Lynx -vulnerabilities- is this permanent?
kris at obsecurity.org
Thu Apr 19 03:49:08 UTC 2007
On Thu, Apr 19, 2007 at 10:10:41AM +0800, Foxfair Hu wrote:
> Lowell Gilbert wrote:
> > David Southwell <david at vizion2000.net> writes:
> >> portupgrade -a produces following output for lynx on cvsup from today.
> >> freebsd 6.1
> >> -----------------------------------------
> >> ---> Upgrading 'lynx-2.8.5_2' to 'lynx-2.8.6_4' (www/lynx)
> >> ---> Building '/usr/ports/www/lynx'
> >> ===> Cleaning for lynx-2.8.6_4
> >> ===> lynx-2.8.6_4 has known vulnerabilities:
> >> => lynx -- remote buffer overflow.
> >> Reference:
> >> <http://www.FreeBSD.org/ports/portaudit/c01170bf-4990-11da-a1b8-000854d03344.html>
> >> => Please update your ports tree and try again.
> >> *** Error code 1
> >> Stop in /usr/ports/www/lynx.
> >> Any news or advice forthcoming?
> > That doesn't *seem* to be applicable to the current version.
> > It looks like a version-number parsing problem producing a false warning.
> > I don't have access to my build machine to check more closely, though...
> > .
> Definitely a false alert, lynx 2.8.5rel4 had fixed the problem, and it
> was rev1.112 of Makefile
> in www/lynx. If no one objects, I'll put this diff to prevent portaudit
> send wrong warning again:
Wrong fix, fix the vuxml instead of hacking around it.
More information about the freebsd-ports