Bug 180215

Summary: After a portsnap fetch update, portupgrade of ftp/curl to 7.24.0.4 wont proceed due to a vulnerablity
Product: Ports & Packages Reporter: Charlie & <root>
Component: Individual Port(s)Assignee: Po-Chuan Hsieh <sunpoet>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Charlie & 2013-07-02 21:40:00 UTC 
amd am2 cpu raptor hd. This was a 7.x stable system till recently

How-To-Repeat: I have a newports script which does portsnap fetch update && portupgrade -aP --batch. I ran this, saw the issue, then ran and reproduced it again. The displayed message is ===>  curl-7.24.0_4 has known vulnerabilities:
Affected package: curl-7.24.0_4
Type of problem: cURL library -- heap corruption in curl_easy_unescape.
Reference: http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html
=> Please update your ports tree and try again.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-07-02 21:40:08 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->sunpoet

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Po-Chuan Hsieh freebsd_committer freebsd_triage 2013-07-11 17:42:28 UTC 
State Changed
From-To: open->feedback

ftp/curl has been updated to 7.31.0 (r322783). Please try again. Thanks.
Comment 3 Po-Chuan Hsieh freebsd_committer freebsd_triage 2013-08-28 17:25:41 UTC 
State Changed
From-To: feedback->closed

Submitter feedback timeout. Feel free to reopen PR if the problem 
persists.