Date: Mon, 26 Nov 2018 15:17:35 +0100 From: Stefan Bethke <stb@lassitu.de> To: FreeBSD Ports <freebsd-ports@freebsd.org> Cc: decke@FreeBSD.org Subject: Re: [Bug 233475] www/gitea: Update to 1.6.0 (Fixes security vulnerability) Message-ID: <35DB2040-9CB7-4F9F-93B9-D809D6623F42@lassitu.de> In-Reply-To: <bug-233475-12946-WYzskIiA8H@https.bugs.freebsd.org/bugzilla/> References: <bug-233475-12946@https.bugs.freebsd.org/bugzilla/> <bug-233475-12946-WYzskIiA8H@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233475 >=20 > Bernhard Froehlich <decke@FreeBSD.org> changed: >=20 > What |Removed |Added > = --------------------------------------------------------------------------= -- > Status|New |Closed > Resolution|--- |FIXED >=20 > --- Comment #4 from Bernhard Froehlich <decke@FreeBSD.org> --- > The mentioned security issues do not have any CVE numbers assigned so = we > normally do not document those in our vuxml. Since there was no patch = for the > port itself to bring it to 1.6.0 I did the update myself and did some = light > runtime testing which seemed fine. Thanks! I must have accidentally replaced the gate patch with he vuxml patch. And regarding vuxml: other committers feel quite strongly about adding = entries for project-reported vulnerabilities/fixes. I=E2=80=99m happy to = do it either way, but it would be great if there was consensus what = should be documented that way and what shouldn=E2=80=99t. Cheers, Stefan --=20 Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35DB2040-9CB7-4F9F-93B9-D809D6623F42>