John B Brown
jbb at vcn.com
Sun Oct 24 20:46:38 PDT 2010
Ryan Schmidt wrote:
> On Oct 24, 2010, at 21:01, John B Brown wrote:
>> bzip2 : bugged (CVE-2010-0405)
>> This is the tail end of the compile. Exactly what is there about the bzip2 file installed by port that would cause that complaint from a virus detector?
> Well, they are referring to this CVE:
> Versions of bzip2 before 1.0.6 had an integer overflow. Have you updated to bzip2 1.0.6? If so, you should no longer have that vulnerability.
The version in /opt/local/bin is 1.0.6, installed with texlive. There
is another bzip2 in /user/bin which is version 1.0.5. It was put there
with the latest combined Apple update, Mac OS 10.6.4. I'll just use rm
on it. That should fix my "bug" problems with bzip2.
It's nice that the xcode compiler found that, or the source code was
set up to look for it. It's too bad the folk at Apple didn't use the
later version of bzip2 in their update load.
John B. Brown.
[jbb at vcn.com]
358 High Street,
"Freedom is not worth having if it does not include
the freedom to make mistakes" Mahatma Gandhi
"If any question why we died, tell them,
because our fathers lied." Rudyard Kipling
"A man who does not know the truth is just an idiot
but a man who knows the truth and calls it a lie
is a crook." Bertolt Brecht
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it." Mark Twain
More information about the macports-users