Date: Mon, 03 Sep 2018 01:45:13 +0000 From: bugzilla-noreply@freebsd.org To: multimedia@FreeBSD.org Subject: [Bug 227669] audio/libsndfile: vulnerabilities < 1.0.29 still not fixed Message-ID: <bug-227669-12827-1wak0GSOi3@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-227669-12827@https.bugs.freebsd.org/bugzilla/> References: <bug-227669-12827@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227669 rkoberman@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rkoberman@gmail.com --- Comment #3 from rkoberman@gmail.com --- Ports are not normally removed due to vulnerabilities. I have had ports that I needed that had vulnerabilities for literally years. Since you must literally disable vulnerability checks to install it and see the report in periodic logs nightly, it is up to the person responsible for the system to check on the issue(s) and determine whether they are relevant to the us of the port in their environment. In the case of libsnd, it is used by quite few ports and removing it would break a number of ports. Examples: twolame-0.3.13_4 wavegain-1.2.8 libsamplerate-0.1.9 speech-dispatcher-0.8.6 vamp-plugin-sdk-2.6 jackit-0.125.0_4 pulseaudio-11.1_1 audacity-2.2.2_3 I can't really operate without libsnfile. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227669-12827-1wak0GSOi3>