libsoup-2.52.2_1 still listed as vulnerable
Kevin Oberman
rkoberman at gmail.com
Tue Aug 22 20:11:15 UTC 2017
On Mon, Aug 21, 2017 at 3:02 PM, Rob Belics <robbelics at gmail.com> wrote:
> I don't see in bugzilla where this port is vulnerable yet, when I update
> ports and build it, it complains thus:
>
> ===> Cleaning for libsoup-2.52.2_1
> ===> libsoup-2.52.2_1 has known vulnerabilities:
> libsoup-2.52.2_1 is vulnerable:
> libsoup -- stack based buffer overflow
> CVE: CVE-2017-2885
> WWW:
> https://vuxml.FreeBSD.org/freebsd/8e7bbddd-8338-11e7-
> 867f-b499baebfeaf.html
>
> 1 problem(s) in the installed packages found.
> => Please update your ports tree and try again.
> => Note: Vulnerable ports are marked as such even if there is no update
> available.
> => If you wish to ignore this vulnerability rebuild with 'make
> DISABLE_VULNERABILITIES=yes'
> *** Error code 1
>
> Stop.
> make: stopped in /usr/ports/devel/libsoup
>
> ===>>> make build failed for devel/libsoup
> ===>>> Aborting update
>
> ===>>> Update for libsoup-2.52.2 failed
> ===>>> Aborting update
>
> I wasn't sure if I should post this as a bug or email you. Or am I looking
> t this wrong?
>
> Thanks,
> Rob
> _______________________________________________
> freebsd-gnome at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-gnome
> To unsubscribe, send any mail to "freebsd-gnome-unsubscribe at freebsd.org"
>
Your ports tree is out of date. libsoup is no longer vulnerable with
libsoup-2.52.2_1. Use the "pkg audit" command to check the status of
vulnerabilities. Use -F to fetch the latest data.
pkg audit -F libsoup-2.52.2
vulnxml file up-to-date
libsoup-2.52.2 is vulnerable:
libsoup -- stack based buffer overflow
CVE: CVE-2017-2885
WWW:
https://vuxml.FreeBSD.org/freebsd/8e7bbddd-8338-11e7-867f-b499baebfeaf.html
1 problem(s) in the installed packages found.
Exit 1
rogue# pkg audit -F libsoup-2.52.2_1
vulnxml file up-to-date
0 problem(s) in the installed packages found.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
More information about the freebsd-gnome
mailing list