From owner-cvs-all@FreeBSD.ORG Sat Sep 16 09:43:27 2006 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 420D216A407; Sat, 16 Sep 2006 09:43:27 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail15.syd.optusnet.com.au (mail15.syd.optusnet.com.au [211.29.132.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D10043D53; Sat, 16 Sep 2006 09:43:26 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail15.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id k8G9hOu3011634 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sat, 16 Sep 2006 19:43:24 +1000 Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.6/8.13.6) with ESMTP id k8G9hOpb011727; Sat, 16 Sep 2006 19:43:24 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.6/8.13.6/Submit) id k8G9hOgl011726; Sat, 16 Sep 2006 19:43:24 +1000 (EST) (envelope-from peter) Date: Sat, 16 Sep 2006 19:43:24 +1000 From: Peter Jeremy To: Remko Lodder Message-ID: <20060916094324.GA11675@turion.vk2pj.dyndns.org> References: <200609141426.k8EEQiVC003730@repoman.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Content-Disposition: inline In-Reply-To: <200609141426.k8EEQiVC003730@repoman.freebsd.org> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.12-2006-07-14 Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Sep 2006 09:43:27 -0000 --h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, 2006-Sep-14 14:26:44 +0000, Remko Lodder wrote: >remko 2006-09-14 14:26:44 UTC > Rewrite the win32-codecs entry to even better explain the vulnerability = [2]. Since there's no longer a maintainer and there doesn't appear to be a fix at the master site, this port may be broken for some time. Is it possible to just not install the QuickTime dll's? Based on the codec breakdown, QuickTime support is the following files: 3ivX.qtx ACTLComponent.qtx AvidQTAVUICodec.qtx BeHereiVideo.qtx Indeo4.qtx On2_VP3.qtx ZyGoVideo.qtx QuickTime.qts QuickTimeEssentials.qtx QuickTimeInternetExtras.qtx qtmlClient.dll Does anyone know if those files can just be removed to avoid the vulnerability whilst still have the remaining win32 codecs work? --=20 Peter Jeremy --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFC8c8/opHv/APuIcRAsEgAJ9+wqfy8NPqko12BdGUA+iuLGJa+QCgjWpo FS6nQW3mYN3itmhQ4U7DtRs= =xtE7 -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF--