svn commit: r356398 - head/security/vuxml
Tijl Coosemans
tijl at FreeBSD.org
Wed Jun 4 15:25:18 UTC 2014
On Wed, 04 Jun 2014 10:02:42 -0500 Drewery, Bryan wrote:
> On 6/4/14, 9:24 AM, Ryan Steinmetz wrote:
>> On (06/04/14 08:50), Bryan Drewery wrote:
>>>> On Jun 4, 2014, at 3:32, Tijl Coosemans <tijl at FreeBSD.org> wrote:
>>>>> On Tue, 3 Jun 2014 19:42:40 +0000 (UTC) Ryan Steinmetz wrote:
>>>>> Author: zi
>>>>> Date: Tue Jun 3 19:42:40 2014
>>>>> New Revision: 356398
>>>>> URL: http://svnweb.freebsd.org/changeset/ports/356398
>>>>> QAT: https://qat.redports.org/buildarchive/r356398/
>>>>>
>>>>> Log:
>>>>> - Document vulnerability in security/gnutls3 (CVE-2014-3466)
>>>>
>>>> Is security/gnutls affected by this as well? Because most ports are
>>>> still using that version.
>>>
>>> Not sure. That port needs to just die though and all ports use the new.
>>
>> GnuTLS' website doesn't mention 2.x, however, I did see someones post
>> that mentioned that the bad code may have been introduced in 1.x.
There's a commit in the 2.12 branch for this so it is affected:
https://www.gitorious.org/gnutls/gnutls/commits/89238044ade02c4d80e334ab74056ef28599663d
>> Given that 2.x seems deprecated/unsupported by the authors, I think we
>> really need to push to ditch it.
>
> It's already planned to do so. Just needs to have the work done.
I could spend some time on this. Has there been any work done already?
More information about the svn-ports-head
mailing list