php5-gd -- uninitialized memory information disclosure vulnerability

dave

dave

Anyone having this problem?

Code: 
#portmaster -a

[...snip...]

===>>> Starting build for ports that need updating <<<===

===>>> Launching child to update php5-gd-5.2.5

===>>> Port directory: /usr/ports/graphics/php5-gd
===>>> Starting check for build dependencies
===>>> Gathering dependency list for graphics/php5-gd from ports
===>>> Starting dependency check
===>>> Dependency check complete for graphics/php5-gd

===>  Cleaning for php5-gd-5.2.8

===>  php5-gd-5.2.8 has known vulnerabilities:
=> php5-gd -- uninitialized memory information disclosure vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/58a3c266-db01-11dd-ae30-001cc0377035.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/graphics/php5-gd.
*** Error code 1

Stop in /usr/ports/graphics/php5-gd.

===>>> make failed for graphics/php5-gd
===>>> Aborting update

===>>> Update for php5-gd-5.2.5 failed
===>>> Aborting update

I have updated ports tree to no avail.
 
It means that the port has a vulnerability, for example a bug that could be exploited remotely. It could be a threat to the security of your system using that port.
If you don't care about that, try # make -DDISABLE_VULNERABILITIES install
 
If the above solutions is not gonna work for you, the port is probably marked as [font="Courier New"]FORBIDDEN[/font], thus you will have to edit its Makefile and comment out the given line.
 
I'm wondering why this has still not been addressed. The VuXML was updated over 3 weeks ago.

I have a gallery2 server that is visible to the internet at large, and it's either a) keep gallery up so $wife doesn't complain or b) take it down to avoid an exploitation.

Anyone know what the hold up is? Has anyone contacted ale@ directly about it? I know there's at least one PR on this.
 
I have been running a portsnap each morning, expecting an update, but none. I am surprised, too. I don't know ale@, but have seen him around on this forum.
 
You must log in or register to reply here.
Back
Top