Date: Sun, 23 Sep 2012 08:19:21 -0400 From: Eitan Adler <eadler@freebsd.org> To: Ashish SHUKLA <ashish@freebsd.org> Cc: svn-ports-head@freebsd.org, Alexey Dokuchaev <danfe@freebsd.org>, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r304727 - in head/editors/emacs23: . files Message-ID: <CAF6rxgmTaD8MD3hyL93KT7gO2yYcQ9HY2vsY9OCkCMQ9w3-U0g@mail.gmail.com> In-Reply-To: <86a9whgxuo.fsf@chateau.d.if> References: <201209230031.q8N0VYxs075278@svn.freebsd.org> <20120923042059.GA35671@FreeBSD.org> <86a9whgxuo.fsf@chateau.d.if>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23 September 2012 00:35, Ashish SHUKLA <ashish@freebsd.org> wrote: > On Sun, 23 Sep 2012 04:20:59 +0000, Alexey Dokuchaev <danfe@FreeBSD.org> said: >> On Sun, Sep 23, 2012 at 12:31:34AM +0000, Ashish SHUKLA wrote: >>> New Revision: 304727 >>> URL: http://svn.freebsd.org/changeset/ports/304727 >>> >>> Log: >>> - Fix remote code execution vulnerability >>> - Bump PORTEPOCH > >> Why it was bumped? > > Because as per VuXML report[1], the versions affected by vulnerability are > <24.2, and AFAIK, the only way to override this for Emacs 23.x is by bumping > PORTEPOCH. The VuXML must be changed to include a <gt> then and the PORTEPOCH doesn't override it. People with an older emacs installed will still get the warning. VuXML are used for *installed* ports, not just what's in the ports tree. -- Eitan Adler Source & Ports committer X11, Bugbusting teams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgmTaD8MD3hyL93KT7gO2yYcQ9HY2vsY9OCkCMQ9w3-U0g>