From owner-svn-ports-all@freebsd.org Tue Aug 7 10:34:45 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B88F1056EA2; Tue, 7 Aug 2018 10:34:45 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: from mailrelay101.isp.belgacom.be (mailrelay101.isp.belgacom.be [195.238.20.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "relay.skynet.be", Issuer "GlobalSign Organization Validation CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 984B2889C0; Tue, 7 Aug 2018 10:34:44 +0000 (UTC) (envelope-from tijl@freebsd.org) X-Belgacom-Dynamic: yes IronPort-PHdr: =?us-ascii?q?9a23=3AF/16uRG5Mhnp7wzxO2X8LZ1GYnF86YWxBRYc79?= =?us-ascii?q?8ds5kLTJ76p86ybnLW6fgltlLVR4KTs6sC17KI9fi4EUU7or+5+EgYd5JNUx?= =?us-ascii?q?JXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQ?= =?us-ascii?q?viPgRpOOv1BpTSj8Oq3Oyu5pHfeQpFiCa8bL9oMBm6sRjau9ULj4dlNqs/0A?= =?us-ascii?q?bCrGFSe+RRy2NoJFaTkAj568yt4pNt8Dletuw4+cJYXqr0Y6o3TbpDDDQ7KG?= =?us-ascii?q?81/9HktQPCTQSU+HQRVHgdnwdSDAjE6BH6WYrxsjf/u+Fg1iSWIdH6QLYpUj?= =?us-ascii?q?m58axlVAHnhzsGNz4h8WHYlMpwjL5AoBm8oxBz2pPYbJ2JOPZ7eK7WYNEUSn?= =?us-ascii?q?dbXstJWSJPAp2yYZYMAeUDM+ZXoJXyqVQVoBuiBwSgGP/jxiNUinPo26Axzu?= =?us-ascii?q?QvERvB3AwlB98ArnHWrNHoP6oMVuC1y7LIwivGb/xM3zf985XDfxc9ofGNX7?= =?us-ascii?q?JwddHcx0k1FwzbkFqdtJHrMT2P2uQKqWib4PNtWOSygGAprAFxpyKgxsYqio?= =?us-ascii?q?TRiIIV0E7L+jtiz4YuONK0Ukl7YcSrEJdIqSGaKoR3QsYmQ21yvyY60LIGtJ?= =?us-ascii?q?imdyYJ0JQq3x3SZv6df4WJ4x/vTvudLDRliH5/Zb6yhhW//E69wePmTMa0yk?= =?us-ascii?q?xFri9dn9nJsXACygLc59CcSvt44kehwTGP1x3P6u1cIUA7i67bK5k5z74zjJ?= =?us-ascii?q?UTtUXDHirol0Xsi6+abFkk+umq6+TjeLnpupicN4hvig7gN6QhgMq/Af8iPg?= =?us-ascii?q?gJRWib9vyw1Lzl/ULnXLVHlv47n6vDvJ3bJMkXvLO1DgxI3oo59hqyDjSr3M?= =?us-ascii?q?wdnXYdLVJFfByHj5LuO1HLOP34Efa/g1aokDpwyfDGJKPuDYvWIXjYjbjtZ7?= =?us-ascii?q?F961RTyAYr19BQ+4pUCq0dIPL0QkLxr8LYDhkgPwysxObnEsl91pgHVWKPHK?= =?us-ascii?q?CWKr7dvESG5uI1PeaDepQauC3gJPQ/4P7ul3A5k0cHfaa1xZsXdGy4HvN+Lk?= =?us-ascii?q?WCf3rshM4NEX8NvgokUOzqk0SOXiRXZ3a2RK886Cs7B5y4AojYXYCinaaN3C?= =?us-ascii?q?ChHp1ZfmpGEEyDEW/0d4WYXPcBcDqSIsh7kjwYTritUpMu1RartA//yrpnMv?= =?us-ascii?q?bU9TMCtZL4z9V16ffTmg8s+jNvFMSSznuBT2ZunmMHXzU2xrxwoVRhylef1q?= =?us-ascii?q?h1m/JZFdtU5/xUSQc1LoLQw/JhBtD8QALOYMmGR029Qtq7Gz0xScgxw9BdK3?= =?us-ascii?q?p6Tv+viFj82C2mGPdBiLuMCIc+qvj08WL8KuxG5zDBzqZ33Hc8Rc4aCYqizo?= =?us-ascii?q?V48BPeAofPiA3Ni6eocYwyxiPA3lyvi22UsxcLA0ZLTazZUCVHNQPtptPj6x?