ports/129097: [vuxml] print/hplip: document CVE-2008-2940 and
CVE-2008-2941
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Sun Nov 23 22:45:58 PST 2008
Anish, good day.
Sun, Nov 23, 2008 at 02:46:26PM -0500, Anish Mistry wrote:
> On Sunday 23 November 2008, Eygene Ryabinkin wrote:
> > >Number: 129097
> > >Category: ports
> > >Synopsis: [vuxml] print/hplip: document CVE-2008-2940 and
> > > CVE-2008-2941 Confidential: no
> > >Severity: serious
> > >Priority: high
> > >Responsible: freebsd-ports-bugs
> > >State: open
> > >Quarter:
> > >Keywords:
> > >Date-Required:
> > >Class: sw-bug
> > >Submitter-Id: current-users
> > >Arrival-Date: Sun Nov 23 18:50:00 UTC 2008
> > >Closed-Date:
> > >Last-Modified:
> > >Originator: Eygene Ryabinkin
> > >Release: FreeBSD 7.1-PRERELEASE i386
> > >Organization:
>
> Commit it.
That's fine, thanks. But yesterday I had sent a patch that fixes the
vulnerabilities for 2.8.2. What do you think about it? Could you test
the patch? The VuXML entry details depend on this: I wrote that
hplip >= 2.8.4 aren't vulnerable, but if you'll approve the patch that
upgrades to 2.8.2_3, then VuXML entry should be corrected.
Thanks again!
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20081124/fda90481/attachment.pgp
More information about the freebsd-security
mailing list