On Thu, Mar 26, 2015 at 02:51:38PM +0000, Sevan / Venture37 wrote: > Hi, > Just a heads up, the following packages in ports have vulnerabilities > which were announced recently: > > binutils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8502 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8503 > > dokuwiki https://www.dokuwiki.org/changes > > xerces http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0252 > > icu http://bugs.icu-project.org/trac/ticket/11369 > http://bugs.icu-project.org/trac/ticket/11370 > http://bugs.icu-project.org/trac/ticket/11371 > > node http://blog.nodejs.org/2015/03/14/node-v0-10-37-stable > > tiff CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 > CVE-2014-9655 CVE-2015-1547 > > putty https://www.debian.org/security/2015/dsa-3190 > > gnutls https://bugzilla.redhat.com/show_bug.cgi?id=1196323 > > PHP 5.6 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2305 > PHP 5.5 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2305 > PHP 5.4 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2305 > > py-django https://www.djangoproject.com/weblog/2015/mar/18/security-releases/ > > libzip CVE-2015-2331
I'll have a look at gnutls and icu. -- Antoine
