026176 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 1 Oct 2010 12:14:21 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.4/8.14.4/Submit) id o91HELkx026175 for freebsd-questions@freebsd.org; Fri, 1 Oct 2010 12:14:21 -0500 (CDT) (envelope-from dan) Date: Fri, 1 Oct 2010 12:14:20 -0500 From: Dan Nelson To: FreeBSD Message-ID: <20101001171420.GE40148@dan.emsphone.com> References: <20101001121332.5b04fa61@scorpio> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101001121332.5b04fa61@scorpio> X-OS: FreeBSD 8.1-STABLE User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: clamav-milter 0.96 at email1.allantgroup.com X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (email1.allantgroup.com [199.67.51.78]); Fri, 01 Oct 2010 12:14:22 -0500 (CDT) X-Scanned-By: MIMEDefang 2.45 Subject: Re: Updating bzip2 to remove potential security vulnerability X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Oct 2010 17:14:23 -0000 In the last episode (Oct 01), Jerry said: > I have seen several notices on other forums regarding the update of bzip2 > to correct a potential security problem. From the bzip2 web site: > > > The current version is 1.0.6, released 20 Sept 2010. > > Version 1.0.6 removes a potential security vulnerability, > CVE-2010-0405, so all users are recommended to upgrade immediately. > > > The version supplied on FreeBSD-8.1/amd64 is version 1.0.5, > 10-Dec-2007. Are there any plans to update this supplied version? You must have missed http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; patches for 6, 7, and 8 are available there, and freebsd-update has fixed binaries if you use that. -- Dan Nelson dnelson@allantgroup.com