From owner-freebsd-gnome@FreeBSD.ORG  Thu Oct 30 17:46:50 2008
Return-Path: <owner-freebsd-gnome@FreeBSD.ORG>
Delivered-To: gnome@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A8401106567D
	for <gnome@freebsd.org>; Thu, 30 Oct 2008 17:46:50 +0000 (UTC)
	(envelope-from kitchetech@gmail.com)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.26])
	by mx1.freebsd.org (Postfix) with ESMTP id 134498FC16
	for <gnome@freebsd.org>; Thu, 30 Oct 2008 17:46:49 +0000 (UTC)
	(envelope-from kitchetech@gmail.com)
Received: by ey-out-2122.google.com with SMTP id 6so269557eyi.7
	for <gnome@freebsd.org>; Thu, 30 Oct 2008 10:46:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:cc:in-reply-to:mime-version:content-type:references;
	bh=Qy1fBqG0wVV07cNsVYOPIv9LXaJPexpU+LXzaRYGm/A=;
	b=n/Ucp/4Wyl0NNDta78VqSu4CmbS3CPUKSY4pUHQqYbOIX3Z74gKHXrkl3WXFKz1MH2
	wgzjJfEwVv234G14yVGMzHQHNIsgQvjwJ9zgwxGyivUjDwr2ELQKz2yjDJhFYenU4eAM
	GAM5jtMQ4Un7g/rjljlR6bmaCI1Hneb5rfXWs=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version
	:content-type:references;
	b=x66y+3XeTrUejyvhzxgHQFop3oFY43pDai9dDv5YUGic2R7bkS5lTWX/XLoAT+VMza
	qWfdVXNtvhrxj6rcqbe6xxtS474P2vy+TGCA/hq6h9ufXyiNJexI52vz1zVQqleQ7F6K
	YLZzt8pa48LPzESv8r5m2thynV12GIKp/djIo=
Received: by 10.86.80.5 with SMTP id d5mr7471900fgb.7.1225388808131;
	Thu, 30 Oct 2008 10:46:48 -0700 (PDT)
Received: by 10.86.78.7 with HTTP; Thu, 30 Oct 2008 10:46:47 -0700 (PDT)
Message-ID: <28283d910810301046j677e34c0q97fed1bbbd2d793b@mail.gmail.com>
Date: Thu, 30 Oct 2008 13:46:47 -0400
From: "matt donovan" <kitchetech@gmail.com>
To: "Kevin Oberman" <oberman@es.net>
In-Reply-To: <20081030170650.7944F45048@ptavv.es.net>
MIME-Version: 1.0
References: <28283d910810300951g603b72bfj8db2b1c07826ce2@mail.gmail.com>
	<20081030170650.7944F45048@ptavv.es.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: gnome@freebsd.org, Guoqin Ren <renguoqin@gmail.com>
Subject: Re: error: libxml2-2.6.32_1 has known vulnerabilities
X-BeenThere: freebsd-gnome@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GNOME for FreeBSD -- porting and maintaining
	<freebsd-gnome.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gnome>,
	<mailto:freebsd-gnome-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-gnome>
List-Post: <mailto:freebsd-gnome@freebsd.org>
List-Help: <mailto:freebsd-gnome-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-gnome>,
	<mailto:freebsd-gnome-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Oct 2008 17:46:50 -0000

On Thu, Oct 30, 2008 at 1:06 PM, Kevin Oberman <oberman@es.net> wrote:

> > Date: Thu, 30 Oct 2008 12:51:09 -0400
> > From: "matt donovan" <kitchetech@gmail.com>
> >
> > On Thu, Oct 30, 2008 at 12:04 PM, Kevin Oberman <oberman@es.net> wrote:
> >
> > > > Date: Wed, 29 Oct 2008 22:49:11 -0400
> > > > From: "Guoqin Ren" <renguoqin@gmail.com>
> > > > Sender: owner-freebsd-gnome@freebsd.org
> > > >
> > > > Hi,
> > > >
> > > >  I try to install libxml2, but get the following error message:
> > > >
> > > > cd /usr/ports/textproc/libxml2/ && make install clean
> > > > ===>  libxml2-2.6.32_1 has known vulnerabilities:
> > > > => libxml2 -- two vulnerabilities.
> > > >    Reference: <
> > > >
> > >
> http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html
> > > > >
> > > > => Please update your ports tree and try again.
> > > > *** Error code 1
> > > >
> > > > Stop in /usr/ports/textproc/libxml2.
> > > > _______________________________________________
> > > > freebsd-gnome@freebsd.org mailing list
> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-gnome
> > > > To unsubscribe, send any mail to "
> freebsd-gnome-unsubscribe@freebsd.org"
> > > >
> > >
> > > Update your vulnerability data:
> > > portaudit -F
> > > --
> > > R. Kevin Oberman, Network Engineer
> > > Energy Sciences Network (ESnet)
> > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > > E-mail: oberman@es.net                  Phone: +1 510 486-8634
> > > Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
> >
> >
> > it will still show as vulnerability since I updated my database before,
> you
> > either have to wait for 2.7 in ports to come out or man ports, search for
> > DISABLE_VULNERABILITIES
> >
>
> You are incorrect. From the latest database (and it's been there since
> the day after the fix was committed:
> libxml2<2.6.32_1|
> http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html|libxml2<http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html%7Clibxml2>-- two vulnerabilities.
>
> Note the "<2.6.32_1". That means that all versions PRIOR to the listed
> version are vulnerable. And, I can confirm that I have not had any
> problems installing libxml2 since the database was updated.
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman@es.net                  Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
>

I have but then again I m using libxml 2.7.2 anyways now