Lynx -vulnerabilities- is this permanent?
foxfair at drago.fomokka.net
Thu Apr 19 11:02:00 UTC 2007
Kris Kennaway wrote:
> On Thu, Apr 19, 2007 at 10:10:41AM +0800, Foxfair Hu wrote:
>> Lowell Gilbert wrote:
>>> David Southwell <david at vizion2000.net> writes:
>>>> portupgrade -a produces following output for lynx on cvsup from today.
>>>> freebsd 6.1
>>>> ---> Upgrading 'lynx-2.8.5_2' to 'lynx-2.8.6_4' (www/lynx)
>>>> ---> Building '/usr/ports/www/lynx'
>>>> ===> Cleaning for lynx-2.8.6_4
>>>> ===> lynx-2.8.6_4 has known vulnerabilities:
>>>> => lynx -- remote buffer overflow.
>>>> => Please update your ports tree and try again.
>>>> *** Error code 1
>>>> Stop in /usr/ports/www/lynx.
>>>> Any news or advice forthcoming?
>>> That doesn't *seem* to be applicable to the current version.
>>> It looks like a version-number parsing problem producing a false warning.
>>> I don't have access to my build machine to check more closely, though...
>> Definitely a false alert, lynx 2.8.5rel4 had fixed the problem, and it
>> was rev1.112 of Makefile
>> in www/lynx. If no one objects, I'll put this diff to prevent portaudit
>> send wrong warning again:
> Wrong fix, fix the vuxml instead of hacking around it.
vuxml -> security-team's baby.
More information about the freebsd-ports