FreeBSD Port: png-1.2.22
freebsd.lists at fsck.ch
Sun Oct 14 07:29:06 PDT 2007
L. Derksen wrote:
> I did get a message from portaudit that my 'png-1.2.18'-package was a
> security risk. So I updated my portstree with 'portsnap fetch update',
> deleted the png-package (make deinstall) and then tried to install the
> current png-package (1.2.22). Now the tree gives me the message:
> ===> png-1.2.18 has known vulnerabilities:
> => png -- multiple vulnerabilities.
> => Please update your ports tree and try again.
> *** Error code 1
> Why is my ports tree not up to date with png-1.2.22? When i do a
> 'portsnap fetch update' it gives me that my tree is up to date.
The portsnap server hardware is experiencing problems at the moment,
this is being worked on.
I figured since the png vulnerability is only DoS, and not code
execution, I'll just wait until the hardware is fixed. If you don't want
to wait, I suggest you get the update manually via cvs:
CVSROOT="anoncvs at anoncvs1.FreeBSD.org:/home/ncvs" cvs co png
More information about the freebsd-ports