curl and CVE-2013-2174
Ryan Steinmetz
zi at FreeBSD.org
Wed Jul 3 03:19:21 UTC 2013
On (07/03/13 05:01), krichy at tvnetwork.hu wrote:
>Dear members,
>
>It may sound a silly question. I have curl installed:
># pkg_info |grep curl
>curl-7.24.0_3 Non-interactive tool to get files from FTP, GOPHER, HTTP(S)
>
>Today portsnap updated the ftp/curl port, and patch-CVE-2013-2174 appeared
>in files/, but the port version remained such that portaudit, and
>portupgrade still complain about curl's version. What is the recommended
>way to upgrade the package?
Run:
portaudit -Fda
Then try your upgrade again.
-r
>
># portupgrade curl-7.24.0_3
>---> Upgrading 'curl-7.24.0_3' to 'curl-7.24.0_4' (ftp/curl)
>---> Building '/usr/ports/ftp/curl'
>===> Cleaning for curl-7.24.0_4
>===> curl-7.24.0_4 has known vulnerabilities:
>Affected package: curl-7.24.0_4
>Type of problem: cURL library -- heap corruption in curl_easy_unescape.
>Reference:
>http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html
>=> Please update your ports tree and try again.
>*** [check-vulnerable] Error code 1
>
>Stop in /usr/ports/ftp/curl.
>*** [build] Error code 1
>
>Stop in /usr/ports/ftp/curl.
>** Command failed [exit code 1]: /usr/bin/script -qa
>/tmp/portupgrade20130702-47232-1m2otkk env UPGRADE_TOOL=portupgrade
>UPGRADE_PORT=curl-7.24.0_3 UPGRADE_PORT_VER=7.24.0_3 make
>** Fix the problem and try again.
>** Listing the failed packages (-:ignored / *:skipped / !:failed)
> ! ftp/curl (curl-7.24.0_3) (unknown build error)
>
>Thanks in advance,
>
>
>Kojedzinszky Richard
>Euronet Magyarorszag Informatikai Zrt.
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
--
Ryan Steinmetz
PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2
More information about the freebsd-security
mailing list