security/gnutls update when...
Jason Hellenthal
jhellenthal at dataix.net
Sat Mar 24 19:30:54 UTC 2012
On Sat, Mar 24, 2012 at 01:52:45PM -0400, Ryan Steinmetz wrote:
> On (03/24/12 13:29), Jason Hellenthal wrote:
> >
> > Apparently this port has fell two versions behind. Is there anything
> > that is going to happen to update it to the current stable version ?
> >
> >
> > These advisories have been out for a week now. And the current version
> > is 2.12.18.
> >
> >
> > Database created: Sat Mar 24 13:15:03 EDT 2012
> > Affected package: gnutls-2.12.16
> > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability.
> > Reference:
> > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html
> >
> > Affected package: gnutls-2.12.16
> > Type of problem: gnutls -- possible overflow/Denial of service
> > vulnerabilities.
> > Reference:
> > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html
> >
> > 2 problem(s) in your installed packages found.
> >
> >
> >
> > --
> > ;s =;
>
> Jason,
>
> There is an update in progress (ports/166307). There is a shared
> library version bump that is part of the gnutls update and this requires
> a little extra scrutiny. This, combined with the upcoming 8.3 RELEASE
> is what is contributing to the delay.
>
Thanks Ryan. Not to sound hasty I realize the release is coming and
thought that to be most of the reason as well the shared bump, but I have
already had to deal with a few ramifications from rand(lusers);
I appreciate the feedback, it gives me at least something to work with.
Thanks again.
--
;s =;
More information about the freebsd-ports
mailing list