The port archivers/bzip2 still installs version 1.0.5
that's vulnerable to CVE-2010-0405. Let's move to 1.0.6 containing fix.
How-To-Repeat: I still have some remote installations of FreeBSD 4.11-STABLE
that run rock-stable. Some software (e.g. clamav antivirus) that
link with libbz2 contain configure script that demonstrate
segfaults if linked with version before 1.0.6
Maintainer of archivers/bzip2,
Please note that PR ports/151364 has just been submitted.
If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.
The full text of the PR can be found at:
Edwin Groothuis via the GNATS Auto Assign Tool
Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
I'll take it.
On Sun, Oct 10, 2010 at 02:40:07PM +0000, Edwin Groothuis wrote:
> Maintainer of archivers/bzip2,
> Please note that PR ports/151364 has just been submitted.
> The full text of the PR can be found at:
Jason Harris | PGP: This _is_ PGP-signed, isn't it?
email@example.com _|_ Got photons? (TM), (C) 2004
sunpoet 2010-10-25 15:58:47 UTC
FreeBSD ports repository
archivers/bzip2 Makefile distinfo
- Update to 1.0.6
Submitted by: Eugene Grosbein <firstname.lastname@example.org>
Approved by: Jason Harris <email@example.com> (maintainer), pgollucci (mentor, implicit)
Revision Changes Path
1.44 +1 -1 ports/archivers/bzip2/Makefile
1.16 +3 -3 ports/archivers/bzip2/distinfo
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"