Date: Fri, 5 May 2017 16:34:09 -0400 From: Jung-uk Kim <jkim@FreeBSD.org> To: Jason de Cordoba <jason@aventia.pw> Cc: office@FreeBSD.org Subject: Re: FreeBSD Port: devel/icu icu-58.2_2,1 is vulnerable: Message-ID: <6e1eb2c9-c8e4-f7b2-fc4c-fb19153ea787@FreeBSD.org> In-Reply-To: <2132c682-c881-369e-21e8-81182d715d53@aventia.pw> References: <2132c682-c881-369e-21e8-81182d715d53@aventia.pw>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2bLOhd4JDBbxPUkp6gr0nUwseIx0L6l4m Content-Type: multipart/mixed; boundary="ChoEvgA3m8i9jiWimo1SGxCqk3ve1mJ6f"; protected-headers="v1" From: Jung-uk Kim <jkim@FreeBSD.org> To: Jason de Cordoba <jason@aventia.pw> Cc: office@FreeBSD.org Message-ID: <6e1eb2c9-c8e4-f7b2-fc4c-fb19153ea787@FreeBSD.org> Subject: Re: FreeBSD Port: devel/icu icu-58.2_2,1 is vulnerable: References: <2132c682-c881-369e-21e8-81182d715d53@aventia.pw> In-Reply-To: <2132c682-c881-369e-21e8-81182d715d53@aventia.pw> --ChoEvgA3m8i9jiWimo1SGxCqk3ve1mJ6f Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 05/05/2017 15:46, Jason de Cordoba wrote: > Hi there, >=20 > encountered a stop on upgrading icu which was updated today in ports on= > fbsd11.0p9 >=20 > It appears the icu 58.2_2,1 is also vulnerable? > http://www.freshports.org/devel/icu/ > http://www.freshports.org/commit.php?category=3Ddevel&port=3Dicu&files=3D= yes&message_id=3D201705042144.v44LivS4081269@repo.freebsd.org >=20 > Thanks, > Jason >=20 > =3D=3D=3D>>> All >> icu-58.2_1,1 (2/10) >=20 > =3D=3D=3D> Cleaning for icu-58.2_2,1 > =3D=3D=3D> icu-58.2_2,1 has known vulnerabilities: > icu-58.2_2,1 is vulnerable: > icu -- multiple vulnerabilities > CVE: CVE-2017-7868 > CVE: CVE-2017-7867 > WWW: > https://vuxml.FreeBSD.org/freebsd/607f8b57-7454-42c6-a88a-8706f3270= 76d.html No, you just need to update audit database as many people already suggested, i.e., "pkg audit -F", or wait for some time. Jung-uk Kim --ChoEvgA3m8i9jiWimo1SGxCqk3ve1mJ6f-- --2bLOhd4JDBbxPUkp6gr0nUwseIx0L6l4m Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEl1bqgKaRyqfWXu/CfJ+WJvzb8UYFAlkM4cEACgkQfJ+WJvzb 8UZJMgf+Nt7d3uki1HY5Z7JsFwAoRBKRAuE+NqWcu8EVp4UyJtpSQxVIBZdDQ7fg jMfKs4IzkTxWQk4CJL4mHm54TcBhFcqZIoFH8vuE1RAOzvYleILI6L/2ea0xdhcP ljuomoJGCYNkTw7gE+uywOsA6DQOLbotSLR53Vc8i5FQyw3Z02AXMKfFR75pr8YF w5ozuQ4L3E1ogMH3okBYd/PP9oxxJCj+SF4P9fnlqYS3I8MxMD4OF9U+HyQzRjvV PobTHo//LZmVBGR4qJA5R8B2S5CK1WIylYRLgq8ER4nT6RgmWfiebl+aTmFTWLsU i3Kfq829heY60rC0T+uFRMDibYMUiQ== =+NGN -----END PGP SIGNATURE----- --2bLOhd4JDBbxPUkp6gr0nUwseIx0L6l4m--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6e1eb2c9-c8e4-f7b2-fc4c-fb19153ea787>