ports/115387: ports/lha-ac is affected CVE-2006-4335 and CVE-2006-4337.
Takamichi Tateoka
tate at tateoka.org
Fri Aug 10 17:30:02 UTC 2007
>Number: 115387
>Category: ports
>Synopsis: ports/lha-ac is affected CVE-2006-4335 and CVE-2006-4337.
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Aug 10 17:30:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Takamichi Tateoka
>Release: FreeBSD 6.2-RELEASE-p7 i386
>Organization:
private
>Environment:
System: FreeBSD leaf.mobile.tateoka.org 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #3: Thu Aug 2 11:28:17 JST 2007 tate at leaf.mobile.tateoka.org:/usr/src/sys/i386/compile/GENERIC i386
ports/lha-ac (lha-ac-1.14i_8)
>Description:
lha-ac-1.14i_8 uses lha-1.14i-ac20050924 distribution. However,
it has secrity problem described in CVE-2006-4335 and CVE-2006-4337.
It should use lha-1.14i-ac20050924p1, which fixed the problems.
You can see lha-1.14i-ac20050924 branch changelog on following URL:
http://cvs.sourceforge.jp/cgi-bin/viewcvs.cgi/lha/lha/src/maketbl.c?only_with_tag=ac-20050924-branch
>How-To-Repeat:
>Fix:
Update to lha-1.14i-ac20050924p1.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list