Date: Fri, 11 Aug 2017 12:41:03 +0200 From: Kurt Jaeger <lists@opsec.eu> To: Jos Chrispijn <bsdports@cloudzeeland.nl> Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org>, rob@theseusnetworking.com Subject: Re: oniguruma5-5.9.6_1 is vulnerable Message-ID: <20170811104103.GI81427@home.opsec.eu> In-Reply-To: <7d681940-bcb9-13b2-b7d6-5c8b40d1aa24@cloudzeeland.nl> References: <7d681940-bcb9-13b2-b7d6-5c8b40d1aa24@cloudzeeland.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > For some weeks I noticed > > oniguruma5-5.9.6_1 is vulnerable: > oniguruma -- multiple vulnerabilities > CVE: CVE-2017-9228 > CVE: CVE-2017-9228 > CVE: CVE-2017-9227 > CVE: CVE-2017-9226 > CVE: CVE-2017-9224 > WWW:https://vuxml.FreeBSD.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html > > Can you please provide a port update? Thanks. Basically, the suggestion is to update dependent ports to oniguruma6, and then remove oniguruma5. See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220438 for more details. That's a little bit of work and we're short on folks doing it 8-} -- pi@opsec.eu +49 171 3101372 3 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170811104103.GI81427>