Date: Thu, 19 Apr 2007 19:01:39 +0800 From: Foxfair Hu <foxfair@drago.fomokka.net> To: Kris Kennaway <kris@obsecurity.org> Cc: ports@freebsd.org, security-team@freebsd.org, jharris@widomaker.com, Lowell Gilbert <freebsd-ports-local@be-well.ilk.org>, David Southwell <david@vizion2000.net> Subject: Re: Lynx -vulnerabilities- is this permanent? Message-ID: <46274C13.3050604@drago.fomokka.net> In-Reply-To: <20070419034906.GA48902@xor.obsecurity.org> References: <200704181057.34795.david@vizion2000.net> <44wt09ilei.fsf@be-well.ilk.org> <4626CFA1.1070209@drago.fomokka.net> <20070419034906.GA48902@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > On Thu, Apr 19, 2007 at 10:10:41AM +0800, Foxfair Hu wrote: >> Lowell Gilbert wrote: >>> David Southwell <david@vizion2000.net> writes: >>> >>>> portupgrade -a produces following output for lynx on cvsup from today. >>>> freebsd 6.1 >>>> ----------------------------------------- >>>> ---> Upgrading 'lynx-2.8.5_2' to 'lynx-2.8.6_4' (www/lynx) >>>> ---> Building '/usr/ports/www/lynx' >>>> ===> Cleaning for lynx-2.8.6_4 >>>> ===> lynx-2.8.6_4 has known vulnerabilities: >>>> => lynx -- remote buffer overflow. >>>> Reference: >>>> <http://www.FreeBSD.org/ports/portaudit/c01170bf-4990-11da-a1b8-000854d03344.html>; >>>> => Please update your ports tree and try again. >>>> *** Error code 1 >>>> >>>> Stop in /usr/ports/www/lynx. >>>> >>>> Any news or advice forthcoming? >>> That doesn't *seem* to be applicable to the current version. >>> It looks like a version-number parsing problem producing a false warning. >>> I don't have access to my build machine to check more closely, though... >>> >>> . >>> >> Definitely a false alert, lynx 2.8.5rel4 had fixed the problem, and it >> was rev1.112 of Makefile >> in www/lynx. If no one objects, I'll put this diff to prevent portaudit >> send wrong warning again: > > Wrong fix, fix the vuxml instead of hacking around it. > > Kris > > . > vuxml -> security-team's baby. Cc added. foxfair
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46274C13.3050604>