On (07/03/13 00:55), Robert Simmons wrote: >Is there a way to do something similar with portmaster? I don't have >portaudit installed b/c pkgng provides the same functionality. I'm >getting the following error: > pkg audit -F >===> curl-7.24.0_4 has known vulnerabilities: >curl-7.24.0_4 is vulnerable: >cURL library -- heap corruption in curl_easy_unescape > >WWW: http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html >=> Please update your ports tree and try again. >*** [check-vulnerable] Error code 1 > > >On Tue, Jul 2, 2013 at 11:37 PM, <[email protected]> wrote: >> >> Thanks, I should have tried that. >> >> >> >> Kojedzinszky Richard >> Euronet Magyarorszag Informatikai Zrt. >> >> On Tue, 2 Jul 2013, Ryan Steinmetz wrote: >> >>> Date: Tue, 2 Jul 2013 23:19:11 -0400 >>> From: Ryan Steinmetz <[email protected]> >>> To: [email protected] >>> Cc: [email protected] >>> Subject: Re: curl and CVE-2013-2174 >>> >>> >>> >>> On (07/03/13 05:01), [email protected] wrote: >>>> >>>> Dear members, >>>> >>>> It may sound a silly question. I have curl installed: >>>> # pkg_info |grep curl >>>> curl-7.24.0_3 Non-interactive tool to get files from FTP, GOPHER, >>>> HTTP(S) >>>> >>>> Today portsnap updated the ftp/curl port, and patch-CVE-2013-2174 >>>> appeared >>>> in files/, but the port version remained such that portaudit, and >>>> portupgrade still complain about curl's version. What is the recommended >>>> way to upgrade the package? >>> >>> >>> Run: >>> >>> portaudit -Fda >>> >>> Then try your upgrade again. >>> >>> -r >>> >>> >>>> >>>> # portupgrade curl-7.24.0_3 >>>> ---> Upgrading 'curl-7.24.0_3' to 'curl-7.24.0_4' (ftp/curl) >>>> ---> Building '/usr/ports/ftp/curl' >>>> ===> Cleaning for curl-7.24.0_4 >>>> ===> curl-7.24.0_4 has known vulnerabilities: >>>> Affected package: curl-7.24.0_4 >>>> Type of problem: cURL library -- heap corruption in curl_easy_unescape. >>>> Reference: >>>> http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html >>>> => Please update your ports tree and try again. >>>> *** [check-vulnerable] Error code 1 >>>> >>>> Stop in /usr/ports/ftp/curl. >>>> *** [build] Error code 1 >>>> >>>> Stop in /usr/ports/ftp/curl. >>>> ** Command failed [exit code 1]: /usr/bin/script -qa >>>> /tmp/portupgrade20130702-47232-1m2otkk env UPGRADE_TOOL=portupgrade >>>> UPGRADE_PORT=curl-7.24.0_3 UPGRADE_PORT_VER=7.24.0_3 make >>>> ** Fix the problem and try again. >>>> ** Listing the failed packages (-:ignored / *:skipped / !:failed) >>>> ! ftp/curl (curl-7.24.0_3) (unknown build error) >>>> >>>> Thanks in advance, >>>> >>>> >>>> Kojedzinszky Richard >>>> Euronet Magyarorszag Informatikai Zrt. >>>> _______________________________________________ >>>> [email protected] mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-security >>>> To unsubscribe, send any mail to >>>> "[email protected]" >>> >>> >>> -- >>> Ryan Steinmetz >>> PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2 >>> _______________________________________________ >>> [email protected] mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-security >>> To unsubscribe, send any mail to >>> "[email protected]" >>> >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "[email protected]" >_______________________________________________ >[email protected] mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "[email protected]" -- Ryan Steinmetz PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"