From owner-cvs-ports@FreeBSD.ORG Sat Sep 16 15:41:04 2006 Return-Path: X-Original-To: cvs-ports@freebsd.org Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7BD8716A494; Sat, 16 Sep 2006 15:41:04 +0000 (UTC) (envelope-from remko@freebsd.org) Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id A612843D83; Sat, 16 Sep 2006 15:40:45 +0000 (GMT) (envelope-from remko@freebsd.org) Received: from localhost (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id D16E792FDD3; Sat, 16 Sep 2006 17:40:44 +0200 (CEST) Received: from caelis.elvandar.org ([217.148.169.59]) by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new, port 10024) with ESMTP id 17190-06; Sat, 16 Sep 2006 17:40:44 +0200 (CEST) Message-ID: <450C1AFB.1000204@FreeBSD.org> Date: Sat, 16 Sep 2006 17:40:43 +0200 From: Remko Lodder User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909) MIME-Version: 1.0 To: Peter Jeremy References: <200609141426.k8EEQiVC003730@repoman.freebsd.org> <20060916094324.GA11675@turion.vk2pj.dyndns.org> In-Reply-To: <20060916094324.GA11675@turion.vk2pj.dyndns.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by the elvandar.org maildomain Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: remko@FreeBSD.org List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2006 15:41:04 -0000 Peter Jeremy wrote: > On Thu, 2006-Sep-14 14:26:44 +0000, Remko Lodder wrote: >> remko 2006-09-14 14:26:44 UTC >> Rewrite the win32-codecs entry to even better explain the vulnerability [2]. > > Since there's no longer a maintainer and there doesn't appear to be a > fix at the master site, this port may be broken for some time. Is it > possible to just not install the QuickTime dll's? > > Based on the codec breakdown, QuickTime support is the following files: > 3ivX.qtx > ACTLComponent.qtx > AvidQTAVUICodec.qtx > BeHereiVideo.qtx > Indeo4.qtx > On2_VP3.qtx > ZyGoVideo.qtx > QuickTime.qts > QuickTimeEssentials.qtx > QuickTimeInternetExtras.qtx > qtmlClient.dll > > Does anyone know if those files can just be removed to avoid the > vulnerability whilst still have the remaining win32 codecs work? > Hello Peter, I am not sure, and I am not going to look into it as we speak (Not that I do not want, but I am planning to go on holiday in a few hours, so need to do other things instead and make sure most of my open items are known etc). I will have a look when I get back if no one looked prior to that. Cheers, Remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */