Date: Fri, 1 Oct 2010 22:23:16 +0100 From: Bruce Cran <bruce@cran.org.uk> To: Jason <jhelfman@e-e.com> Cc: FreeBSD <freebsd-questions@freebsd.org>, Jerry <freebsd.user@seibercom.net> Subject: Re: Updating bzip2 to remove potential security vulnerability Message-ID: <20101001222316.00004e8c@unknown> In-Reply-To: <20101001210014.GD86640@eggman.experts-exchange.com> References: <20101001121332.5b04fa61@scorpio> <20101001171420.GE40148@dan.emsphone.com> <20101001165940.5d0e73f5@scorpio> <20101001210014.GD86640@eggman.experts-exchange.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 1 Oct 2010 14:00:16 -0700 Jason <jhelfman@e-e.com> wrote: > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake: > >On Fri, 1 Oct 2010 12:14:20 -0500 > >Dan Nelson <dnelson@allantgroup.com> articulated: > > > >> You must have missed > >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ; > >> patches for 6, 7, and 8 are available there, and freebsd-update has > >> fixed binaries if you use that. > > > >Never saw it. So I am assuming that simply using something like: > > > >csup -L2 -h cvsup.FreeBSD.org > >"/usr/src/share/examples/cvsup/standard-supfile" > > > >Then rebuild Kernel & World is not going to work. Is that correct? > > The update instructions are in the announcement. Here is a snippet > from it: Or yes, you can just update to the latest sources via csup - it's been fixed in all supported security branches as well as HEAD (see http://svn.freebsd.org/viewvc/base/releng/8.1/UPDATING?view=log for example). -- Bruce Cran
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101001222316.00004e8c>