Date: Thu, 30 Oct 2008 10:06:50 -0700 From: "Kevin Oberman" <oberman@es.net> To: "matt donovan" <kitchetech@gmail.com> Cc: gnome@freebsd.org, Guoqin Ren <renguoqin@gmail.com> Subject: Re: error: libxml2-2.6.32_1 has known vulnerabilities Message-ID: <20081030170650.7944F45048@ptavv.es.net> In-Reply-To: Your message of "Thu, 30 Oct 2008 12:51:09 EDT." <28283d910810300951g603b72bfj8db2b1c07826ce2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--==_Exmh_1225386410_93044P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Thu, 30 Oct 2008 12:51:09 -0400 > From: "matt donovan" <kitchetech@gmail.com> > > On Thu, Oct 30, 2008 at 12:04 PM, Kevin Oberman <oberman@es.net> wrote: > > > > Date: Wed, 29 Oct 2008 22:49:11 -0400 > > > From: "Guoqin Ren" <renguoqin@gmail.com> > > > Sender: owner-freebsd-gnome@freebsd.org > > > > > > Hi, > > > > > > I try to install libxml2, but get the following error message: > > > > > > cd /usr/ports/textproc/libxml2/ && make install clean > > > ===> libxml2-2.6.32_1 has known vulnerabilities: > > > => libxml2 -- two vulnerabilities. > > > Reference: < > > > > > http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html > > > > > > > => Please update your ports tree and try again. > > > *** Error code 1 > > > > > > Stop in /usr/ports/textproc/libxml2. > > > _______________________________________________ > > > freebsd-gnome@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-gnome > > > To unsubscribe, send any mail to "freebsd-gnome-unsubscribe@freebsd.org" > > > > > > > Update your vulnerability data: > > portaudit -F > > -- > > R. Kevin Oberman, Network Engineer > > Energy Sciences Network (ESnet) > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > > E-mail: oberman@es.net Phone: +1 510 486-8634 > > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > > > it will still show as vulnerability since I updated my database before, you > either have to wait for 2.7 in ports to come out or man ports, search for > DISABLE_VULNERABILITIES > You are incorrect. From the latest database (and it's been there since the day after the fix was committed: libxml2<2.6.32_1|http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html|libxml2 -- two vulnerabilities. Note the "<2.6.32_1". That means that all versions PRIOR to the listed version are vulnerable. And, I can confirm that I have not had any problems installing libxml2 since the database was updated. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1225386410_93044P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFJCemqkn3rs5h7N1ERApp8AJ9w/pV3AkCbdV4oqDmvkQyJvytR1QCfWIdR 5o41/1jLYdTPQfbtF2YXZiA= =UC8I -----END PGP SIGNATURE----- --==_Exmh_1225386410_93044P--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081030170650.7944F45048>