svn commit: r356398 - head/security/vuxml
Drewery, Bryan
bdrewery at FreeBSD.org
Wed Jun 4 15:35:07 UTC 2014
On 6/4/14, 10:25 AM, Tijl Coosemans wrote:
> On Wed, 04 Jun 2014 10:02:42 -0500 Drewery, Bryan wrote:
>> On 6/4/14, 9:24 AM, Ryan Steinmetz wrote:
>>> On (06/04/14 08:50), Bryan Drewery wrote:
>>>>> On Jun 4, 2014, at 3:32, Tijl Coosemans <tijl at FreeBSD.org> wrote:
>>>>>> On Tue, 3 Jun 2014 19:42:40 +0000 (UTC) Ryan Steinmetz wrote:
>>>>>> Author: zi
>>>>>> Date: Tue Jun 3 19:42:40 2014
>>>>>> New Revision: 356398
>>>>>> URL: http://svnweb.freebsd.org/changeset/ports/356398
>>>>>> QAT: https://qat.redports.org/buildarchive/r356398/
>>>>>>
>>>>>> Log:
>>>>>> - Document vulnerability in security/gnutls3 (CVE-2014-3466)
>>>>>
>>>>> Is security/gnutls affected by this as well? Because most ports are
>>>>> still using that version.
>>>>
>>>> Not sure. That port needs to just die though and all ports use the new.
>>>
>>> GnuTLS' website doesn't mention 2.x, however, I did see someones post
>>> that mentioned that the bad code may have been introduced in 1.x.
>
> There's a commit in the 2.12 branch for this so it is affected:
> https://www.gitorious.org/gnutls/gnutls/commits/89238044ade02c4d80e334ab74056ef28599663d
>
>>> Given that 2.x seems deprecated/unsupported by the authors, I think we
>>> really need to push to ditch it.
>>
>> It's already planned to do so. Just needs to have the work done.
>
> I could spend some time on this. Has there been any work done already?
>
I forget. I think novel may have started on it. I don't think it's
anything significant to not just start over on though.
--
Regards,
Bryan Drewery
More information about the svn-ports-head
mailing list