search

FreshPorts / freshports

The website part of FreshPorts
http://www.freshports.org/
BSD 2-Clause "Simplified" License
68 stars 24 forks source link

SSLH 2.1.2? #565

Closed efaden closed 3 months ago

efaden commented 4 months ago

Is it possible to get SSLH updated to 2.1.2 for both a vulnerability fix and UDP support?

dlangille commented 4 months ago

I think we're talking about net/sslh

Two points:

1 - There are no known vulns registered against it in vuxml - if there were, there would be visible skulls along the commit history. 2 - There are no open PRS for net/sslh

This screen shot shows how I determined point 2 above Screenshot 2024-05-21 at 9 10 31 AM

For point 1, look at ftp/curl where you will find:

Screenshot 2024-05-21 at 9 16 02 AM

Looking, I found mention of vulns at https://www.rutschle.net/tech/sslh/download.html

Your best course of action is to create a PR (see first image listed above) and ask the same question there. FreshPorts merely reports upon ports. We don't maintain them. The FreeBSD PR system is the right place to ask for updates to ports.

If you have any questions about this, ask again. I can help with that.

Hope this helps. Thank you.

efaden commented 4 months ago

Sorry. Wrong place then. Thanks for the info .

This is what I was looking at.

https://www.cvedetails.com/vulnerability-list/vendor_id-29001/product_id-126792/Sslh-Project-Sslh.html

dlangille commented 4 months ago

That is exactly the information to include in a security/vuxml patch. If you can submit that PR, it will happen faster.