FreeBSD Port: compat3x-i386-5.0.20020925
Chuck Swiger
cswiger at mac.com
Sun Jan 16 08:32:35 PST 2005
Daniel S. Haischt wrote:
> jdk1.2 depends on jdk11 which depends on
> compat3x-i386-5.0.20020925. The latter port
> is marked as FORBIDDEN because of ...
>
> * FreeBSD-SA-03:05.xdr
> * FreeBSD-SA-03:08.realpath
>
> Are those vulnerabilities fixed in 5.3-STABLE,
> or do I still have to patch the system's source
> tree to be able to install the just mentioned ports?
Yes, those vulnerabilities are fixed in FreeBSD 5.3, but the fixes were not
ported all the way back to FreeBSD 3, and probably never will be. Program
binaries which depend on compat3x are still vulnerable, though they would not
be if they were recompiled for a newer version of FreeBSD.
Thus the port is FORBIDDEN.
--
-Chuck
More information about the freebsd-ports
mailing list