From owner-freebsd-pkg@freebsd.org Wed Aug 28 10:24:45 2019 Return-Path: Delivered-To: freebsd-pkg@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 11C7DD8892 for ; Wed, 28 Aug 2019 10:24:45 +0000 (UTC) (envelope-from r.c.ladan@gmail.com) Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46JMLN1lf0z431v for ; Wed, 28 Aug 2019 10:24:43 +0000 (UTC) (envelope-from r.c.ladan@gmail.com) Received: by mail-io1-xd33.google.com with SMTP id j4so4717077iog.11 for ; Wed, 28 Aug 2019 03:24:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=eY2Cg8luj0/SY9703u5SvlbRS7TBoK0uWVK7HhN6q2A=; b=WjuXQBRNu9GHFsOgIKGk8M4Zaza6N25O9EyoaeLyc9cVMGIu1OjbFEahTNMuAqSzby LqprsfR8KS2d199bQm68VBncb0+79OwuMjU5Arcouf+Zl4PPaOGugemliUTMUxtEgt0z UslwFuGoDLNIbH8HbQ4t2IWc36T09Cxe0fElKwF8AGH1a1lZ+E2mnyayJmlUGnDZgg+T j3ADU/LPmM2wVZGqTAa7Po+9NMGlvwQtEH4mTjxGv7ZBYSgEKTPlL8NLeVGBdqXlfacf WXNHt6RUURJRBS/2+43bo7mV9L2VY9wiMaMDZXRVVTO+1aHFbOd1imbanPMIK7Md1Wqr upAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=eY2Cg8luj0/SY9703u5SvlbRS7TBoK0uWVK7HhN6q2A=; b=Nah4uWRYJUT891DSkVrDVxh306a4yi8d6eRBqqXGxB6tAjXGyjDQDFkfATmaQ+ecul ftti+22CSKSGZG3L9UEGyU/el/WYsUzTw4+yOw1k/nz/2IJCRrb9i+yeTY4Wit4v6dbu D/m4g3QYsy1p+dch9nGP87/V7jQ4QBS1C5cRL+/79HXeOEd1xkgcTf2xSuSUfPdTBt7g tO9JWsUFmOZ6N5Y+DNEi1Roa2AY+fonnGdpb0OKY9nVVt6eB17swh9tg6WlLcBTCgHdk LMoH1F/naLMJsulB2NVbLSz8zKgg+HN8XSxk1AsXpsS8CjyQowI8FzKWb4douHmGbFhN VQTA== X-Gm-Message-State: APjAAAXOGlr1Gy+HtfDhVklLaGOjs/Mrq11ipzqZ7iJ9+gp938fVKprk fLQBtHb+x1Ge+7Ixyhyi3A6h5RZ7c/mH0NHdleIYMg== X-Google-Smtp-Source: APXvYqyuHQxrB3qL6pKaufBzvE6Oeb9S8a4CYqMtvSQri0enN7imPiJhhVi3zHvMo/tEX0DcAMEYPALldEXVdW8Pwfw= X-Received: by 2002:a6b:cf18:: with SMTP id o24mr3388647ioa.152.1566987882917; Wed, 28 Aug 2019 03:24:42 -0700 (PDT) MIME-Version: 1.0 References: <8f257614-efe2-7c8b-63f1-cb386807185a@cloudzeeland.nl> In-Reply-To: <8f257614-efe2-7c8b-63f1-cb386807185a@cloudzeeland.nl> From: =?UTF-8?Q?Ren=C3=A9_Ladan?= Date: Wed, 28 Aug 2019 12:24:31 +0200 Message-ID: Subject: Re: Packages with security vulnerabilities (3x) To: Jos Chrispijn Cc: freebsd-pkg@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 46JMLN1lf0z431v X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=WjuXQBRN; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rcladan@gmail.com designates 2607:f8b0:4864:20::d33 as permitted sender) smtp.mailfrom=rcladan@gmail.com X-Spamd-Result: default: False [-4.00 / 15.00]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-0.998,0]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-3.92), ipnet: 2607:f8b0::/32(-2.86), asn: 15169(-2.33), country: US(-0.05)]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pkg@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[3.3.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Aug 2019 10:24:45 -0000 Hello Jos, Op wo 28 aug. 2019 om 11:36 schreef Jos Chrispijn : > > Dear maintainer(s), > > Can you pls update the following packages: > > Database fetched: Tue Aug 27 01:14:30 CEST 2019 > > apache24-2.4.39_1 is vulnerable: [...] > libnghttp2-1.39.1 is vulnerable: [...] > > mysql57-server-5.7.26_1 is vulnerable: [...] You will have to ask the maintainers to update the packages (ports actually, that is where the packages are built from), and then the updated binary packages will be available a few days later. This is the case if you follow "HEAD" packages, updates for quarterly packages (currently 2019Q3) need to be merged to the quarterly branch first before those binary packages can be rebuilt. This list is only for discussing the 'pkg' package itself. Ren=C3=A9