= =?us-ascii?q?aHFuf2BA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2BiAQBYdWlb/6i1QldbGwEBAQEDAQE?= =?us-ascii?q?BCQEBAYNOY20SFROMCF+LZwEBggwyAYcLgXeMN4F6LoRJAoM9IjQYAQIBAQI?= =?us-ascii?q?BAQIBbBwMgjUkAYJeAQUnExwjEAsUBAklDyoeBhMJgxiCAwutCTOIMoIiiSC?= =?us-ascii?q?CAIQkhH6FVgKMdD2NBwmGGokggVqEJIgyim6JNTiBUk0wCIMkCYIcF4hZhUA?= =?us-ascii?q?9MI8+AQE?= X-IPAS-Result: =?us-ascii?q?A2BiAQBYdWlb/6i1QldbGwEBAQEDAQEBCQEBAYNOY20SF?= =?us-ascii?q?ROMCF+LZwEBggwyAYcLgXeMN4F6LoRJAoM9IjQYAQIBAQIBAQIBbBwMgjUkA?= =?us-ascii?q?YJeAQUnExwjEAsUBAklDyoeBhMJgxiCAwutCTOIMoIiiSCCAIQkhH6FVgKMd?= =?us-ascii?q?D2NBwmGGokggVqEJIgyim6JNTiBUk0wCIMkCYIcF4hZhUA9MI8+AQE?= Received: from 168.181-66-87.adsl-dyn.isp.belgacom.be (HELO kalimero.tijl.coosemans.org) ([87.66.181.168]) by relay.skynet.be with ESMTP; 07 Aug 2018 12:34:42 +0200 Received: from kalimero.tijl.coosemans.org (kalimero.tijl.coosemans.org [127.0.0.1]) by kalimero.tijl.coosemans.org (8.15.2/8.15.2) with ESMTP id w77AYgHC089747; Tue, 7 Aug 2018 12:34:42 +0200 (CEST) (envelope-from tijl@FreeBSD.org) Date: Tue, 7 Aug 2018 12:34:42 +0200 From: =?UTF-8?B?VMSzbA==?= Coosemans To: Ben Woods Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r475048 - head/security/vuxml Message-ID: <20180807123442.18597c83@kalimero.tijl.coosemans.org> In-Reply-To: <201807210650.w6L6oa7M004156@repo.freebsd.org> References: <201807210650.w6L6oa7M004156@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Aug 2018 10:34:45 -0000 On Sat, 21 Jul 2018 06:50:36 +0000 (UTC) Ben Woods wrote: > Author: woodsb02 > Date: Sat Jul 21 06:50:36 2018 > New Revision: 475048 > URL: https://svnweb.freebsd.org/changeset/ports/475048 > > Log: > security/vuxml: document VLC vulnerability > > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > ============================================================================== > --- head/security/vuxml/vuln.xml Sat Jul 21 02:13:28 2018 (r475047) > +++ head/security/vuxml/vuln.xml Sat Jul 21 06:50:36 2018 (r475048) > @@ -58,6 +58,42 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > > + > + vlc -- Use after free vulnerability > + > + > + vlc > + 2.2.8_6,4 > + > + > + vlc-qt4 > + 2.2.8_6,4 Please never use . The port has been bumped without fixing the issue and is no longer marked vulnerable. Use first vulnerable version and/or first fixed version. AFAICT and are always wrong. In this case you could use *.