error: libxml2-2.6.32_1 has known vulnerabilities

matt donovan kitchetech at gmail.com
Thu Oct 30 10:46:50 PDT 2008 

On Thu, Oct 30, 2008 at 1:06 PM, Kevin Oberman <oberman at es.net> wrote:

> > Date: Thu, 30 Oct 2008 12:51:09 -0400
> > From: "matt donovan" <kitchetech at gmail.com>
> >
> > On Thu, Oct 30, 2008 at 12:04 PM, Kevin Oberman <oberman at es.net> wrote:
> >
> > > > Date: Wed, 29 Oct 2008 22:49:11 -0400
> > > > From: "Guoqin Ren" <renguoqin at gmail.com>
> > > > Sender: owner-freebsd-gnome at freebsd.org
> > > >
> > > > Hi,
> > > >
> > > >  I try to install libxml2, but get the following error message:
> > > >
> > > > cd /usr/ports/textproc/libxml2/ && make install clean
> > > > ===>  libxml2-2.6.32_1 has known vulnerabilities:
> > > > => libxml2 -- two vulnerabilities.
> > > >    Reference: <
> > > >
> > >
> http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html
> > > > >
> > > > => Please update your ports tree and try again.
> > > > *** Error code 1
> > > >
> > > > Stop in /usr/ports/textproc/libxml2.
> > > > _______________________________________________
> > > > freebsd-gnome at freebsd.org mailing list
> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-gnome
> > > > To unsubscribe, send any mail to "
> freebsd-gnome-unsubscribe at freebsd.org"
> > > >
> > >
> > > Update your vulnerability data:
> > > portaudit -F
> > > --
> > > R. Kevin Oberman, Network Engineer
> > > Energy Sciences Network (ESnet)
> > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > > E-mail: oberman at es.net                  Phone: +1 510 486-8634
> > > Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
> >
> >
> > it will still show as vulnerability since I updated my database before,
> you
> > either have to wait for 2.7 in ports to come out or man ports, search for
> > DISABLE_VULNERABILITIES
> >
>
> You are incorrect. From the latest database (and it's been there since
> the day after the fix was committed:
> libxml2<2.6.32_1|
> http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html|libxml2<http://www.FreeBSD.org/ports/portaudit/d71da236-9a94-11dd-8f42-001c2514716c.html%7Clibxml2>-- two vulnerabilities.
>
> Note the "<2.6.32_1". That means that all versions PRIOR to the listed
> version are vulnerable. And, I can confirm that I have not had any
> problems installing libxml2 since the database was updated.
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman at es.net                  Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
>

I have but then again I m using libxml 2.7.2 anyways now

More information about the freebsd-gnome mailing list