Date: Thu, 13 Jul 2017 12:57:40 +0200 From: Xavier Garcia <xavier@shellguardians.com> To: Kurt Jaeger <lists@opsec.eu> Cc: Xavi Garcia <xavi.garcia@gmail.com>, freebsd-ports@freebsd.org Subject: Re: textproc/jq and oniguruma5 Message-ID: <20170713105740.qsl6wfl2jum53bxk@mutt.skynet.ct> In-Reply-To: <20170713105301.GN65214@home.opsec.eu> References: <CAPonemxGc9aKay2HYskcoP%2BaHM0b8ZQtUt=AB6tAg9cmr9z54w@mail.gmail.com> <20170713105301.GN65214@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Thank you, it was really fast :) Would it be possible to also port the change to 2017Q3? Kind regards, Xavier Garcia On Thu, Jul 13, 2017 at 12:53:01PM +0200, Kurt Jaeger wrote: > Hi! > > > jq depends on oniguruma5 but this library has quite a few vulnerabilities > > and it doesn't seem to be maintained. > > > > https://vuxml.freebsd.org/freebsd/b396cf6c-62e6-11e7-9def-b499baebfeaf.html > > > > > > Would it be possible to change the dependencies in textproc/jq > > from devel/oniguruma5 to devel/oniguruma6? > > > > There's already a bug report but no action has been taken yet. > > > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220586 > > Done. > > -- > pi@opsec.eu +49 171 3101372 3 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170713105740.qsl6wfl2jum53bxk>