question about Portaudit and code freezes
Roland Smith
rsmith at xs4all.nl
Thu Aug 25 17:48:50 GMT 2005
On Thu, Aug 25, 2005 at 12:29:10PM -0500, Joe Auty wrote:
> On Aug 25, 2005, at 11:12 AM, Roland Smith wrote:
>
> >On Thu, Aug 25, 2005 at 03:23:11AM -0500, Joe Auty wrote:
> >
> >>Hello,
> >>
> >>How come xpdf is still showing up as a vulnerability, even though the
> >>latest portrevision was supposed to resolve these problems? Has the
> >>portaudit database not been updated because of the code freeze?
> >>
> >
> >Some other ports (like cups-base) incorporate part of the xpdf
> >code. so they will still show up as vulnerable. But I think that the
> >message shouldn't refer to xpdf. It's confusing.
> >
> >Roland
(please, do not top-post)
> Is Xpdf still listed in the portsaudit database as being vulnerable
> for you?
No, it isn't. I think you misunderstand. AFAIK, cups includes a copy of
(part of?) xpdf. Even if the original xpdf is fixed, cups-base won't be
until a equivalent fix is applied, or the fixed code is imported into
cups-base.
> If so, I guess there is nothing I can do except wait... I was just
> wondering if this has not been corrected because of the freeze?
Could be, but I guess such a safety-related fix would not be held
back. Maybe a fix hasn't been applied to cups yet.
Roland
--
R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text.
public key: http://www.xs4all.nl/~rsmith/pubkey.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050825/b5b083eb/attachment.bin
More information about the freebsd-questions
mailing list