php5-gd -- uninitialized memory information disclosure vulnerability

dave

dave

Anyone having this problem?

Code: 
#portmaster -a

[...snip...]

===>>> Starting build for ports that need updating <<<===

===>>> Launching child to update php5-gd-5.2.5

===>>> Port directory: /usr/ports/graphics/php5-gd
===>>> Starting check for build dependencies
===>>> Gathering dependency list for graphics/php5-gd from ports
===>>> Starting dependency check
===>>> Dependency check complete for graphics/php5-gd

===>  Cleaning for php5-gd-5.2.8

===>  php5-gd-5.2.8 has known vulnerabilities:
=> php5-gd -- uninitialized memory information disclosure vulnerability.
   Reference: <http://www.FreeBSD.org/ports/portaudit/58a3c266-db01-11dd-ae30-001cc0377035.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/graphics/php5-gd.
*** Error code 1

Stop in /usr/ports/graphics/php5-gd.

===>>> make failed for graphics/php5-gd
===>>> Aborting update

===>>> Update for php5-gd-5.2.5 failed
===>>> Aborting update

I have updated ports tree to no avail.
 
It means that the port has a vulnerability, for example a bug that could be exploited remotely. It could be a threat to the security of your system using that port.
If you don't care about that, try # make -DDISABLE_VULNERABILITIES install
 
If the above solutions is not gonna work for you, the port is probably marked as FORBIDDEN, thus you will have to edit its Makefile and comment out the given line.
 
I'm wondering why this has still not been addressed. The VuXML was updated over 3 weeks ago.

I have a gallery2 server that is visible to the internet at large, and it's either a) keep gallery up so $wife doesn't complain or b) take it down to avoid an exploitation.

Anyone know what the hold up is? Has anyone contacted ale@ directly about it? I know there's at least one PR on this.
 
I have been running a portsnap each morning, expecting an update, but none. I am surprised, too. I don't know ale@, but have seen him around on this forum.
 
You must log in or register to reply here.
Back
Top