Date: Sat, 16 Sep 2006 21:26:58 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: cvs-ports@freebsd.org, Remko Lodder <remko@freebsd.org>, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20060916192657.GC1020@zaphod.nitro.dk> In-Reply-To: <20060916094324.GA11675@turion.vk2pj.dyndns.org> References: <200609141426.k8EEQiVC003730@repoman.freebsd.org> <20060916094324.GA11675@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006.09.16 19:43:24 +1000, Peter Jeremy wrote: > On Thu, 2006-Sep-14 14:26:44 +0000, Remko Lodder wrote: > >remko 2006-09-14 14:26:44 UTC > > Rewrite the win32-codecs entry to even better explain the vulnerability [2]. > > Since there's no longer a maintainer and there doesn't appear to be a > fix at the master site, this port may be broken for some time. Is it > possible to just not install the QuickTime dll's? > > Based on the codec breakdown, QuickTime support is the following files: > 3ivX.qtx > ACTLComponent.qtx > AvidQTAVUICodec.qtx > BeHereiVideo.qtx > Indeo4.qtx > On2_VP3.qtx > ZyGoVideo.qtx > QuickTime.qts > QuickTimeEssentials.qtx > QuickTimeInternetExtras.qtx > qtmlClient.dll > > Does anyone know if those files can just be removed to avoid the > vulnerability whilst still have the remaining win32 codecs work? If we remove the Quicktime codecs then I will be happy to remove FORBIDDEN from the port. Unfortunatly I don't have the time too look into finding out which files has to be removed myself, so I have no idea if you identified the right files. -- Simon L. Nielsen FreeBSD Security Team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060916192657.GC1020>