Hi everyone,
It's almost time again for another pkgsrcCon, this year the conference
will be held at C-Base, Berlin, Germany on the 7th & 8th of July with a
social event on the Friday night before (6th).
I wanted to give a heads up here to ask if any folks wanted to just us
there in July. Talks abou
In no particular order:
Giovanni Bechis - Pledge in OpenBSD
Pierre Pronchery - pkg-query
Thomas Merkel - Testing your pkgsrc development on multiple platforms
with vagrant and virtualbox
Sevan Janiyan - A mix of two halves
Bennie Siegert - Bulk builds in the cloud
Alistair Crooks - pkgsrc - founda
Hello,
This years annual pkgsrcCon is being held in London on the July 1st &
2nd with a evening social event on 30 of June. While the primary focus
is on pkgsrc, the event is about building open source software in
general and the challenges we all face.
Last year the event was held in Kraków, Polan
Hello,
security/py-crypto in ports is vulnerable to CVE-2013-7459, the attached
patches apply the changes from the following commit to v2.6.1.
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
Sevan
--- lib/Crypto/SelfTest/Cipher/common.py.orig 2017-03-07 16:48:08.
On 30/11/2016 02:48, Josh Grosse wrote:
> archivers/p7zip fix already committed
Thanks.
A better link for math/hdf5 is
http://blog.talosintel.com/2016/11/hdf5-vulns.html which covers more
advisories.
Sevan
Hello,
www/moinmoin CVE-2016-7146 CVE-2016-7148
science/hdf5-18 http://www.talosintelligence.com/reports/TALOS-2016-0176/
archivers/p7zip CVE-2016-9296 patch:
https://sourceforge.net/p/p7zip/bugs/185/
libxml CVE-2016-9318 patch https://bugzilla.gnome.org/show_bug.cgi?id=772726
Sevan
Hello,
Version in ports is vulnerable to CVE-2016-6893.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6893
Sevan
Hello,
devel/kf5/karchive - CVE-2016-6232
graphics/gd - possibly not vulnerable to
http://seclists.org/bugtraq/2016/Aug/35
Sevan
textproc/xerces-c -
http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
databases/sqlite3
https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
Sevan
Hello,
security/botan in ports is vulnerable to the following advisories:
CVE-2016-2194 CVE-2016-2195 CVE-2016-2849 CVE-2015-7827
http://botan.randombit.net/security.html
On security.html, 1.10.13 is not mentioned as containing fix for
CVE-2016-2849 and CVE-2015-7824 but it is mentioned in release
Hello,
The version of security/wpa_supplicant in ports is vulnerable to the
following CVEs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4476
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4477
Sevan
Hello,
The version of net/openafs in ports is vulnerable to the following CVEs and
CVE-2016-4536 -
http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt
CVE-2016-2860 -
http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
CVE-2015-8312 - https://www.openafs.org/dl/1.6.16/RELNOTES-1
On 24/04/2016 19:29, Stuart Henderson wrote:
> Hmm, is patches/patch-modules_seas_encode_msg_c not enough then?
Sorry Stuart, I slipped up. The package hadn't received a bump for the
patch I didn't delve into the patches directory.
History on openports is not up to date either:
http://openports
Hello,
telephony/kamailio in ports is vulnerable to the advisory outlined in
https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/
Regards
Sevan
Hello,
Both the devel & stable releases of Jenkins in ports are vulnerable to
CVE-2016-0788 through to 0792.
Sevan
On 22/03/2016 19:52, Jeremie Courreges-Anglas wrote:
>> > devel/pcre - CVE-2016-3191
> Blindly copy/pasted from upstream's repo.
Seems to be patch adopted elsewhere as well.
While we're here, pcre also appears to be missing a patch for CVE-2016-1283
http://vcs.pcre.org/pcre?view=revision&revisio
On 21/03/2016 02:46, Michael McConville wrote:
> Looks like PCRE 8.39 isn't being mirrored yet. Should we patch manually?
> That looks like a pretty serious vulnerability:
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191
Hi Michael,
Ideally, it'll probably bring a revision bump
net/quagga - CVE-2016-2342
devel/pcre - CVE-2016-3191
Sevan
Hi,
Git is currently vulnerable to a buffer overflow attack which is only
fixed in the upcoming 3.8.0 release.
https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d
http://seclists.org/oss-sec/2016/q1/645
https://security-tracker.debian.org/tracker/CVE-2016-2324
Regards,
Se
Version of security/libgcrypt is vulnerable to CVE-2015-7511
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
Sevan
20 matches
Mail list logo
