curl -- authentication buffer overflow vulnerability.

daniel quinn freebsd at
Tue Mar 1 21:51:46 GMT 2005

i ran my daily portaudit today and got the following:

Affected package: curl-7.12.3_2
Type of problem: curl -- authentication buffer overflow vulnerability.

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

so i ran:

  # cvsup ports-all

...and watched it refresh the tree.  then i ran:

  # portupgrade curl

and nothing happened.  i went looking around and found that the port hasn't 
been updated:

so my question is:  "is this normal"?  i'm new to freebsd (formerly gentoo 
linux) and i'm not used to security warnings that can't be fixed right away.  
curl's website tells me that version 7.13.1 is available, so i'm thinking 
this is isolated to freebsd.  should i be emailing the maintainer?  isn't 
that rude?  what are my options here?

what a country calls its vital economic interests are not the things which 
enable its citizens to live, but the things which enable it to make war.  
petrol is much more likely than wheat to be a cause of international 
  - simone weil,  the need for roots (1949)

More information about the freebsd-ports mailing list