Attempting to build dns/libidn2 in 2019Q4 results in this error:
libidn2-2.2.0 is vulnerable: libidn2 -- roundtrip check vulnerability CVE: CVE-2019-12290 WWW: https://vuxml.FreeBSD.org/freebsd/f04f840d-0840-11ea-8d66-75d3253ef913.html The cited link says "libidn2 before 2.2.0", as does the CVE. Is 2.2.0 actually vulnerable? Either the vulnerability database needs to be fixed, or version 2.3.0 should be ported from head. Thanks. -- Stephen Wall Senior Staff Software Engineer 585.924.7550 REDCOM Laboratories, Inc. One Redcom Center Victor, NY 14564-0995 www.redcom.com DUNS 09-166-5919 | CAGE 1U548 Woman Owned Small Business _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
