From owner-svn-ports-head@FreeBSD.ORG Fri Aug 24 04:30:04 2012 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2447F1065674; Fri, 24 Aug 2012 04:30:04 +0000 (UTC) (envelope-from rea@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.6.71]) by mx1.freebsd.org (Postfix) with ESMTP id B23D58FC0C; Fri, 24 Aug 2012 04:30:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codelabs.ru; s=two; h=Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=nuGphmGRtu2uT2sBmUVSQ0ED4xcst2eedp62OXxieIo=; b=mYGJIkxkjC4BaEbP2FcgwQTO5VoA9rl3SH1UeTOMZgYhvG7qNTIG+SdOr3bdi/jcOJY7/VHmCJ3m5JmlzfCtLtdEnXi2fLuKfoNyaLCsFhXyW+YPeVS807lJfWAHSTjpleuPjnI6x0unTmMUuX22DlMb0f7PVXEvldBmKYBxsxmgkpf6z/NiAWrlGmir4CFfAWlbLPZTsfQZelr2pK0lZxB/KhUNGJAo9kA9tb6Fvu1z6THcZSlc+6n07k7FsSHqWR7yxJvdh/EJLSBCela7TuqVl60SfwEZKrCR35HFpzBiolUQ4K8D3ZdWxeGrjqFvjnI84F94NxpeU14aMwoxwA==; Received: from gprs-internet-client-10.234.sonicduo.com (ppp91-77-179-164.pppoe.mtu-net.ru [91.77.179.164]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) id 1T4lX0-0009xs-G9; Fri, 24 Aug 2012 08:30:02 +0400 Date: Fri, 24 Aug 2012 08:29:58 +0400 From: Eygene Ryabinkin To: Doug Barton , pav@FreeBSD.org Message-ID: <20120824042958.GI59200@gprs-internet-client-10.234.sonicduo.com> References: <201208212056.q7LKuiwn004348@svn.freebsd.org> <20120822042824.GE59200@gprs-internet-client-10.234.sonicduo.com> <50348557.9000100@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="4BlIp4fARb6QCoOq" Content-Disposition: inline In-Reply-To: Sender: rea@codelabs.ru Cc: svn-ports-head@freebsd.org, ports-security@freebsd.org, svn-ports-all@freebsd.org, Eitan Adler , ports-committers@freebsd.org Subject: Re: svn commit: r302900 - head/security/vuxml X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Aug 2012 04:30:04 -0000 --4BlIp4fARb6QCoOq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Wed, Aug 22, 2012 at 12:32:46PM +0400, Eygene Ryabinkin wrote: > Wed, Aug 22, 2012 at 12:08:07AM -0700, Doug Barton wrote: > > Completely aside from my conviction that ALL ports in the vuxml > > should be marked FORBIDDEN until they are fixed, Eitan has a point > > here. This is a serious compromise, and I would not want users to > > install the port in its current form. >=20 > Well, that's a good point. I'll coin in another VuXML entry > (about the vulns fixed in 2.3.3, > http://www.pizzashack.org/rssh/security.shtml) and add FORBIDDEN. Did both, - http://lists.freebsd.org/pipermail/svn-ports-all/2012-August/002316.html - http://lists.freebsd.org/pipermail/svn-ports-all/2012-August/002420.html --=20 Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ] --4BlIp4fARb6QCoOq Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) iF4EABEIAAYFAlA3A0IACgkQFq+eroFS7Pu3qgD+JznLYuZmXDSpKA12sgUpQNZK nIUEu63QPI7w5WbDYvMBAIItInxxp2+KdTRjPK5fVjSAwzb1gweCj1vnGGUDSE8q =Pk6A -----END PGP SIGNATURE----- --4BlIp4fARb6QCoOq--