Is there a way to do something similar with portmaster? I don't have portaudit installed b/c pkgng provides the same functionality. I'm getting the following error: ===> curl-7.24.0_4 has known vulnerabilities: curl-7.24.0_4 is vulnerable: cURL library -- heap corruption in curl_easy_unescape WWW: http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html => Please update your ports tree and try again. *** [check-vulnerable] Error code 1 On Tue, Jul 2, 2013 at 11:37 PM, <[email protected]> wrote: > > Thanks, I should have tried that. > > > > Kojedzinszky Richard > Euronet Magyarorszag Informatikai Zrt. > > On Tue, 2 Jul 2013, Ryan Steinmetz wrote: > >> Date: Tue, 2 Jul 2013 23:19:11 -0400 >> From: Ryan Steinmetz <[email protected]> >> To: [email protected] >> Cc: [email protected] >> Subject: Re: curl and CVE-2013-2174 >> >> >> >> On (07/03/13 05:01), [email protected] wrote: >>> >>> Dear members, >>> >>> It may sound a silly question. I have curl installed: >>> # pkg_info |grep curl >>> curl-7.24.0_3 Non-interactive tool to get files from FTP, GOPHER, >>> HTTP(S) >>> >>> Today portsnap updated the ftp/curl port, and patch-CVE-2013-2174 >>> appeared >>> in files/, but the port version remained such that portaudit, and >>> portupgrade still complain about curl's version. What is the recommended >>> way to upgrade the package? >> >> >> Run: >> >> portaudit -Fda >> >> Then try your upgrade again. >> >> -r >> >> >>> >>> # portupgrade curl-7.24.0_3 >>> ---> Upgrading 'curl-7.24.0_3' to 'curl-7.24.0_4' (ftp/curl) >>> ---> Building '/usr/ports/ftp/curl' >>> ===> Cleaning for curl-7.24.0_4 >>> ===> curl-7.24.0_4 has known vulnerabilities: >>> Affected package: curl-7.24.0_4 >>> Type of problem: cURL library -- heap corruption in curl_easy_unescape. >>> Reference: >>> http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html >>> => Please update your ports tree and try again. >>> *** [check-vulnerable] Error code 1 >>> >>> Stop in /usr/ports/ftp/curl. >>> *** [build] Error code 1 >>> >>> Stop in /usr/ports/ftp/curl. >>> ** Command failed [exit code 1]: /usr/bin/script -qa >>> /tmp/portupgrade20130702-47232-1m2otkk env UPGRADE_TOOL=portupgrade >>> UPGRADE_PORT=curl-7.24.0_3 UPGRADE_PORT_VER=7.24.0_3 make >>> ** Fix the problem and try again. >>> ** Listing the failed packages (-:ignored / *:skipped / !:failed) >>> ! ftp/curl (curl-7.24.0_3) (unknown build error) >>> >>> Thanks in advance, >>> >>> >>> Kojedzinszky Richard >>> Euronet Magyarorszag Informatikai Zrt. >>> _______________________________________________ >>> [email protected] mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-security >>> To unsubscribe, send any mail to >>> "[email protected]" >> >> >> -- >> Ryan Steinmetz >> PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2 >> _______________________________________________ >> [email protected] mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to >> "[email protected]" >> > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"