Date: Thu, 13 Jul 2017 12:53:01 +0200 From: Kurt Jaeger <lists@opsec.eu> To: Xavi Garcia <xavi.garcia@gmail.com> Cc: freebsd-ports@freebsd.org Subject: Re: textproc/jq and oniguruma5 Message-ID: <20170713105301.GN65214@home.opsec.eu> In-Reply-To: <CAPonemxGc9aKay2HYskcoP%2BaHM0b8ZQtUt=AB6tAg9cmr9z54w@mail.gmail.com> References: <CAPonemxGc9aKay2HYskcoP%2BaHM0b8ZQtUt=AB6tAg9cmr9z54w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > jq depends on oniguruma5 but this library has quite a few vulnerabilities > and it doesn't seem to be maintained. > > https://vuxml.freebsd.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html > > > Would it be possible to change the dependencies in textproc/jq > from devel/oniguruma5 to devel/oniguruma6? > > There's already a bug report but no action has been taken yet. > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220586 Done. -- pi@opsec.eu +49 171 3101372 3 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170713105301.GN65214>