curl fails to upgrade on 9.1-RELEASE-p3 but succeeds on 8.3

Jason Helfman jgh at FreeBSD.org
Wed Jul 3 06:47:23 UTC 2013


On Tue, Jul 2, 2013 at 10:56 PM, Leslie Jensen <leslie at eskk.nu> wrote:

>
>
> ===>  Cleaning for curl-7.24.0_4
> ===>  curl-7.24.0_4 has known vulnerabilities:
> curl-7.24.0_4 is vulnerable:
> cURL library -- heap corruption in curl_easy_unescape
>
> WWW: http://portaudit.FreeBSD.org/**01cf67b3-dc3b-11e2-a6cd-**
> c48508086173.html<http://portaudit.FreeBSD.org/01cf67b3-dc3b-11e2-a6cd-c48508086173.html>
> => Please update your ports tree and try again.
> *** [check-vulnerable] Error code 1
>
> Stop in /usr/ports/ftp/curl.
> *** [build] Error code 1
>
> Stop in /usr/ports/ftp/curl.
>
> ===>>> make failed for ftp/curl
> ===>>> Aborting update
>
> ===>>> Update for ftp/curl failed
> ===>>> Aborting update
>
> ===>>> Killing background jobs
>
>
> I've done this upgrade on a 8.3 system without problems, but it stops on
> my 9.1 laptop. Ports tree is updated.
>
> /Leslie
> ______________________________**_________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-ports<http://lists.freebsd.org/mailman/listinfo/freebsd-ports>
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@**freebsd.org<freebsd-ports-unsubscribe at freebsd.org>
> "
>

Thanks for the report.

Is your pkgaudit db up-to-date?

I am able to update curl on 9.1.

-jgh

--
Jason Helfman          | FreeBSD Committer
jgh at FreeBSD.org     | http://people.freebsd.org/~jgh  | The Power to Serve


More information about the freebsd-ports mailing list