error: libxml2-2.6.32_1 has known vulnerabilities

Kevin Oberman oberman at es.net
Thu Oct 30 10:06:53 PDT 2008 

> Date: Thu, 30 Oct 2008 12:51:09 -0400
> From: "matt donovan" <kitchetech at gmail.com>
> 
> On Thu, Oct 30, 2008 at 12:04 PM, Kevin Oberman <oberman at es.net> wrote:
> 
> > > Date: Wed, 29 Oct 2008 22:49:11 -0400
> > > From: "Guoqin Ren" <renguoqin at gmail.com>
> > > Sender: owner-freebsd-gnome at freebsd.org
> > >
> > > Hi,
> > >
> > >  I try to install libxml2, but get the following error message:
> > >
> > > cd /usr/ports/textproc/libxml2/ && make install clean
> > > ===>  libxml2-2.6.32_1 has known vulnerabilities:
> > > => libxml2 -- two vulnerabilities.
> > >    Reference: <
> > >
> > http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html
> > > >
> > > => Please update your ports tree and try again.
> > > *** Error code 1
> > >
> > > Stop in /usr/ports/textproc/libxml2.
> > > _______________________________________________
> > > freebsd-gnome at freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-gnome
> > > To unsubscribe, send any mail to "freebsd-gnome-unsubscribe at freebsd.org"
> > >
> >
> > Update your vulnerability data:
> > portaudit -F
> > --
> > R. Kevin Oberman, Network Engineer
> > Energy Sciences Network (ESnet)
> > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > E-mail: oberman at es.net                  Phone: +1 510 486-8634
> > Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
> 
> 
> it will still show as vulnerability since I updated my database before, you
> either have to wait for 2.7 in ports to come out or man ports, search for
> DISABLE_VULNERABILITIES
> 

You are incorrect. From the latest database (and it's been there since
the day after the fix was committed:
libxml2<2.6.32_1|http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html|libxml2 -- two vulnerabilities.

Note the "<2.6.32_1". That means that all versions PRIOR to the listed
version are vulnerable. And, I can confirm that I have not had any
problems installing libxml2 since the database was updated.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-gnome/attachments/20081030/3adabde1/attachment.pgp

More information about the freebsd-gnome mailing list