Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 18 May 2015 14:26:18 -0500
From:      Mark Felder <feld@FreeBSD.org>
To:        "Sevan / Venture37" <venture37@gmail.com>
Cc:        freebsd-security@freebsd.org
Subject:   Re: pkg audit / vuln.xml failures
Message-ID:  <1431977178.2897923.271980105.0D554040@webmail.messagingengine.com>
In-Reply-To: <CA%2BU3Mf4kzdkFjO1Jd78Sw4Oj2DWk9N9zws9wPgngLJoBmZ8ZFQ@mail.gmail.com>
References:  <20150517210300.45FF67B8@hub.freebsd.org> <1431972413.2880876.271908321.6959F2D3@webmail.messagingengine.com> <CA%2BU3Mf4kzdkFjO1Jd78Sw4Oj2DWk9N9zws9wPgngLJoBmZ8ZFQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail 



On Mon, May 18, 2015, at 14:01, Sevan / Venture37 wrote:
> On 18 May 2015 at 19:06, Mark Felder <feld@freebsd.org> wrote:
> >
> >
> > On Sun, May 17, 2015, at 16:02, Roger Marquis wrote:
> >> Does anyone know what's going on with vuln.xml updates?  Over the last
> >> few weeks and months CVEs and application mailing lists have announced
> >> vulnerabilities for several ports that in some cases only showed up in
> >> vuln.xml after several days and in other cases are still not listed
> >> (despite email to the security team).
> >>
> >> Is there a URL outlining the policies and procedures of vuln.xml
> >> maintenance?
> >>
> >
> > I am also interested. I know there is a desire to leverage CPE in the
> > future, but I've seen CPE entries take weeks to show up. Our vuln.xml
> > maintenance has always been pretty solid. Is there a lack of manpower
> > right now? Are there notices/reports not being processed?
> >
> > How can we help?
> 
> Bug reports with notice of new additions just to give a heads up at the
> least.
> 

I was just thinking it might be nice when you're committing a change to
a port to fix a CVE if there was a tag you can drop in the commit log to
tell ports-security if there is a need for an entry to vuln.xml. At
least those without experience editing vuln.xml can more easily have
someone else assist them with getting it added.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1431977178.2897923.271980105.0D554040>