From owner-cvs-all@FreeBSD.ORG Sat Nov 7 08:52:28 2009 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C169A1065672 for ; Sat, 7 Nov 2009 08:52:28 +0000 (UTC) (envelope-from njm@njm.me.uk) Received: from smtp004.apm-internet.net (smtp004.apm-internet.net [85.119.248.54]) by mx1.freebsd.org (Postfix) with SMTP id 321DC8FC1B for ; Sat, 7 Nov 2009 08:52:27 +0000 (UTC) Received: (qmail 40184 invoked from network); 7 Nov 2009 08:52:26 -0000 Received: from unknown (HELO oberon.njm.me.uk) (86.148.212.100) by smtp004.apm-internet.net with SMTP; 7 Nov 2009 08:52:26 -0000 Received: from titania.njm.me.uk (titania.njm.me.uk [192.168.144.130]) by oberon.njm.me.uk (8.14.3/8.14.3) with ESMTP id nA78qQDD010269; Sat, 7 Nov 2009 08:52:26 GMT (envelope-from njm@njm.me.uk) Received: from titania.njm.me.uk (localhost [127.0.0.1]) by titania.njm.me.uk (8.14.3/8.14.3) with ESMTP id nA78qQEw059207; Sat, 7 Nov 2009 08:52:26 GMT (envelope-from njm@njm.me.uk) Received: (from njm@localhost) by titania.njm.me.uk (8.14.3/8.14.3/Submit) id nA78qQvi059206; Sat, 7 Nov 2009 08:52:26 GMT (envelope-from njm@njm.me.uk) Date: Sat, 7 Nov 2009 08:52:25 +0000 From: "N.J. Mann" To: Dirk Meyer Message-ID: <20091107085225.GA10184@titania.njm.me.uk> Mail-Followup-To: Dirk Meyer , ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org References: <200911062137.nA6LbG1U080346@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200911062137.nA6LbG1U080346@repoman.freebsd.org> X-Operating-System: FreeBSD 7.2-STABLE User-Agent: mutt-NJM (2009-07-16) Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/graphics/gd Makefile ports/graphics/gd/files patch-cve-2009-3546 X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Nov 2009 08:52:28 -0000 In message <200911062137.nA6LbG1U080346@repoman.freebsd.org>, Dirk Meyer (dinoex@FreeBSD.org) wrote: > dinoex 2009-11-06 21:37:16 UTC > > FreeBSD ports repository > > Modified files: > graphics/gd Makefile > Added files: > graphics/gd/files patch-cve-2009-3546 > Log: > - Security patch > Security: CVE-2009-3546 > Security: http://portaudit.freebsd.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html > PR: 140335 > Submitted by: Eygene Ryabinkin > Obtained from: PHP project > > Revision Changes Path > 1.92 +1 -1 ports/graphics/gd/Makefile > 1.1 +15 -0 ports/graphics/gd/files/patch-cve-2009-3546 (new) I think there is something wrong with the vulnerabilities entry for this port which stops this update completing. I just tried updating this port from gd-2.0.35_1,1 to gd-2.0.35_2,1 and got: ===> gd-2.0.35_2,1 has known vulnerabilities: => gd -- '_gdGetColors' remote buffer overflow vulnerability. Reference: => Please update your ports tree and try again. *** Error code 1 Stop in /usr/ports/graphics/gd. *** Error code 1 Stop in /usr/ports/graphics/gd. I had a look at the portaudit entry at the URL given. I am unfamiliar with the syntax of these entries, but the 'Affects' entries look suspicious to me, e.g. "gd >0'. Does it need correcting? Cheers, Nick. --