Missing fixes for various ports in Q4 branch? (was: MySQL 5.6)
Patrick M. Hausen
hausen at punkt.de
Tue Dec 5 11:05:46 UTC 2017
Hi all,
> Am 05.12.2017 um 11:55 schrieb Kurt Jaeger <lists at opsec.eu>:
>
> Hi!
>
>> I thought quarterly ports branches would receive security fixes from
>> HEAD but no other version bumps.
>>
>> If this is correct, then why is MySQL 5.6 in Q4 one version behind HEAD
>> (updated 6 weeks ago) and with all the critical security issues still present?
>
> Maintainer just committed the merge from HEAD to quarterly.
>
> Thanks for the heads-up. Sometimes things slip through.
OK ... in that case ...
PHP 5.6 is 5.6.31 in Q4 with CVE-2016-1283 and 5.6.32 in HEAD.
Update to HEAD 4 weeks ago.
Curl is behind, too - though this fix was committed to HEAD just 2 days ago.
I'll routinely use `pkg audit` after building a new master image for our hosting
from now on.
Kind regards,
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe info at punkt.de http://punkt.de
AG Mannheim 108285 Gf: Juergen Egeling
More information about the freebsd-ports
mailing list