curl -- authentication buffer overflow vulnerability.
daniel quinn
freebsd at danielquinn.org
Tue Mar 1 21:51:46 GMT 2005
i ran my daily portaudit today and got the following:
portaudit
Affected package: curl-7.12.3_2
Type of problem: curl -- authentication buffer overflow vulnerability.
Reference:
<http://www.FreeBSD.org/ports/portaudit/96df5fd0-8900-11d9-aa18-0001020eed82.html>
1 problem(s) in your installed packages found.
You are advised to update or deinstall the affected package(s) immediately.
so i ran:
# cvsup ports-all
...and watched it refresh the tree. then i ran:
# portupgrade curl
and nothing happened. i went looking around and found that the port hasn't
been updated:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/ftp/curl/
so my question is: "is this normal"? i'm new to freebsd (formerly gentoo
linux) and i'm not used to security warnings that can't be fixed right away.
curl's website tells me that version 7.13.1 is available, so i'm thinking
this is isolated to freebsd. should i be emailing the maintainer? isn't
that rude? what are my options here?
--
what a country calls its vital economic interests are not the things which
enable its citizens to live, but the things which enable it to make war.
petrol is much more likely than wheat to be a cause of international
conflict.
- simone weil, the need for roots (1949)
More information about the freebsd-ports
mailing list