Date: Thu, 07 Dec 2006 13:46:18 +0000 From: Vince <jhary@unsane.co.uk> To: mato <gamato@users.sourceforge.net> Cc: josh.carroll@psualum.com, freebsd-ports@freebsd.org, freebsd-questions@freebsd.org Subject: Re: portupgrade refusin to upgrade a port .. when it shouldn't imho Message-ID: <45781B2A.4000300@unsane.co.uk> In-Reply-To: <20061207131208.M28770@users.sf.net> References: <el7e8s$9ak$1@sea.gmane.org> <20061206233232.GA72778@xor.obsecurity.org> <45775FA0.7020206@users.sf.net> <8cb6106e0612061646m1a9b9f94nc33bdb36ad25594d@mail.gmail.com> <20061207131208.M28770@users.sf.net>
next in thread | previous in thread | raw e-mail | index | archive | help
mato wrote: > On Wed, 6 Dec 2006 16:46:24 -0800, Josh Carroll wrote >>>>> ** Port marked as IGNORE: multimedia/win32-codecs: >>>>> is forbidden: Remote code execution: >>>>> http://vuxml.FreeBSD.org/24f6b1eb-43d5-11db-81e1-000e0c2e438a.html >>>>> >>>>> Isn't this behaviour flawed ?? Or am I missing something ? >> You need to make config in /usr/ports/multimedia/win32-codecs, and >> unselect quicktime. Then the port should install. This is assuming, >> of course, that you can live without the QT codec(s). >> >> Josh > > > OK, I will try it.. Thank you all. > > But the question remains -- if new port version is not vulnerable why i cannot > upgrade to it ?? > Its only not vulnerable if you unselect the quicktime codec. the vulnerability is in the quicktime codec. The port will by default use the stored config in /var/db/ports/win32-codecs/options and if this says to use the quicktime codec then it will not upgrade. This seems pretty sensible to me. Vince > Cheers, > > Martin > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45781B2A.4000300>