On 2006.09.16 19:43:24 +1000, Peter Jeremy wrote: > On Thu, 2006-Sep-14 14:26:44 +0000, Remko Lodder wrote: > >remko 2006-09-14 14:26:44 UTC > > Rewrite the win32-codecs entry to even better explain the vulnerability > > [2]. > > Since there's no longer a maintainer and there doesn't appear to be a > fix at the master site, this port may be broken for some time. Is it > possible to just not install the QuickTime dll's? > > Based on the codec breakdown, QuickTime support is the following files: > 3ivX.qtx > ACTLComponent.qtx > AvidQTAVUICodec.qtx > BeHereiVideo.qtx > Indeo4.qtx > On2_VP3.qtx > ZyGoVideo.qtx > QuickTime.qts > QuickTimeEssentials.qtx > QuickTimeInternetExtras.qtx > qtmlClient.dll > > Does anyone know if those files can just be removed to avoid the > vulnerability whilst still have the remaining win32 codecs work?
If we remove the Quicktime codecs then I will be happy to remove FORBIDDEN from the port. Unfortunatly I don't have the time too look into finding out which files has to be removed myself, so I have no idea if you identified the right files. -- Simon L. Nielsen FreeBSD Security Team _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
