Date: Thu, 30 Oct 2008 13:46:47 -0400 From: "matt donovan" <kitchetech@gmail.com> To: "Kevin Oberman" <oberman@es.net> Cc: gnome@freebsd.org, Guoqin Ren <renguoqin@gmail.com> Subject: Re: error: libxml2-2.6.32_1 has known vulnerabilities Message-ID: <28283d910810301046j677e34c0q97fed1bbbd2d793b@mail.gmail.com> In-Reply-To: <20081030170650.7944F45048@ptavv.es.net> References: <28283d910810300951g603b72bfj8db2b1c07826ce2@mail.gmail.com> <20081030170650.7944F45048@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 30, 2008 at 1:06 PM, Kevin Oberman <oberman@es.net> wrote: > > Date: Thu, 30 Oct 2008 12:51:09 -0400 > > From: "matt donovan" <kitchetech@gmail.com> > > > > On Thu, Oct 30, 2008 at 12:04 PM, Kevin Oberman <oberman@es.net> wrote: > > > > > > Date: Wed, 29 Oct 2008 22:49:11 -0400 > > > > From: "Guoqin Ren" <renguoqin@gmail.com> > > > > Sender: owner-freebsd-gnome@freebsd.org > > > > > > > > Hi, > > > > > > > > I try to install libxml2, but get the following error message: > > > > > > > > cd /usr/ports/textproc/libxml2/ && make install clean > > > > ===> libxml2-2.6.32_1 has known vulnerabilities: > > > > => libxml2 -- two vulnerabilities. > > > > Reference: < > > > > > > > > http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html > > > > > > > > > => Please update your ports tree and try again. > > > > *** Error code 1 > > > > > > > > Stop in /usr/ports/textproc/libxml2. > > > > _______________________________________________ > > > > freebsd-gnome@freebsd.org mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-gnome > > > > To unsubscribe, send any mail to " > freebsd-gnome-unsubscribe@freebsd.org" > > > > > > > > > > Update your vulnerability data: > > > portaudit -F > > > -- > > > R. Kevin Oberman, Network Engineer > > > Energy Sciences Network (ESnet) > > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > > > E-mail: oberman@es.net Phone: +1 510 486-8634 > > > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > > > > > > it will still show as vulnerability since I updated my database before, > you > > either have to wait for 2.7 in ports to come out or man ports, search for > > DISABLE_VULNERABILITIES > > > > You are incorrect. From the latest database (and it's been there since > the day after the fix was committed: > libxml2<2.6.32_1| > http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html|libxml2<http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html%7Clibxml2>-- two vulnerabilities. > > Note the "<2.6.32_1". That means that all versions PRIOR to the listed > version are vulnerable. And, I can confirm that I have not had any > problems installing libxml2 since the database was updated. > -- > R. Kevin Oberman, Network Engineer > Energy Sciences Network (ESnet) > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > E-mail: oberman@es.net Phone: +1 510 486-8634 > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > I have but then again I m using libxml 2.7.2 anyways now
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28283d910810301046j677e34c0q97fed1bbbd2d793b>