Despite having recently upgraded irc/inspircd from 2.0.5_1 to 2.0.5_2, i.e. port revision 2, portaudit -Fda keeps complaining about the need for further upgrades of irc/inspircd. Example: root@enterprise:~>portaudit -Fda auditfile.tbz 100% of 77 kB 40 kBps New database installed. Database created: Sat 16 Jun 2012 13:15:04 CEST Affected package: inspircd-2.0.5_2 Type of problem: inspircd -- buffer overflow. Reference: http://portaudit.FreeBSD.org/f5f00804-a03b-11e1-a284-0023ae8e59f0.html 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. root@enterprise:~>pkg_version -ov | grep inspircd irc/inspircd = up-to-date with port End example. According to http://portaudit.FreeBSD.org/f5f00804-a03b-11e1-a284-0023ae8e59f0.html, the DNS buffer overflow is only present in versions less than 2.0.5. I.e. 2.0.5_1, 2.0.5_2, 2.0.5_whatever should be unaffected by this definition. I had the same issue with databases/postgresql91-server back in May 2012. portaudit was unable to differenciate between postgresql-server-9.1.3 and postgresql-server-9.1.3_1. The ports infrastructure refused me to upgrade irc/inspircd from 2.0.5_1 to 2.0.5_2. I actually had to forcefully upgrade irc/inspircd using these commands: setenv DISABLE_VULNERABILITIES yes portupgrade -fprv irc/inspircd The same was true when upgrading from 2.0.5 to 2.0.5_1. The same steps were necessary for postgresql-server-9.1.3 back in May. Fix: 1. Forcefully upgrade affected ports, i.e. setenv DISABLE_VULNERABILITIES yes. 2. Keep in mind which ports are in fact upgraded to their latest available version/port revision, despite whatever portaudit tells you. The latter is clearly unacceptable. How-To-Repeat: 1. Refresh the ports hierarchy. 2. Ensure ports-mgmt/portaudit is installed. 3. Run portaudit -Fda. 4. Attempt upgrade or fresh installation of irc/inspircd.
Responsible Changed From-To: freebsd-ports-bugs->jgh jgh, you were the last one to work on the vuxml entry for this port -- can you take a look to see what's going on? Thanks.
jgh 2012-06-22 05:42:13 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - fix range for f5f00804-a03b-11e1-a284-0023ae8e59f0 - add url - adjust modified accordingly PR: ports/169152 Submitted by: Trond.Endrestol@ximalas.info Revision Changes Path 1.2743 +5 -4 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!