textproc/jq and oniguruma5
xavier at shellguardians.com
Thu Jul 13 10:57:44 UTC 2017
Thank you, it was really fast :)
Would it be possible to also port the change to 2017Q3?
On Thu, Jul 13, 2017 at 12:53:01PM +0200, Kurt Jaeger wrote:
> > jq depends on oniguruma5 but this library has quite a few vulnerabilities
> > and it doesn't seem to be maintained.
> > https://vuxml.freebsd.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html
> > Would it be possible to change the dependencies in textproc/jq
> > from devel/oniguruma5 to devel/oniguruma6?
> > There's already a bug report but no action has been taken yet.
> > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220586
> pi at opsec.eu +49 171 3101372 3 years to go !
More information about the freebsd-ports