Lynx -vulnerabilities- is this permanent?

Thu Apr 19 14:38:36 UTC 2007

On Thursday 19 April 2007 04:01:39 Foxfair Hu wrote:
> Kris Kennaway wrote:
> > On Thu, Apr 19, 2007 at 10:10:41AM +0800, Foxfair Hu wrote:
> >> Lowell Gilbert wrote:
> >>> David Southwell <david at vizion2000.net> writes:
> >>>> portupgrade -a produces following output for lynx on cvsup from today.
> >>>> freebsd 6.1
> >>>> -----------------------------------------
> >>>> --->  Upgrading 'lynx-2.8.5_2' to 'lynx-2.8.6_4' (www/lynx)
> >>>> --->  Building '/usr/ports/www/lynx'
> >>>> ===>  Cleaning for lynx-2.8.6_4
> >>>> ===>  lynx-2.8.6_4 has known vulnerabilities:
> >>>> => lynx -- remote buffer overflow.
> >>>>    Reference:
> >>>> <http://www.FreeBSD.org/ports/portaudit/c01170bf-4990-11da-a1b8-000854
> >>>>d03344.html> => Please update your ports tree and try again.
> >>>> *** Error code 1
> >>>>
> >>>> Stop in /usr/ports/www/lynx.
> >>>>
> >>>> Any news or advice forthcoming?
> >>>
> >>> That doesn't *seem* to be applicable to the current version.
> >>> It looks like a version-number parsing problem producing a false
> >>> warning. I don't have access to my build machine to check more closely,
> >>> though...
> >>>
> >>> .
> >>
> >> Definitely a false alert, lynx 2.8.5rel4 had fixed the problem, and it
> >> was rev1.112 of Makefile
> >> in www/lynx. If no one objects, I'll put this diff to prevent portaudit
> >> send wrong warning again:
> >
> > Wrong fix, fix the vuxml instead of hacking around it.
> >
> > Kris
> >
> > .
>
> vuxml -> security-team's baby.
> Cc added.
>
> foxfair
>
>
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"

OK -- does anyone have any idea when this might be fixed?

Not pushing - just wanting to know.
Did a cvsup just now but still not fixed .
Thanks for your help - it appreciated

david