Security updates

Need support for GhostBSD. Ask here if your question does not fit elsewhere.
Post Reply
zau
Posts: 5
Joined: Mon Apr 20, 2020 1:46 pm
Has thanked: 0
Been thanked: 0

Security updates

Post by zau »

I ran:
pkg audit -F
Fetching vuln.xml.bz2: 100% 848 KiB 868.5kB/s 00:01
python27-2.7.17_1 is vulnerable:
Python -- Regular Expression DoS attack against client
CVE: CVE-2020-8492
WWW: https://vuxml.FreeBSD.org/freebsd/a27b0 ... 117d8.html

python27-2.7.17_1 is vulnerable:
Python -- CRLF injection via the host part of the url passed to urlopen()
CVE: CVE-2019-18348
WWW: https://vuxml.FreeBSD.org/freebsd/ca595 ... 46a02.html

samba410-4.10.14 is vulnerable:
samba -- multiple vulnerabilities
CVE: CVE-2020-10704
CVE: CVE-2020-10700
WWW: https://vuxml.FreeBSD.org/freebsd/3c791 ... 311d1.html

vlc-3.0.8_21,4 is vulnerable:
vlc -- Multiple vulnerabilities fixed in VLC media player
WWW: https://vuxml.FreeBSD.org/freebsd/4a109 ... a8bf9.html

json-c-0.13.1_1 is vulnerable:
json-c -- integer overflow and out-of-bounds write via a large JSON file
CVE: CVE-2020-12762
WWW: https://vuxml.FreeBSD.org/freebsd/abc3e ... 1abf4.html

mysql57-client-5.7.29_1 is vulnerable:
MySQL Client -- Multiple vulerabilities
CVE: CVE-2020-2933
CVE: CVE-2020-2922
CVE: CVE-2020-2875
CVE: CVE-2020-2934
CVE: CVE-2020-2752
WWW: https://vuxml.FreeBSD.org/freebsd/622b5 ... 17024.html

taglib-1.11.1_3 is vulnerable:
taglib -- heap-based buffer over-read via a crafted audio file
CVE: CVE-2018-11439
WWW: https://vuxml.FreeBSD.org/freebsd/d3f3e ... a8bf9.html

7 problem(s) in 6 installed package(s) found.

Any idea when fixed will be available?

User avatar
ericbsd
Developer
Posts: 1516
Joined: Mon Nov 19, 2012 7:54 pm
Has thanked: 47 times
Been thanked: 75 times

Re: Security updates

Post by ericbsd »

For ports that is not maintain by me or GhostBSD, you want to answer ask to the port maintainer.

zau
Posts: 5
Joined: Mon Apr 20, 2020 1:46 pm
Has thanked: 0
Been thanked: 0

Re: Security updates

Post by zau »

Thank you for the response. The port maintainers have fixed the anomalies and only one insignificant anomaly is left.
WWW: https://vuxml.FreeBSD.org/freebsd/abc3e ... 1abf4.html

Post Reply