From owner-svn-ports-all@FreeBSD.ORG Wed Jun 4 15:25:18 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B0B8778C; Wed, 4 Jun 2014 15:25:18 +0000 (UTC) Received: from mailrelay012.isp.belgacom.be (mailrelay012.isp.belgacom.be [195.238.6.179]) by mx1.freebsd.org (Postfix) with ESMTP id 7250F2E7E; Wed, 4 Jun 2014 15:25:16 +0000 (UTC) X-Belgacom-Dynamic: yes X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AmUGAGk5j1Nbs4fn/2dsb2JhbABZgwdSS8IwFD0BgQsXdIIlAQEEATocIxALFAQJJQ8qHgYTiDoMAQjSGReOUgeEQAEDmhKBQJF6gzo7 Received: from 231.135-179-91.adsl-dyn.isp.belgacom.be (HELO kalimero.tijl.coosemans.org) ([91.179.135.231]) by relay.skynet.be with ESMTP; 04 Jun 2014 17:25:07 +0200 Received: from kalimero.tijl.coosemans.org (kalimero.tijl.coosemans.org [127.0.0.1]) by kalimero.tijl.coosemans.org (8.14.8/8.14.8) with ESMTP id s54FP5Xf003463; Wed, 4 Jun 2014 17:25:06 +0200 (CEST) (envelope-from tijl@FreeBSD.org) Date: Wed, 4 Jun 2014 17:25:04 +0200 From: Tijl Coosemans To: "Drewery, Bryan" Subject: Re: svn commit: r356398 - head/security/vuxml Message-ID: <20140604172504.23a766e4@kalimero.tijl.coosemans.org> In-Reply-To: <538F3512.8040509@FreeBSD.org> References: <201406031942.s53JgeGI046605@svn.freebsd.org> <20140604103240.6826697f@kalimero.tijl.coosemans.org> <51539FB3-D510-479C-A076-87068BD01022@FreeBSD.org> <20140604142438.GA57245@exodus.zi0r.com> <538F3512.8040509@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Ryan Steinmetz , "svn-ports-head@freebsd.org" , "svn-ports-all@freebsd.org" , "novel@FreeBSD.org" , "ports-committers@freebsd.org" X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2014 15:25:18 -0000 On Wed, 04 Jun 2014 10:02:42 -0500 Drewery, Bryan wrote: > On 6/4/14, 9:24 AM, Ryan Steinmetz wrote: >> On (06/04/14 08:50), Bryan Drewery wrote: >>>> On Jun 4, 2014, at 3:32, Tijl Coosemans wrote: >>>>> On Tue, 3 Jun 2014 19:42:40 +0000 (UTC) Ryan Steinmetz wrote: >>>>> Author: zi >>>>> Date: Tue Jun 3 19:42:40 2014 >>>>> New Revision: 356398 >>>>> URL: http://svnweb.freebsd.org/changeset/ports/356398 >>>>> QAT: https://qat.redports.org/buildarchive/r356398/ >>>>> >>>>> Log: >>>>> - Document vulnerability in security/gnutls3 (CVE-2014-3466) >>>> >>>> Is security/gnutls affected by this as well? Because most ports are >>>> still using that version. >>> >>> Not sure. That port needs to just die though and all ports use the new. >> >> GnuTLS' website doesn't mention 2.x, however, I did see someones post >> that mentioned that the bad code may have been introduced in 1.x. There's a commit in the 2.12 branch for this so it is affected: https://www.gitorious.org/gnutls/gnutls/commits/89238044ade02c4d80e334ab74056ef28599663d >> Given that 2.x seems deprecated/unsupported by the authors, I think we >> really need to push to ditch it. > > It's already planned to do so. Just needs to have the work done. I could spend some time on this. Has there been any work done already?