Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Oct 2010 17:49:29 -0400
From:      Jerry <freebsd.user@seibercom.net>
To:        FreeBSD <freebsd-questions@freebsd.org>
Subject:   Re: Updating bzip2 to remove potential security vulnerability
Message-ID:  <20101001174929.16d43ac1@scorpio>
In-Reply-To: <20101001222316.00004e8c@unknown>
References:  <20101001121332.5b04fa61@scorpio> <20101001171420.GE40148@dan.emsphone.com> <20101001165940.5d0e73f5@scorpio> <20101001210014.GD86640@eggman.experts-exchange.com> <20101001222316.00004e8c@unknown>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 1 Oct 2010 22:23:16 +0100
Bruce Cran <bruce@cran.org.uk> articulated:

> On Fri, 1 Oct 2010 14:00:16 -0700
> Jason <jhelfman@e-e.com> wrote:
> 
> > On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake:
> > >On Fri, 1 Oct 2010 12:14:20 -0500
> > >Dan Nelson <dnelson@allantgroup.com> articulated:
> > >
> > >> You must have missed
> > >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ;
> > >> patches for 6, 7, and 8 are available there, and freebsd-update
> > >> has fixed binaries if you use that.
> > >
> > >Never saw it. So I am assuming that simply using something like:
> > >
> > >csup -L2 -h cvsup.FreeBSD.org
> > >"/usr/src/share/examples/cvsup/standard-supfile"
> > >
> > >Then rebuild Kernel & World is not going to work. Is that correct?
> > 
> > The update instructions are in the announcement. Here is a snippet
> > from it:
> 
> Or yes, you can just update to the latest sources via csup - it's been
> fixed in all supported security branches as well as HEAD (see
> http://svn.freebsd.org/viewvc/base/releng/8.1/UPDATING?view=log for
> example).

OK, I just updated my sources; however, this notation from the UPDATING
file does NOT appear in the UPDATING file on my machine:

20100920:	p1	FreeBSD-SA-10:08.bzip2
	Fix an integer overflow in RLE length parsing when decompressing
	corrupt bzip2 data.

I am using this as the tag, which is probably incorrect.

default release=cvs tag=RELENG_8

This is the stock standard-supfile. The stock stable-supfile has the
same tag.

-- 
Jerry ✌
FreeBSD.user@seibercom.net

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101001174929.16d43ac1>