Missing fixes for various ports in Q4 branch? (was: MySQL 5.6)

Patrick M. Hausen hausen at punkt.de
Tue Dec 5 11:05:46 UTC 2017


Hi all,

> Am 05.12.2017 um 11:55 schrieb Kurt Jaeger <lists at opsec.eu>:
> 
> Hi!
> 
>> I thought quarterly ports branches would receive security fixes from
>> HEAD but no other version bumps.
>> 
>> If this is correct, then why is MySQL 5.6 in Q4 one version behind HEAD
>> (updated 6 weeks ago) and with all the critical security issues still present?
> 
> Maintainer just committed the merge from HEAD to quarterly.
> 
> Thanks for the heads-up. Sometimes things slip through.

OK ... in that case ...

PHP 5.6 is 5.6.31 in Q4 with CVE-2016-1283 and 5.6.32 in HEAD.
Update to HEAD 4 weeks ago.

Curl is behind, too - though this fix was committed to HEAD just 2 days ago.


I'll routinely use `pkg audit` after building a new master image for our hosting
from now on.


Kind regards,
Patrick
-- 
punkt.de GmbH			Internet - Dienstleistungen - Beratung
Kaiserallee 13a			Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe			info at punkt.de	http://punkt.de
AG Mannheim 108285		Gf: Juergen Egeling



More information about the freebsd-ports mailing list