From owner-freebsd-questions@FreeBSD.ORG Thu Aug 25 17:48:50 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8272A16A41F for ; Thu, 25 Aug 2005 17:48:50 +0000 (GMT) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr12.xs4all.nl (smtp-vbr12.xs4all.nl [194.109.24.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id D3E3443D45 for ; Thu, 25 Aug 2005 17:48:49 +0000 (GMT) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr12.xs4all.nl (8.13.3/8.13.3) with ESMTP id j7PHmlVB009540; Thu, 25 Aug 2005 19:48:48 +0200 (CEST) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id AC4F6656F; Thu, 25 Aug 2005 19:48:47 +0200 (CEST) Date: Thu, 25 Aug 2005 19:48:47 +0200 From: Roland Smith To: Joe Auty Message-ID: <20050825174847.GB10790@slackbox.xs4all.nl> Mail-Followup-To: Joe Auty , freebsd-questions@freebsd.org References: <7F8BEA4C-2CD8-4744-88D4-B55FB029EC43@netmusician.org> <20050825161224.GC10134@slackbox.xs4all.nl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xgyAXRrhYN0wYx8y" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: Re: question about Portaudit and code freezes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Aug 2005 17:48:50 -0000 --xgyAXRrhYN0wYx8y Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 25, 2005 at 12:29:10PM -0500, Joe Auty wrote: > On Aug 25, 2005, at 11:12 AM, Roland Smith wrote: >=20 > >On Thu, Aug 25, 2005 at 03:23:11AM -0500, Joe Auty wrote: > > > >>Hello, > >> > >>How come xpdf is still showing up as a vulnerability, even though the > >>latest portrevision was supposed to resolve these problems? Has the > >>portaudit database not been updated because of the code freeze? > >> > > > >Some other ports (like cups-base) incorporate part of the xpdf > >code. so they will still show up as vulnerable. But I think that the > >message shouldn't refer to xpdf. It's confusing. > > > >Roland (please, do not top-post)=20 > Is Xpdf still listed in the portsaudit database as being vulnerable =20 > for you? No, it isn't. I think you misunderstand. AFAIK, cups includes a copy of (part of?) xpdf. Even if the original xpdf is fixed, cups-base won't be until a equivalent fix is applied, or the fixed code is imported into cups-base.=20 > If so, I guess there is nothing I can do except wait... I was just =20 > wondering if this has not been corrected because of the freeze? Could be, but I guess such a safety-related fix would not be held back. Maybe a fix hasn't been applied to cups yet. Roland --=20 R.F.Smith (http://www.xs4all.nl/~rsmith/) Please send e-mail as plain text. public key: http://www.xs4all.nl/~rsmith/pubkey.txt --xgyAXRrhYN0wYx8y Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFDDgR/EnfvsMMhpyURAl3QAJ9M5/QVFL2TjJZvJ/4BRHNrkDpxpwCeNps8 eFBRVjxPdcosh9bQNzvbQTo= =wZen -----END PGP SIGNATURE----- --xgyAXRrhYN0wYx8y--