security/gnutls update when...
Roman Bogorodskiy
novel at FreeBSD.org
Sat Mar 24 19:41:34 UTC 2012
Kevin Oberman wrote:
> On Sat, Mar 24, 2012 at 10:29 AM, Jason Hellenthal
> <jhellenthal at dataix.net> wrote:
> >
> > Apparently this port has fell two versions behind. Is there anything
> > that is going to happen to update it to the current stable version ?
> >
> >
> > These advisories have been out for a week now. And the current version
> > is 2.12.18.
> >
> >
> > Database created: Sat Mar 24 13:15:03 EDT 2012
> > Affected package: gnutls-2.12.16
> > Type of problem: libtasn1 -- ASN.1 length decoding vulnerability.
> > Reference:
> > http://portaudit.FreeBSD.org/2e7e9072-73a0-11e1-a883-001cc0a36e12.html
> >
> > Affected package: gnutls-2.12.16
> > Type of problem: gnutls -- possible overflow/Denial of service
> > vulnerabilities.
> > Reference:
> > http://portaudit.FreeBSD.org/aecee357-739e-11e1-a883-001cc0a36e12.html
> >
> > 2 problem(s) in your installed packages found.
> >
> >
> >
> > --
> > ;s =;
>
> Note that one of these problems is with libtasn1 and is not a gnutls
> problems at all. So updating libtasn1actually fixes this one, although
> the other does require an update to a version of gnutls that has yet
> to be ported.
There's a vulnerability in gnutls also:
http://www.gnu.org/software/gnutls/security.html
Mu Dynamics released an advisory for both libtasn1 and gnutls:
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959
gnutls one is tagged MU-201202-01 and libtasn1 on is MU-201202-02.
Roman Bogorodskiy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20120324/b8efb1dc/attachment.pgp
More information about the freebsd-ports
mailing list