Ryan Schmidt wrote:
On Oct 24, 2010, at 21:01, John B Brown wrote:
bzip2 : bugged (CVE-2010-0405)
This is the tail end of the compile. Exactly what is there about the
bzip2 file installed by port that would cause that complaint from a virus
detector?
Well, they are referring to this CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
Versions of bzip2 before 1.0.6 had an integer overflow. Have you updated to
bzip2 1.0.6? If so, you should no longer have that vulnerability.
The version in /opt/local/bin is 1.0.6, installed with texlive. There
is another bzip2 in /user/bin which is version 1.0.5. It was put there
with the latest combined Apple update, Mac OS 10.6.4. I'll just use rm
on it. That should fix my "bug" problems with bzip2.
It's nice that the xcode compiler found that, or the source code was
set up to look for it. It's too bad the folk at Apple didn't use the
later version of bzip2 in their update load.
Shalom,
John B. Brown.
[[email protected]]
358 High Street,
Buffalo, Wyoming
82834
"Freedom is not worth having if it does not include
the freedom to make mistakes" Mahatma Gandhi
"If any question why we died, tell them,
because our fathers lied." Rudyard Kipling
"A man who does not know the truth is just an idiot
but a man who knows the truth and calls it a lie
is a crook." Bertolt Brecht
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it." Mark Twain
1-307-684-9068
_______________________________________________
macports-users mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
