poppler, security updates in general...

Clemens Lang cal at macports.org
Wed Jan 10 09:20:29 UTC 2018

Hi Perry,

----- On 9 Jan, 2018, at 18:27, Perry E. Metzger perry at piermont.com wrote:

> I note the version of poppler we're shipping is pretty old, and that
> there are CVEs outstanding against it.
> Am I correct in assuming that as things stand, we mostly depend on
> port owners to track security updates on behalf of the project and
> that there isn't a security officer or any such thing? (Not
> complaining, just seeking clarification.)

That's correct. It would be nice if we had some tooling that could check
for CVEs we haven't fixed yet. If you would like to grab some of the
existing open source tooling and modify it so it uses the MacPorts ports
tree as input, that would be great.

A while ago somebody on the list had a project that would import MacPorts
ports into a format common for all package managers (and provide a
webservice + website for that). Maybe that could be used here?

Clemens Lang

More information about the macports-dev mailing list