From owner-freebsd-office@freebsd.org Fri May 5 20:34:15 2017 Return-Path: Delivered-To: freebsd-office@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D4CA8D5F818 for ; Fri, 5 May 2017 20:34:15 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id BF0C61FA1 for ; Fri, 5 May 2017 20:34:15 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id BE5EFD5F817; Fri, 5 May 2017 20:34:15 +0000 (UTC) Delivered-To: office@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE047D5F816 for ; Fri, 5 May 2017 20:34:15 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) by mx1.freebsd.org (Postfix) with ESMTP id 71B3F1FA0; Fri, 5 May 2017 20:34:15 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Subject: Re: FreeBSD Port: devel/icu icu-58.2_2,1 is vulnerable: To: Jason de Cordoba Cc: office@FreeBSD.org References: <2132c682-c881-369e-21e8-81182d715d53@aventia.pw> From: Jung-uk Kim Message-ID: <6e1eb2c9-c8e4-f7b2-fc4c-fb19153ea787@FreeBSD.org> Date: Fri, 5 May 2017 16:34:09 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 MIME-Version: 1.0 In-Reply-To: <2132c682-c881-369e-21e8-81182d715d53@aventia.pw> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2bLOhd4JDBbxPUkp6gr0nUwseIx0L6l4m" X-BeenThere: freebsd-office@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Office applications on FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 May 2017 20:34:15 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2bLOhd4JDBbxPUkp6gr0nUwseIx0L6l4m Content-Type: multipart/mixed; boundary="ChoEvgA3m8i9jiWimo1SGxCqk3ve1mJ6f"; protected-headers="v1" From: Jung-uk Kim To: Jason de Cordoba Cc: office@FreeBSD.org Message-ID: <6e1eb2c9-c8e4-f7b2-fc4c-fb19153ea787@FreeBSD.org> Subject: Re: FreeBSD Port: devel/icu icu-58.2_2,1 is vulnerable: References: <2132c682-c881-369e-21e8-81182d715d53@aventia.pw> In-Reply-To: <2132c682-c881-369e-21e8-81182d715d53@aventia.pw> --ChoEvgA3m8i9jiWimo1SGxCqk3ve1mJ6f Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 05/05/2017 15:46, Jason de Cordoba wrote: > Hi there, >=20 > encountered a stop on upgrading icu which was updated today in ports on= > fbsd11.0p9 >=20 > It appears the icu 58.2_2,1 is also vulnerable? > http://www.freshports.org/devel/icu/ > http://www.freshports.org/commit.php?category=3Ddevel&port=3Dicu&files=3D= yes&message_id=3D201705042144.v44LivS4081269@repo.freebsd.org >=20 > Thanks, > Jason >=20 > =3D=3D=3D>>> All >> icu-58.2_1,1 (2/10) >=20 > =3D=3D=3D> Cleaning for icu-58.2_2,1 > =3D=3D=3D> icu-58.2_2,1 has known vulnerabilities: > icu-58.2_2,1 is vulnerable: > icu -- multiple vulnerabilities > CVE: CVE-2017-7868 > CVE: CVE-2017-7867 > WWW: > https://vuxml.FreeBSD.org/freebsd/607f8b57-7454-42c6-a88a-8706f3270= 76d.html No, you just need to update audit database as many people already suggested, i.e., "pkg audit -F", or wait for some time. Jung-uk Kim --ChoEvgA3m8i9jiWimo1SGxCqk3ve1mJ6f-- --2bLOhd4JDBbxPUkp6gr0nUwseIx0L6l4m Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEl1bqgKaRyqfWXu/CfJ+WJvzb8UYFAlkM4cEACgkQfJ+WJvzb 8UZJMgf+Nt7d3uki1HY5Z7JsFwAoRBKRAuE+NqWcu8EVp4UyJtpSQxVIBZdDQ7fg jMfKs4IzkTxWQk4CJL4mHm54TcBhFcqZIoFH8vuE1RAOzvYleILI6L/2ea0xdhcP ljuomoJGCYNkTw7gE+uywOsA6DQOLbotSLR53Vc8i5FQyw3Z02AXMKfFR75pr8YF w5ozuQ4L3E1ogMH3okBYd/PP9oxxJCj+SF4P9fnlqYS3I8MxMD4OF9U+HyQzRjvV PobTHo//LZmVBGR4qJA5R8B2S5CK1WIylYRLgq8ER4nT6RgmWfiebl+aTmFTWLsU i3Kfq829heY60rC0T+uFRMDibYMUiQ== =+NGN -----END PGP SIGNATURE----- --2bLOhd4JDBbxPUkp6gr0nUwseIx0L6l4m--