Vulnerable packages in ports tree - 26/03

Hi, Just a heads up, the following packages in ports have vulnerabilities which were announced recently: binutils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8502 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-

Re: Vulnerable packages in ports tree - 26/03

On Thu, Mar 26, 2015 at 02:51:38PM +, Sevan / Venture37 wrote: > Hi, > Just a heads up, the following packages in ports have vulnerabilities > which were announced recently: > > binutils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501 > https://web.nvd.nist.gov/view/vuln/detail?

Re: Vulnerable packages in ports tree - 26/03

On Thu, March 26, 2015 17:51, Sevan / Venture37 wrote: > Hi, Hi! > Just a heads up, the following packages in ports have vulnerabilities > which were announced recently: > > binutils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=

Re: Vulnerable packages in ports tree - 26/03

- Original message - From: Kirill Bychkov To: "Sevan / Venture37" Cc: ports@openbsd.org Subject: Re: Vulnerable packages in ports tree - 26/03 Date: Thu, 26 Mar 2015 18:15:51 +0300 On Thu, March 26, 2015 17:51, Sevan / Venture37 wrote: > Hi, Hi! > Just a heads u

Re: Vulnerable packages in ports tree - 26/03

On 26 March 2015 at 12:21, Sevan / Venture37 wrote: > Hi, > Just a heads up, the following packages in ports have vulnerabilities > which were announced recently: > > dokuwiki https://www.dokuwiki.org/changes > diff to update to latest 'd' version, tested and works ok for me. cvs server: Diffing

Re: Vulnerable packages in ports tree - 26/03

On Thu, Mar 26, 2015 at 03:53:19PM -0230, Michael wrote: > On 26 March 2015 at 12:21, Sevan / Venture37 wrote: > > Hi, > > Just a heads up, the following packages in ports have vulnerabilities > > which were announced recently: > > > > dokuwiki https://www.dokuwiki.org/changes > > > > diff to upd

Re: Vulnerable packages in ports tree - 26/03

On 2015/03/26 15:53, Michael wrote: > dokuwiki/data/meta/_dummy > dokuwiki/data/pages/ > +@owner > +dokuwiki/data/pages/playground/ > +dokuwiki/data/pages/playground/playground.txt > +@owner www this is wrong, this page/dir should be writable by www > dokuwiki/data/pages/wiki/ > dokuwiki/data

Re: Vulnerable packages in ports tree - 26/03

On 26 March 2015 at 16:15, Stuart Henderson wrote: > > this is wrong, this page/dir should be writable by www > > and you have lost the pkg-readme Ok, so make plist is fallible and I should doublecheck before suggesting patches. Another thing to note to remember, sorry. Here is an updated diff:

Re: Vulnerable packages in ports tree - 26/03

Register security updates in quirks. Index: Makefile === RCS file: /cvs/ports/devel/quirks/Makefile,v retrieving revision 1.211 diff -u -p -u -r1.211 Makefile --- Makefile24 Mar 2015 00:06:40 - 1.211 +++ Makefile27 Ma

Re: Vulnerable packages in ports tree - 26/03

On Thu, Mar 26, 2015 at 10:46:28PM -0230, Michael wrote: > On 26 March 2015 at 16:15, Stuart Henderson wrote: > > > > this is wrong, this page/dir should be writable by www > > > > and you have lost the pkg-readme > > Ok, so make plist is fallible and I should doublecheck before > suggesting patc

Re: Vulnerable packages in ports tree - 26/03

> Hi, > > Sorry for the late answer.. I have the same diff in my tree. > ok with me. > >> cvs server: Diffing . >> Index: Makefile >> === >> RCS file: /cvs/ports/www/dokuwiki/Makefile,v >> retrieving revision 1.18 >> diff -u -p -r1.18