From owner-svn-ports-all@FreeBSD.ORG Wed Jun 4 14:34:16 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9AE9B198; Wed, 4 Jun 2014 14:34:16 +0000 (UTC) Received: from exodus.zi0r.com (exodus.zi0r.com [71.245.171.203]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "exodus.zi0r.com", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 68BA22970; Wed, 4 Jun 2014 14:34:16 +0000 (UTC) Received: from exodus.zi0r.com (localhost [127.0.0.1]) by exodus.zi0r.com (Postfix) with ESMTP id E11B53F13A; Wed, 4 Jun 2014 10:24:40 -0400 (EDT) X-Virus-Scanned: amavisd-new at zi0r.com Received: from exodus.zi0r.com ([127.0.0.1]) by exodus.zi0r.com (exodus.zi0r.com [127.0.0.1]) (amavisd-new, port 10026) with LMTP id Lp1c_gdeMjjN; Wed, 4 Jun 2014 10:24:40 -0400 (EDT) Received: from exodus.zi0r.com (syn.zi0r.com [71.245.171.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by exodus.zi0r.com (Postfix) with ESMTPSA id 1C5163F12E; Wed, 4 Jun 2014 10:24:40 -0400 (EDT) Date: Wed, 4 Jun 2014 10:24:38 -0400 From: Ryan Steinmetz To: Bryan Drewery Subject: Re: svn commit: r356398 - head/security/vuxml Message-ID: <20140604142438.GA57245@exodus.zi0r.com> References: <201406031942.s53JgeGI046605@svn.freebsd.org> <20140604103240.6826697f@kalimero.tijl.coosemans.org> <51539FB3-D510-479C-A076-87068BD01022@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <51539FB3-D510-479C-A076-87068BD01022@FreeBSD.org> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: "svn-ports-head@freebsd.org" , Tijl Coosemans , "svn-ports-all@freebsd.org" , "novel@FreeBSD.org" , "ports-committers@freebsd.org" X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 14:34:16 -0000 On (06/04/14 08:50), Bryan Drewery wrote: > >> On Jun 4, 2014, at 3:32, Tijl Coosemans wrote: >> >>> On Tue, 3 Jun 2014 19:42:40 +0000 (UTC) Ryan Steinmetz wrote: >>> Author: zi >>> Date: Tue Jun 3 19:42:40 2014 >>> New Revision: 356398 >>> URL: http://svnweb.freebsd.org/changeset/ports/356398 >>> QAT: https://qat.redports.org/buildarchive/r356398/ >>> >>> Log: >>> - Document vulnerability in security/gnutls3 (CVE-2014-3466) >> >> Is security/gnutls affected by this as well? Because most ports are >> still using that version. > >Not sure. That port needs to just die though and all ports use the new. GnuTLS' website doesn't mention 2.x, however, I did see someones post that mentioned that the bad code may have been introduced in 1.x. Given that 2.x seems deprecated/unsupported by the authors, I think we really need to push to ditch it. -r -- Ryan Steinmetz PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7