From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  1 22:16:21 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C6ED2106566B
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 22:16:21 +0000 (UTC)
	(envelope-from bruce@cran.org.uk)
Received: from muon.cran.org.uk (unknown [IPv6:2a01:348:0:15:5d59:5c40:0:1])
	by mx1.freebsd.org (Postfix) with ESMTP id 73EB68FC08
	for <freebsd-questions@freebsd.org>;
	Fri,  1 Oct 2010 22:16:21 +0000 (UTC)
Received: from muon.cran.org.uk (localhost [127.0.0.1])
	by muon.cran.org.uk (Postfix) with ESMTP id BDEC0E6097;
	Fri,  1 Oct 2010 23:16:20 +0100 (BST)
Received: from unknown (client-82-31-11-222.midd.adsl.virginmedia.com
	[82.31.11.222])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	by muon.cran.org.uk (Postfix) with ESMTPSA;
	Fri,  1 Oct 2010 23:16:20 +0100 (BST)
Date: Fri, 1 Oct 2010 23:16:15 +0100
From: Bruce Cran <bruce@cran.org.uk>
To: FreeBSD <freebsd-questions@freebsd.org>
Message-ID: <20101001231615.00007859@unknown>
In-Reply-To: <20101001174929.16d43ac1@scorpio>
References: <20101001121332.5b04fa61@scorpio>
	<20101001171420.GE40148@dan.emsphone.com>
	<20101001165940.5d0e73f5@scorpio>
	<20101001210014.GD86640@eggman.experts-exchange.com>
	<20101001222316.00004e8c@unknown> <20101001174929.16d43ac1@scorpio>
X-Mailer: Claws Mail 3.7.6 (GTK+ 2.16.6; i586-pc-mingw32msvc)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd.user@seibercom.net
Subject: Re: Updating bzip2 to remove potential security vulnerability
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Oct 2010 22:16:21 -0000

On Fri, 1 Oct 2010 17:49:29 -0400
Jerry <freebsd.user@seibercom.net> wrote:

> OK, I just updated my sources; however, this notation from the
> UPDATING file does NOT appear in the UPDATING file on my machine:
> 
> 20100920:	p1	FreeBSD-SA-10:08.bzip2
> 	Fix an integer overflow in RLE length parsing when
> decompressing corrupt bzip2 data.
> 
> I am using this as the tag, which is probably incorrect.
> 
> default release=cvs tag=RELENG_8
> 
> This is the stock standard-supfile. The stock stable-supfile has the
> same tag.
> 

Sorry, it seems stable/8 UPDATING hasn't been updated. Instead, check
that you have rev 1.1.1.5.2.1 of contrib/bzip2/decompress.c .

I guess that since -stable isn't a release branch that it
doesn't get security issues logged in UPDATING?

-- 
Bruce