Updating bzip2 to remove potential security vulnerability
bruce at cran.org.uk
Fri Oct 1 22:16:21 UTC 2010
On Fri, 1 Oct 2010 17:49:29 -0400
Jerry <freebsd.user at seibercom.net> wrote:
> OK, I just updated my sources; however, this notation from the
> UPDATING file does NOT appear in the UPDATING file on my machine:
> 20100920: p1 FreeBSD-SA-10:08.bzip2
> Fix an integer overflow in RLE length parsing when
> decompressing corrupt bzip2 data.
> I am using this as the tag, which is probably incorrect.
> default release=cvs tag=RELENG_8
> This is the stock standard-supfile. The stock stable-supfile has the
> same tag.
Sorry, it seems stable/8 UPDATING hasn't been updated. Instead, check
that you have rev 188.8.131.52.2.1 of contrib/bzip2/decompress.c .
I guess that since -stable isn't a release branch that it
doesn't get security issues logged in UPDATING?
More information about the freebsd-questions