Date: Sat, 16 Sep 2006 17:40:43 +0200 From: Remko Lodder <remko@FreeBSD.org> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <450C1AFB.1000204@FreeBSD.org> In-Reply-To: <20060916094324.GA11675@turion.vk2pj.dyndns.org> References: <200609141426.k8EEQiVC003730@repoman.freebsd.org> <20060916094324.GA11675@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Jeremy wrote:
> On Thu, 2006-Sep-14 14:26:44 +0000, Remko Lodder wrote:
>> remko 2006-09-14 14:26:44 UTC
>> Rewrite the win32-codecs entry to even better explain the vulnerability [2].
>
> Since there's no longer a maintainer and there doesn't appear to be a
> fix at the master site, this port may be broken for some time. Is it
> possible to just not install the QuickTime dll's?
>
> Based on the codec breakdown, QuickTime support is the following files:
> 3ivX.qtx
> ACTLComponent.qtx
> AvidQTAVUICodec.qtx
> BeHereiVideo.qtx
> Indeo4.qtx
> On2_VP3.qtx
> ZyGoVideo.qtx
> QuickTime.qts
> QuickTimeEssentials.qtx
> QuickTimeInternetExtras.qtx
> qtmlClient.dll
>
> Does anyone know if those files can just be removed to avoid the
> vulnerability whilst still have the remaining win32 codecs work?
>
Hello Peter,
I am not sure, and I am not going to look into it as we speak
(Not that I do not want, but I am planning to go on holiday
in a few hours, so need to do other things instead and make sure
most of my open items are known etc).
I will have a look when I get back if no one looked prior to that.
Cheers,
Remko
--
Kind regards,
Remko Lodder ** remko@elvandar.org
FreeBSD ** remko@FreeBSD.org
/* Quis custodiet ipsos custodes */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?450C1AFB.1000204>