Date: Tue, 5 Dec 2017 12:05:42 +0100 From: "Patrick M. Hausen" <hausen@punkt.de> To: Kurt Jaeger <lists@opsec.eu> Cc: freebsd-ports@freebsd.org Subject: Re: Missing fixes for various ports in Q4 branch? (was: MySQL 5.6) Message-ID: <94AC4DE0-78AB-4EB4-BE43-682D2CCEDB9B@punkt.de> In-Reply-To: <20171205105529.GR2827@home.opsec.eu> References: <0C45356F-037F-4BF8-8222-0F82879F6A5D@punkt.de> <20171205105529.GR2827@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi all, > Am 05.12.2017 um 11:55 schrieb Kurt Jaeger <lists@opsec.eu>: >=20 > Hi! >=20 >> I thought quarterly ports branches would receive security fixes from >> HEAD but no other version bumps. >>=20 >> If this is correct, then why is MySQL 5.6 in Q4 one version behind = HEAD >> (updated 6 weeks ago) and with all the critical security issues still = present? >=20 > Maintainer just committed the merge from HEAD to quarterly. >=20 > Thanks for the heads-up. Sometimes things slip through. OK ... in that case ... PHP 5.6 is 5.6.31 in Q4 with CVE-2016-1283 and 5.6.32 in HEAD. Update to HEAD 4 weeks ago. Curl is behind, too - though this fix was committed to HEAD just 2 days = ago. I'll routinely use `pkg audit` after building a new master image for our = hosting from now on. Kind regards, Patrick --=20 punkt.de GmbH Internet - Dienstleistungen - Beratung Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100 76133 Karlsruhe info@punkt.de http://punkt.de AG Mannheim 108285 Gf: Juergen Egeling
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?94AC4DE0-78AB-4EB4-BE43-682D2CCEDB9B>