On 10/14/06, Simon L. Nielsen <[EMAIL PROTECTED]> wrote:
On 2006.10.14 08:11:56 -0400, Michael Johnson wrote:
> On 10/13/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >On Fri, Oct 13, 2006 at 05:18:57PM +0400, Andrew Pantyukhin wrote:
> >> On 10/7/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >
On 2006.10.14 08:11:56 -0400, Michael Johnson wrote:
> On 10/13/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >On Fri, Oct 13, 2006 at 05:18:57PM +0400, Andrew Pantyukhin wrote:
> >> On 10/7/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >> >On Fri, Oct 06, 2006 at 09:35:31AM +0400, Andrew Pantyuk
On 10/13/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
On Fri, Oct 13, 2006 at 05:18:57PM +0400, Andrew Pantyukhin wrote:
> On 10/7/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >On Fri, Oct 06, 2006 at 09:35:31AM +0400, Andrew Pantyukhin wrote:
> >> I wonder if there is a way to deal with static
On 10/14/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
On Fri, Oct 13, 2006 at 05:18:57PM +0400, Andrew Pantyukhin wrote:
> Anyway, maybe portmgr could issue some kind of a policy
> about this. I.e. (1) use {build,run}_depends instead of lib_
> when you depend on a port providing both shared and
>
On Fri, Oct 13, 2006 at 05:18:57PM +0400, Andrew Pantyukhin wrote:
> On 10/7/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
> >On Fri, Oct 06, 2006 at 09:35:31AM +0400, Andrew Pantyukhin wrote:
> >> I wonder if there is a way to deal with statically linked binaries,
> >> which use vulnerable librarie
On 10/7/06, Kris Kennaway <[EMAIL PROTECTED]> wrote:
On Fri, Oct 06, 2006 at 09:35:31AM +0400, Andrew Pantyukhin wrote:
> I wonder if there is a way to deal with statically linked binaries,
> which use vulnerable libraries.
The best way is to track them down and force them all to link
dynamicall
On Fri, Oct 06, 2006 at 09:35:31AM +0400, Andrew Pantyukhin wrote:
> I wonder if there is a way to deal with statically linked binaries,
> which use vulnerable libraries.
The best way is to track them down and force them all to link
dynamically; static linking is a PITA from a systems management p
Hello,
The thing I would do with known applications that are linked statically
to a vulnerable version of ${Application} is bumping the version of the
port.
Why do i do that? If ffmpeg in this case is being updated and the
PORTREVISION of gstreamer as well, people get informed that they should
up
I wonder if there is a way to deal with statically linked binaries,
which use vulnerable libraries.
There's this advisory:
http://www.vuxml.org/freebsd/964161cd-6715-11da-99f6-00123ffe8333.html
But mplayer and libxine are linked statically against ffmpeg,
as are reportedly many other apps like g
9 matches
Mail list logo
