Date: Mon, 21 Aug 2017 17:02:34 -0500 From: Rob Belics <robbelics@gmail.com> To: gnome@freebsd.org Subject: libsoup-2.52.2_1 still listed as vulnerable Message-ID: <CAPu-kW8HRDHqFCSvmAGYuW-4f9yG-iwAxonqYxdPQNjT3Q1_WA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I don't see in bugzilla where this port is vulnerable yet, when I update ports and build it, it complains thus: ===> Cleaning for libsoup-2.52.2_1 ===> libsoup-2.52.2_1 has known vulnerabilities: libsoup-2.52.2_1 is vulnerable: libsoup -- stack based buffer overflow CVE: CVE-2017-2885 WWW: https://vuxml.FreeBSD.org/freebsd/8e7bbddd-8338-11e7-867f-b499baebfeaf.html 1 problem(s) in the installed packages found. => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make: stopped in /usr/ports/devel/libsoup ===>>> make build failed for devel/libsoup ===>>> Aborting update ===>>> Update for libsoup-2.52.2 failed ===>>> Aborting update I wasn't sure if I should post this as a bug or email you. Or am I looking t this wrong? Thanks, Rob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPu-kW8HRDHqFCSvmAGYuW-4f9yG-iwAxonqYxdPQNjT3Q1_WA>