On Fri, Jan 29, 2016 at 11:32:03AM +0100, Stefan Sperling wrote: > On Fri, Jan 29, 2016 at 06:19:53AM +0000, Sevan / Venture37 wrote: > > devel/subversion - > > http://subversion.apache.org/security/CVE-2015-5259-advisory.txt > > This bug affected the 1.9 series only. > > I haven't upgraded the OpenBSD port to 1.9 yet. I am still waiting > for more bugs to shake out. E.g. there are known crashes on sparc64 > with a fix scheduled for the next 1.9.x release.
Which means.. sevan, instead of dropping a cold list of 'boooh, ports affected by cves found on the internet' (that's how i interpret your mails titled "Vulnerable package in ports tree"), it would be great if you could assess the severity of the 'vulnerabilities' and check if they actually affect the version we have in ports. Yeah, i know, more homework, but in the end everyone wins :) Landry
