freebsd-security Digest, Vol 270, Issue 1

Tue Oct 21 12:36:05 UTC 2008

Send freebsd-security mailing list submissions to
	freebsd-security at freebsd.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.freebsd.org/mailman/listinfo/freebsd-security
or, via email, send a message with subject or body 'help' to
	freebsd-security-request at freebsd.org

You can reach the person managing the list at
	freebsd-security-owner at freebsd.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of freebsd-security digest..."

Today's Topics:

   1. Secure libxml2? (Gunther Mayer)
   2. Re: Secure libxml2? (Dag-Erling Sm?rgrav)

----------------------------------------------------------------------

Message: 1
Date: Mon, 20 Oct 2008 13:22:20 +0200
From: Gunther Mayer <gunther.mayer at googlemail.com>
Subject: Secure libxml2?
To: freebsd-security at freebsd.org
Message-ID: <48FC69EC.9000609 at gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hi there,

We're using libxml2 and the version in ports (2.6.x) currently suffers 
from a rather serious security vulnerability already posted last Friday:

http://www.freebsd.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html 

Yet there's no libxml2-2.7.x in ports as required by the above notice. 
So there's no solution other than compiling an up-to-date one by hand 
and that opens up a whole different can of worms regarding dependencies.

I emailed the official maintainer (gnome at freebsd.org) but am not holding 
my breath, chances are they won't even see my mail amongst all the spam 
they must be getting. So I'm wondering does anybody know what's going on 
or what I could do to get my systems secure?

Regards,

Gunther

------------------------------

Message: 2
Date: Mon, 20 Oct 2008 14:57:10 +0200
From: Dag-Erling Sm?rgrav <des at des.no>
Subject: Re: Secure libxml2?
To: Gunther Mayer <gunther.mayer at googlemail.com>
Cc: freebsd-security at freebsd.org
Message-ID: <861vybifvd.fsf at ds4.des.no>
Content-Type: text/plain; charset=utf-8

Gunther Mayer <gunther.mayer at googlemail.com> writes:
> I emailed the official maintainer (gnome at freebsd.org) but am not
> holding my breath, chances are they won't even see my mail amongst all
> the spam they must be getting. So I'm wondering does anybody know
> what's going on or what I could do to get my systems secure?

Actually, gnome at freebsd.org is a mailing list (freebsd-gnome) that gets
very little spam.  Feel free to subscribe and / or peruse the archive.
In the meantime, there is a PR (ports/127661) with a patch that you
might try.

DES
-- 
Dag-Erling SmÃ¸rgrav - des at des.no

------------------------------

_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

End of freebsd-security Digest, Vol 270, Issue 1
************************************************