Date: Fri, 7 Jan 2005 11:52:56 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Warner Joseph <Joseph.Warner@siemens.com> Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: Re: linux_base Message-ID: <20050107195256.GD80494@xor.obsecurity.org> In-Reply-To: <DAF0948B1D3A2D4080988C683F6BD90709DC4D3F@mlvv9mbe.usmlvv1p0a.smshsc.net> References: <DAF0948B1D3A2D4080988C683F6BD90709DC4D3F@mlvv9mbe.usmlvv1p0a.smshsc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--osDK9TLjxFScVI/L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 07, 2005 at 02:44:39PM -0500, Warner Joseph wrote: >=20 > Hi, >=20 > I'm running 4.8-RELEASE-p27 and had a question > regarding my current install of linux_base >=20 > #portupgrade -l "<" doesn't reveal this package needs upgrading > but portaudit -a says: >=20 > Affected package: linux_base-6.1_6 > Type of problem: xpm -- image decoding vulnerabilities. > Reference: > <http://www.FreeBSD.org/ports/portaudit/ef253f8b-0727-11d9-b45d-000c41e2c= dad > .html> >=20 > I've followed that url, googled and searched the -questions archive > but can't find any information regarding how to correct this. >=20 > Can anyone point me in the right direction? linux_base-6 will never have the security vulnerability fixed because it's not supported by redhat. linux_base contains redhat 8.x which is also out of support, but does not currently have security problems. It will be updated to something more modern after 4.11-RELEASE. Kris --osDK9TLjxFScVI/L Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFB3uiYWry0BWjoQKURAnOjAJ0Y4AAHJ3nuUSs2oV4XxJE8osuVDQCg/jmL oUTtMc+lntKluc/ndNR6ets= =SbPY -----END PGP SIGNATURE----- --osDK9TLjxFScVI/L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050107195256.GD80494>