Ports scheduled for removal on Nov 7
Kris Kennaway
kris at obsecurity.org
Fri Aug 8 19:23:34 PDT 2003
On Sat, Aug 09, 2003 at 11:05:42AM +0930, Greg 'groggy' Lehey wrote:
> On Friday, 8 August 2003 at 12:42:44 +0200, Alexander Leidinger wrote:
> > On Thu, 7 Aug 2003 21:53:34 -0700
> > Kris Kennaway <kris at obsecurity.org> wrote:
> >
> >> The following ports are scheduled for removal on November 7 if they
> >> are still broken at that time and no PRs have been submitted to fix
> >
> >> databases/firebird firebird-1.0.2 chris at aims.com.au
> >> databases/firebird-devel firebird-1.0.r2 chris at aims.com.au
> >
> > I've marked them FORBIDDEN because of an posting on bugtraq. I've talked
> > with the maintainer and he explained, that the developers focus on the
> > development of the next version and don't seem to be interested in
> > fixing this vulnerability.
>
> Are you sure that this vulnerability exists? bugtraq seems to be
> rather indiscriminate in its claims ("found in this version, all these
> others must have it too"). I've seen at least one case where we were
> about to throw out something (ghostview, I think) because of a library
> vulnerability on a different platform.
No, as I remember in that case the wrong port was marked broken
(ghostview vs gv), and the vulnerability in the gv port was real and
was independently fixed.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20030808/b356e6b9/attachment.bin
More information about the freebsd-ports
mailing list