Date: Sat, 16 Sep 2006 19:43:24 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Remko Lodder <remko@freebsd.org> Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20060916094324.GA11675@turion.vk2pj.dyndns.org> In-Reply-To: <200609141426.k8EEQiVC003730@repoman.freebsd.org> References: <200609141426.k8EEQiVC003730@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 2006-Sep-14 14:26:44 +0000, Remko Lodder wrote: >remko 2006-09-14 14:26:44 UTC > Rewrite the win32-codecs entry to even better explain the vulnerability = [2]. Since there's no longer a maintainer and there doesn't appear to be a fix at the master site, this port may be broken for some time. Is it possible to just not install the QuickTime dll's? Based on the codec breakdown, QuickTime support is the following files: 3ivX.qtx ACTLComponent.qtx AvidQTAVUICodec.qtx BeHereiVideo.qtx Indeo4.qtx On2_VP3.qtx ZyGoVideo.qtx QuickTime.qts QuickTimeEssentials.qtx QuickTimeInternetExtras.qtx qtmlClient.dll Does anyone know if those files can just be removed to avoid the vulnerability whilst still have the remaining win32 codecs work? --=20 Peter Jeremy --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFC8c8/opHv/APuIcRAsEgAJ9+wqfy8NPqko12BdGUA+iuLGJa+QCgjWpo FS6nQW3mYN3itmhQ4U7DtRs= =xtE7 -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060916094324.GA11675>