cvs commit: ports/security/vuxml vuln.xml
Simon L. Nielsen
simon at FreeBSD.org
Sat Sep 16 12:27:03 PDT 2006
On 2006.09.16 19:43:24 +1000, Peter Jeremy wrote:
> On Thu, 2006-Sep-14 14:26:44 +0000, Remko Lodder wrote:
> >remko 2006-09-14 14:26:44 UTC
> > Rewrite the win32-codecs entry to even better explain the vulnerability [2].
>
> Since there's no longer a maintainer and there doesn't appear to be a
> fix at the master site, this port may be broken for some time. Is it
> possible to just not install the QuickTime dll's?
>
> Based on the codec breakdown, QuickTime support is the following files:
> 3ivX.qtx
> ACTLComponent.qtx
> AvidQTAVUICodec.qtx
> BeHereiVideo.qtx
> Indeo4.qtx
> On2_VP3.qtx
> ZyGoVideo.qtx
> QuickTime.qts
> QuickTimeEssentials.qtx
> QuickTimeInternetExtras.qtx
> qtmlClient.dll
>
> Does anyone know if those files can just be removed to avoid the
> vulnerability whilst still have the remaining win32 codecs work?
If we remove the Quicktime codecs then I will be happy to remove
FORBIDDEN from the port. Unfortunatly I don't have the time too look
into finding out which files has to be removed myself, so I have no
idea if you identified the right files.
--
Simon L. Nielsen
FreeBSD Security Team
More information about the cvs-all
mailing list