misc/181384: /var/db/pkg/auditfile has a type for lcms2
Derek Schrock
dereks at lifeofadishwasher.com
Sun Aug 18 19:00:01 UTC 2013
>Number: 181384
>Category: misc
>Synopsis: /var/db/pkg/auditfile has a type for lcms2
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sun Aug 18 19:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Derek Schrock
>Release: FreeBSD 9.1-RELEASE-p5
>Organization:
>Environment:
>Description:
/var/db/pkg/auditfile has a typo for lcms2
$ grep ^lcms2 /var/db/pkg/auditfile
lcms2>0|http://portaudit.FreeBSD.org/9a0a892e-05d8-11e3-ba09-000c29784fd1.html|lcms2 -- Null Pointer Dereference Denial of Service Vulnerability
Unless I'm reading the bug incorrectly teh CVE was fixed in 2.5:
https://bugs.mageia.org/show_bug.cgi?id=10816
graphics/lcms2 is lcms 2.5
>How-To-Repeat:
Building from port fails:
$ sudo make -C /usr/ports/graphics/lcms2/
===> lcms2-2.5 has known vulnerabilities:
lcms2-2.5 is vulnerable:
lcms2 -- Null Pointer Dereference Denial of Service Vulnerability
WWW: http://portaudit.FreeBSD.org/9a0a892e-05d8-11e3-ba09-000c29784fd1.html
=> Please update your ports tree and try again.
*** [check-vulnerable] Error code 1
Stop in /usr/ports/graphics/lcms2.
*** [build] Error code 1
Stop in /usr/ports/graphics/lcms2.
>Fix:
Change /var/db/pkg/auditfile lcms2 entry to <2.5:
lcms2<2.5|http://portaudit.FreeBSD.org/9a0a892e-05d8-11e3-ba09-000c29784fd1.html|lcms2 -- Null Pointer Dereference Denial of Service Vulnerability
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list