Date: Wed, 04 Jun 2014 10:35:04 -0500 From: "Drewery, Bryan" <bdrewery@FreeBSD.org> To: Tijl Coosemans <tijl@FreeBSD.org> Cc: Ryan Steinmetz <zi@FreeBSD.org>, "svn-ports-head@freebsd.org" <svn-ports-head@freebsd.org>, "svn-ports-all@freebsd.org" <svn-ports-all@freebsd.org>, "novel@FreeBSD.org" <novel@FreeBSD.org>, "ports-committers@freebsd.org" <ports-committers@freebsd.org> Subject: Re: svn commit: r356398 - head/security/vuxml Message-ID: <538F3CA8.2000103@FreeBSD.org> In-Reply-To: <20140604172504.23a766e4@kalimero.tijl.coosemans.org> References: <201406031942.s53JgeGI046605@svn.freebsd.org> <20140604103240.6826697f@kalimero.tijl.coosemans.org> <51539FB3-D510-479C-A076-87068BD01022@FreeBSD.org> <20140604142438.GA57245@exodus.zi0r.com> <538F3512.8040509@FreeBSD.org> <20140604172504.23a766e4@kalimero.tijl.coosemans.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/4/14, 10:25 AM, Tijl Coosemans wrote: > On Wed, 04 Jun 2014 10:02:42 -0500 Drewery, Bryan wrote: >> On 6/4/14, 9:24 AM, Ryan Steinmetz wrote: >>> On (06/04/14 08:50), Bryan Drewery wrote: >>>>> On Jun 4, 2014, at 3:32, Tijl Coosemans <tijl@FreeBSD.org> wrote: >>>>>> On Tue, 3 Jun 2014 19:42:40 +0000 (UTC) Ryan Steinmetz wrote: >>>>>> Author: zi >>>>>> Date: Tue Jun 3 19:42:40 2014 >>>>>> New Revision: 356398 >>>>>> URL: http://svnweb.freebsd.org/changeset/ports/356398 >>>>>> QAT: https://qat.redports.org/buildarchive/r356398/ >>>>>> >>>>>> Log: >>>>>> - Document vulnerability in security/gnutls3 (CVE-2014-3466) >>>>> >>>>> Is security/gnutls affected by this as well? Because most ports are >>>>> still using that version. >>>> >>>> Not sure. That port needs to just die though and all ports use the new. >>> >>> GnuTLS' website doesn't mention 2.x, however, I did see someones post >>> that mentioned that the bad code may have been introduced in 1.x. > > There's a commit in the 2.12 branch for this so it is affected: > https://www.gitorious.org/gnutls/gnutls/commits/89238044ade02c4d80e334ab74056ef28599663d > >>> Given that 2.x seems deprecated/unsupported by the authors, I think we >>> really need to push to ditch it. >> >> It's already planned to do so. Just needs to have the work done. > > I could spend some time on this. Has there been any work done already? > I forget. I think novel may have started on it. I don't think it's anything significant to not just start over on though. -- Regards, Bryan Drewery
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?538F3CA8.2000103>