cups-base-1.3.3_2 issues--
Andrew Daugherity
ADaugherity at vprmail.tamu.edu
Wed Nov 14 14:10:20 PST 2007
>>> On 11/14/2007 at 6:49 AM, in message
<200711140449.49001.david at vizion2000.net>, David
Southwell<david at vizion2000.net> wrote:
> ##Can anyone please advise best course of action???
> ##System is AMD 64
>
> ##This is based upon an uptodate cvsup of ports all
>
> ---> Upgrading 'cups-base-1.3.3' to 'cups-base-1.3.3_2'
(print/cups-base)
> ---> Building '/usr/ports/print/cups-base'
> ===> Cleaning for cups-base-1.3.3_2
> ===> cups-base-1.3.3_2 has known vulnerabilities:
> => xpdf -- multiple remote Stream.CC vulnerabilities.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/2747fc39-915b-11dc-9239-001c251
> 4716c.html>
> => Please update your ports tree and try again.
> *** Error code 1
cups-base was patched for this vulnerability (with version 1.3.3_2), but the
change to the vulnerabilities file erroneously has it marked as cups-base >
1.3.3_2, instead of cups-base < 1.3.3_2:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/vuln.xml?r1=1.148
1
(It was previously listed as cups-base > 0, i.e. all versions of cups-base
were vulnerable.)
Hopefully someone with the commit bit will see this and fix it.
-Andrew
More information about the freebsd-ports
mailing list