textproc/jq and oniguruma5
Kurt Jaeger
lists at opsec.eu
Thu Jul 13 10:53:01 UTC 2017
Hi!
> jq depends on oniguruma5 but this library has quite a few vulnerabilities
> and it doesn't seem to be maintained.
>
> https://vuxml.freebsd.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html
>
>
> Would it be possible to change the dependencies in textproc/jq
> from devel/oniguruma5 to devel/oniguruma6?
>
> There's already a bug report but no action has been taken yet.
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220586
Done.
--
pi at opsec.eu +49 171 3101372 3 years to go !
More information about the freebsd-ports
mailing list