From owner-freebsd-ports@freebsd.org Sun Mar 13 03:30:25 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3EF46A92985 for ; Sun, 13 Mar 2016 03:30:25 +0000 (UTC) (envelope-from nospamstr@komkon.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 2785E84C for ; Sun, 13 Mar 2016 03:30:25 +0000 (UTC) (envelope-from nospamstr@komkon.org) Received: by mailman.ysv.freebsd.org (Postfix) id 2337BA92984; Sun, 13 Mar 2016 03:30:25 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 22D29A92983 for ; Sun, 13 Mar 2016 03:30:25 +0000 (UTC) (envelope-from nospamstr@komkon.org) Received: from tissa.komkon.org (tissa.komkon.org [52.5.170.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "tissa.komkon.org", Issuer "Komkon" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E187684A; Sun, 13 Mar 2016 03:30:24 +0000 (UTC) (envelope-from nospamstr@komkon.org) Received: from tissa.komkon.org (str@localhost [127.0.0.1]) by tissa.komkon.org (8.15.2/8.15.2) with ESMTPS id u2D3NmwN098187 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 12 Mar 2016 22:23:49 -0500 (EST) (envelope-from nospamstr@komkon.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=komkon.org; s=mail; t=1457839429; bh=CsKkSvF4qDOpgMu4sE286o1XQTxNCboOWHtukAZ4T+4=; h=Date:From:To:cc:Subject; b=KIxu4Pkc+9TiTd69Z60XWcRrH2gGfcpSz6z/FWbwm22SeIuLBLwBO0PSRUL8z833m 6N7gToYJ9xUAXFWesp11YX4oqPbOkR/3v76LGEqfZOEYrtXFZ2v8UW9W27FI8JCrhT Gvq3WS/jqCRhPxuqP4ZY+k1dh0gjzI8BPEMSddak= Received: from localhost (str@localhost) by tissa.komkon.org (8.15.2/8.15.2/Submit) with ESMTP id u2D3NmKM098184; Sat, 12 Mar 2016 22:23:48 -0500 (EST) (envelope-from nospamstr@komkon.org) X-Authentication-Warning: tissa.komkon.org: str owned process doing -bs Date: Sat, 12 Mar 2016 22:23:48 -0500 (EST) From: Igor Roshchin X-X-Sender: str@tissa.komkon.org To: johans@FreeBSD.org cc: ports@freebsd.org Subject: climm package still relies on the vulnerable libotr3 Message-ID: User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Virus-Scanned: clamav-milter 0.99 at tissa.komkon.org X-Virus-Status: Clean X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tissa.komkon.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2016 03:30:25 -0000 Dear Johan, climm port depends on libotr3 which has been announced as vulnerable just a few days ago. It looks like libotr3 will not be fixed, as libotr-4... is recommended. I am not sure how different the api is for the new version, and how difficult it would be to update the dependency. I am just letting you know in case you missed it. https://vuxml.freebsd.org/freebsd/c2b1652c-e647-11e5-85be-14dae9d210b8.html Regards, Igor