Date: Sat, 7 Nov 2009 08:52:25 +0000 From: "N.J. Mann" <njm@njm.me.uk> To: Dirk Meyer <dinoex@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/graphics/gd Makefile ports/graphics/gd/files patch-cve-2009-3546 Message-ID: <20091107085225.GA10184@titania.njm.me.uk> In-Reply-To: <200911062137.nA6LbG1U080346@repoman.freebsd.org> References: <200911062137.nA6LbG1U080346@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200911062137.nA6LbG1U080346@repoman.freebsd.org>, Dirk Meyer (dinoex@FreeBSD.org) wrote: > dinoex 2009-11-06 21:37:16 UTC > > FreeBSD ports repository > > Modified files: > graphics/gd Makefile > Added files: > graphics/gd/files patch-cve-2009-3546 > Log: > - Security patch > Security: CVE-2009-3546 > Security: http://portaudit.freebsd.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html > PR: 140335 > Submitted by: Eygene Ryabinkin > Obtained from: PHP project > > Revision Changes Path > 1.92 +1 -1 ports/graphics/gd/Makefile > 1.1 +15 -0 ports/graphics/gd/files/patch-cve-2009-3546 (new) I think there is something wrong with the vulnerabilities entry for this port which stops this update completing. I just tried updating this port from gd-2.0.35_1,1 to gd-2.0.35_2,1 and got: ===> gd-2.0.35_2,1 has known vulnerabilities: => gd -- '_gdGetColors' remote buffer overflow vulnerability. Reference: <http://portaudit.FreeBSD.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html>; => Please update your ports tree and try again. *** Error code 1 Stop in /usr/ports/graphics/gd. *** Error code 1 Stop in /usr/ports/graphics/gd. I had a look at the portaudit entry at the URL given. I am unfamiliar with the syntax of these entries, but the 'Affects' entries look suspicious to me, e.g. "gd >0'. Does it need correcting? Cheers, Nick. --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091107085225.GA10184>