Lynx -vulnerabilities- is this permanent?
Foxfair Hu
foxfair at drago.fomokka.net
Thu Apr 19 11:02:00 UTC 2007
Kris Kennaway wrote:
> On Thu, Apr 19, 2007 at 10:10:41AM +0800, Foxfair Hu wrote:
>> Lowell Gilbert wrote:
>>> David Southwell <david at vizion2000.net> writes:
>>>
>>>> portupgrade -a produces following output for lynx on cvsup from today.
>>>> freebsd 6.1
>>>> -----------------------------------------
>>>> ---> Upgrading 'lynx-2.8.5_2' to 'lynx-2.8.6_4' (www/lynx)
>>>> ---> Building '/usr/ports/www/lynx'
>>>> ===> Cleaning for lynx-2.8.6_4
>>>> ===> lynx-2.8.6_4 has known vulnerabilities:
>>>> => lynx -- remote buffer overflow.
>>>> Reference:
>>>> <http://www.FreeBSD.org/ports/portaudit/c01170bf-4990-11da-a1b8-000854d03344.html>
>>>> => Please update your ports tree and try again.
>>>> *** Error code 1
>>>>
>>>> Stop in /usr/ports/www/lynx.
>>>>
>>>> Any news or advice forthcoming?
>>> That doesn't *seem* to be applicable to the current version.
>>> It looks like a version-number parsing problem producing a false warning.
>>> I don't have access to my build machine to check more closely, though...
>>>
>>> .
>>>
>> Definitely a false alert, lynx 2.8.5rel4 had fixed the problem, and it
>> was rev1.112 of Makefile
>> in www/lynx. If no one objects, I'll put this diff to prevent portaudit
>> send wrong warning again:
>
> Wrong fix, fix the vuxml instead of hacking around it.
>
> Kris
>
> .
>
vuxml -> security-team's baby.
Cc added.
foxfair
More information about the freebsd-ports
mailing list