DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th August 2014
thirdm thirdm is offline
Spam Deminer
 
Join Date: May 2009
Posts: 248
Default transmission CVE-2014-4909

While downloading a recent episode of BSD Now I saw many peers using transmission 2.82, so I wanted to point out this security flaw:

https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-4909

Christian Weisgerber updated the port in OpenBSD:

http://marc.info/?l=openbsd-ports&m=140586914331830&w=2

I know this is in CVS now, but not sure at what point a package snapshot picked it up. The one I last upgraded to (July 25th snapshot of base, not sure date of packages) didn't yet have it, but it's probably built by now.
Reply With Quote
  #2   (View Single Post)  
Old 7th August 2014
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

This update is available in packages (July 31).
Reply With Quote
  #3   (View Single Post)  
Old 7th August 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

This was committed for -current on July 21, and a -stable fix for 5.5 was committed on July 22.

Snapshot packages are built on different schedules, by architecture. The rollout to mirrors are also on varying schedules. If you need it and its not available to you, you could always build the port.

This will give me a chance to repeat this comment again: snapshot packages are provided to -current users as a convenience, only. They are built on different farms than the snapshots themselves, and therefore are not guaranteed to be be in sync with any snapshot.

OpenBSD -current users should expect to need to manually build a package from its port, from time to time.
Reply With Quote
  #4   (View Single Post)  
Old 7th August 2014
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

The P2 patch of transmission 2.82 was available via the M:tier updates (latest release) on July 22, 2014

M:tier transmission update
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Happy New Year 2014 LeFrettchen Off-Topic 2 1st January 2014 04:02 PM
rTorrent and Transmission don't seem to work well claytonl OpenBSD Packages and Ports 10 13th February 2012 02:59 AM
HTML5 kicked into 2014 : Another three years of crushing hype J65nko News 3 15th February 2011 12:31 PM
Transmission greencross FreeBSD Ports and Packages 3 14th October 2008 09:40 PM
Transmission web inteface start when system boot mfaridi FreeBSD Ports and Packages 2 27th September 2008 06:53 AM


All times are GMT. The time now is 09:32 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick