Updating bzip2 to remove potential security vulnerability
Bruce Cran
bruce at cran.org.uk
Fri Oct 1 22:16:21 UTC 2010
On Fri, 1 Oct 2010 17:49:29 -0400
Jerry <freebsd.user at seibercom.net> wrote:
> OK, I just updated my sources; however, this notation from the
> UPDATING file does NOT appear in the UPDATING file on my machine:
>
> 20100920: p1 FreeBSD-SA-10:08.bzip2
> Fix an integer overflow in RLE length parsing when
> decompressing corrupt bzip2 data.
>
> I am using this as the tag, which is probably incorrect.
>
> default release=cvs tag=RELENG_8
>
> This is the stock standard-supfile. The stock stable-supfile has the
> same tag.
>
Sorry, it seems stable/8 UPDATING hasn't been updated. Instead, check
that you have rev 1.1.1.5.2.1 of contrib/bzip2/decompress.c .
I guess that since -stable isn't a release branch that it
doesn't get security issues logged in UPDATING?
--
Bruce
More information about the freebsd-questions
mailing list