|Summary:||update archivers/bzip2 to 1.0.6 to fix CVE-2010-0405|
|Product:||Ports & Packages||Reporter:||Eugene Grosbein <ports>|
|Component:||Individual Port(s)||Assignee:||Sunpoet Po-Chuan Hsieh <sunpoet>|
|Severity:||Affects Only Me|
Description Eugene Grosbein 2010-10-10 15:40:01 UTC
The port archivers/bzip2 still installs version 1.0.5 that's vulnerable to CVE-2010-0405. Let's move to 1.0.6 containing fix. How-To-Repeat: I still have some remote installations of FreeBSD 4.11-STABLE that run rock-stable. Some software (e.g. clamav antivirus) that link with libbz2 contain configure script that demonstrate segfaults if linked with version before 1.0.6
Comment 1 Edwin Groothuis 2010-10-10 15:40:07 UTC
Maintainer of archivers/bzip2, Please note that PR ports/151364 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/151364 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
Comment 2 Edwin Groothuis 2010-10-10 15:40:09 UTC
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Sunpoet Po-Chuan Hsieh 2010-10-11 01:57:46 UTC
Responsible Changed From-To: freebsd-ports-bugs->sunpoet I'll take it.
Comment 4 jharris 2010-10-23 20:01:49 UTC
On Sun, Oct 10, 2010 at 02:40:07PM +0000, Edwin Groothuis wrote: > Maintainer of archivers/bzip2, > > Please note that PR ports/151364 has just been submitted. > The full text of the PR can be found at: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/151364 Approved, thanks! -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? email@example.com _|_ Got photons? (TM), (C) 2004
Comment 5 dfilter service 2010-10-25 16:58:52 UTC
sunpoet 2010-10-25 15:58:47 UTC FreeBSD ports repository Modified files: archivers/bzip2 Makefile distinfo Log: - Update to 1.0.6 PR: ports/151364 Security: CVE-2010-0405 Submitted by: Eugene Grosbein <firstname.lastname@example.org> Approved by: Jason Harris <email@example.com> (maintainer), pgollucci (mentor, implicit) Revision Changes Path 1.44 +1 -1 ports/archivers/bzip2/Makefile 1.16 +3 -3 ports/archivers/bzip2/distinfo _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "email@example.com"
Comment 6 Sunpoet Po-Chuan Hsieh 2010-10-25 16:58:58 UTC
State Changed From-To: feedback->closed Committed. Thanks!