From owner-svn-ports-all@freebsd.org Tue Aug 7 10:15:16 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D98D71056686; Tue, 7 Aug 2018 10:15:15 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: from mailrelay101.isp.belgacom.be (mailrelay101.isp.belgacom.be [195.238.20.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay.skynet.be", Issuer "GlobalSign Organization Validation CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E507487674; Tue, 7 Aug 2018 10:15:14 +0000 (UTC) (envelope-from tijl@freebsd.org) X-Belgacom-Dynamic: yes IronPort-PHdr: =?us-ascii?q?9a23=3AEunk/xG5AXbuaQ1CZhnB3Z1GYnF86YWxBRYc79?= =?us-ascii?q?8ds5kLTJ76p86+bnLW6fgltlLVR4KTs6sC17KI9fi4EUU7or+5+EgYd5JNUx?= =?us-ascii?q?JXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQ?= =?us-ascii?q?viPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa8bL9oMBm6sRjau9ULj4dlNqs/0A?= =?us-ascii?q?bCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG?= =?us-ascii?q?81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUj?= =?us-ascii?q?m58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSn?= =?us-ascii?q?dbXstJWSJPAp2yYZYMAeUDM+ZXoJXyqVQVoBuiBwSgGP/jxiNUinPo26Axzu?= =?us-ascii?q?QvERvB3AwlB98ArnHWrNHoP6oMVuC1y7LIwivGb/xM3zf985XDfxc9ofGNX7?= =?us-ascii?q?JwddHcx0k1FwzbkFqdtJHrMT2P2uQKqWib4PNtWOSygGAprAFxpyKgxsYqio?= =?us-ascii?q?TRiIIV0E7L+jtiz4YuONK0Ukl7YcSrEJdIqSGaKoR3QsYmQ21yvyY60LIGtJ?= =?us-ascii?q?imdyYJ0JQq3x3SZv6df4WJ4x/vTvudLDRliH5/Zb6yhhW//E69wePmTMa0yk?= =?us-ascii?q?xFri9dn9nJsXACygLc59CcSvt44kehwTGP1x3P6u1cIUA7i67bK5k5z74zjJ?= =?us-ascii?q?UTtUXDHirol0Xsi6+abFkk+umq6+TjeLnpupicN4hvig7gN6QhgMq/Af8iPg?= =?us-ascii?q?gJRWib9vyw1Lzl/ULnXLVHlv47n6vDvJ3bJMkXvLO1DgxI3oo59hqyDjSr3M?= =?us-ascii?q?wdnXYdLVJFfByHj5LuO1HLOP34Efa/g1aokDpwyfDGJKPuDYvWIXjYjbjtZ7?= =?us-ascii?q?F961RTyAYr19BQ+4pUCq0dIPL0QkLxr8LYDhkgPwysxObnEsl91pgHVWKPHK?= =?us-ascii?q?CWKr7dvESG5uI1PeaDepQauC3gJPQ/4P7ul3A5k0cHfaa1xZsXdGy4HvN+Lk?= =?us-ascii?q?WCf3rshM4NEX8NvgokUOzqk0SOXiRXZ3a2RK886Cs7B5y4AojYXYCinaaN3C?= =?us-ascii?q?ChHp1ZfmpGEEyDEW/0d4WYXPcBcDqSIsh7kjwYTritUpMu1RartA//yrpnMv?= =?us-ascii?q?bU9TMCtZL4z9V16ffTmg8s+jNvFMSSznuBT2ZunmMHXzU2xrxwoVRhylef1q?= =?us-ascii?q?h1m+dYFNJS5/NNVgc6LoXRz+JgC9/sRA3OZcyJR0u8TtWhGzExQYF5/9hbWF?= =?us-ascii?q?pwBdjqsRHH2zHiV6QKlriPH7Qa6K/R9UPdYcFnxCCV+rMmigwapc8HHmqhna?= =?us-ascii?q?N6/g7IT9rVkkedv4iweKk25wKL832Mmznd9HpEWRJ9BP2WFUsUYVHb+JGgvh?= =?us-ascii?q?vP?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2APAgBqcGlb/6i1QldbHAEBAQQBAQo?= =?us-ascii?q?BAYNOY20SFROMCF+LZwEBggwyAYcLgXeMN4F6LoRJAoM9IjQYAQIBAQIBAQI?= =?us-ascii?q?BbBwMgjUkAYJeAQUnExwjEAsOBgQJJQ8qHgYTCYMYggMLrQ4ziDKCIokgggC?= =?us-ascii?q?EJIR+hVYCjHQ9jQcJhhqJIIFahCSIMopuiTU4gVJNMAiDJAmCHBeIWYVAPTC?= =?us-ascii?q?PPgEB?= X-IPAS-Result: =?us-ascii?q?A2APAgBqcGlb/6i1QldbHAEBAQQBAQoBAYNOY20SFROMC?= =?us-ascii?q?F+LZwEBggwyAYcLgXeMN4F6LoRJAoM9IjQYAQIBAQIBAQIBbBwMgjUkAYJeA?= =?us-ascii?q?QUnExwjEAsOBgQJJQ8qHgYTCYMYggMLrQ4ziDKCIokgggCEJIR+hVYCjHQ9j?= =?us-ascii?q?QcJhhqJIIFahCSIMopuiTU4gVJNMAiDJAmCHBeIWYVAPTCPPgEB?= Received: from 168.181-66-87.adsl-dyn.isp.belgacom.be (HELO kalimero.tijl.coosemans.org) ([87.66.181.168]) by relay.skynet.be with ESMTP; 07 Aug 2018 12:14:04 +0200 Received: from kalimero.tijl.coosemans.org (kalimero.tijl.coosemans.org [127.0.0.1]) by kalimero.tijl.coosemans.org (8.15.2/8.15.2) with ESMTP id w77AE3Bi089533; Tue, 7 Aug 2018 12:14:04 +0200 (CEST) (envelope-from tijl@FreeBSD.org) Date: Tue, 7 Aug 2018 12:14:03 +0200 From: =?UTF-8?B?VMSzbA==?= Coosemans To: Steve Wills Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r475438 - head/security/vuxml Message-ID: <20180807121403.1aa7b10f@kalimero.tijl.coosemans.org> In-Reply-To: <201807271304.w6RD4Rbd049642@repo.freebsd.org> References: <201807271304.w6RD4Rbd049642@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Aug 2018 10:15:16 -0000 On Fri, 27 Jul 2018 13:04:27 +0000 (UTC) Steve Wills wrote: > Author: swills > Date: Fri Jul 27 13:04:27 2018 > New Revision: 475438 > URL: https://svnweb.freebsd.org/changeset/ports/475438 > > Log: > security/vuxml: document openjpeg issues > > PR: 225805 > Submitted by: VK > > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > ============================================================================== > --- head/security/vuxml/vuln.xml Fri Jul 27 13:00:45 2018 (r475437) > +++ head/security/vuxml/vuln.xml Fri Jul 27 13:04:27 2018 (r475438) > @@ -58,6 +58,42 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > > + > + OpenJPEG -- multiple vulnerabilities > + > + > + openjpeg > + 2.3.0 Please never use . If the port gets bumped without fixing the issue it will not be marked vulnerable. Use first vulnerable version and/or first fixed version. AFAICT and are always wrong. In this case you could use *.