FreshPorts -- The Place For Ports If you buy from Amazon USA, please support us by using this link.
Follow us
Blog
Twitter

I am looking for an LTO tape library. Do you have one to spare?
Website Feedback
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 vuxml errors
Author: Dan 
Date:   09-05-07 21:39

I think FreshPorts has handled this vuln incorrectly:

f5e52bf5-fc77-11db-8163-000e0c2e438a

If you visit the vuxml page for FreshPorts: http://www.freshports.org/vuxml.php

And sort by package: http://www.freshports.org/vuxml.php?list

And click on PHP5: http://www.freshports.org/vuxml.php?vid=562a3fdf-16d6-11d9-bc4a-000c41e2cdad|7fcf1727-be71-11db-b2ec-000c6ec775d9|ad74a1bd-16d2-11d9-bc4a-000c41e2cdad|d47e9d19-5016-11d9-9b5f-0050569f0001|dd7aa4f1-102f-11d9-8a8a-000c41e2cdad|e329550b-54f7-11db-a5ae-00508d6a62df|ea09c5df-4362-11db-81e1-000e0c2e438a|edabe438-542f-11db-a5ae-00508d6a62df|edf61c61-0f07-11d9-8393-000103ccf9d6|f5e52bf5-fc77-11db-8163-000e0c2e438a

You can see that f5e52bf5-fc77-11db-8163-000e0c2e438a is listed. And that it affects php5 > 0. However, version 5.2.1_2 is not marked vulnerable. In fact, none of the versions have that vuln ID assigned to them.

Why?

I suspect FreshPorts is not handling the > 0 correctly. I'll look into this, after BSDCan/PGCon.

--
The Man Behind The Curtain

Reply To This Message
 
 Re: vuxml errors
Author: mazadillon 
Date:   19-05-07 10:03

Portaudit is also telling me of vulnerabilities in libpng that aren't showing up on the site. The php one is the main one though and it appears that no-one has upgraded the port to fix this, I don't know how to update ports myself so how can I persuade someone who does to do it? PHP is a pretty major port and I don't like having my system vulnerable!

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.


Servers and bandwidth provided by
New York Internet, SuperNews, and RootBSD
Valid HTML, CSS, and RSS.
Copyright © 2000-2014 Dan Langille. All rights reserved.