Date: Mon, 18 May 2015 14:26:18 -0500 From: Mark Felder <feld@FreeBSD.org> To: "Sevan / Venture37" <venture37@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: pkg audit / vuln.xml failures Message-ID: <1431977178.2897923.271980105.0D554040@webmail.messagingengine.com> In-Reply-To: <CA%2BU3Mf4kzdkFjO1Jd78Sw4Oj2DWk9N9zws9wPgngLJoBmZ8ZFQ@mail.gmail.com> References: <20150517210300.45FF67B8@hub.freebsd.org> <1431972413.2880876.271908321.6959F2D3@webmail.messagingengine.com> <CA%2BU3Mf4kzdkFjO1Jd78Sw4Oj2DWk9N9zws9wPgngLJoBmZ8ZFQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 18, 2015, at 14:01, Sevan / Venture37 wrote: > On 18 May 2015 at 19:06, Mark Felder <feld@freebsd.org> wrote: > > > > > > On Sun, May 17, 2015, at 16:02, Roger Marquis wrote: > >> Does anyone know what's going on with vuln.xml updates? Over the last > >> few weeks and months CVEs and application mailing lists have announced > >> vulnerabilities for several ports that in some cases only showed up in > >> vuln.xml after several days and in other cases are still not listed > >> (despite email to the security team). > >> > >> Is there a URL outlining the policies and procedures of vuln.xml > >> maintenance? > >> > > > > I am also interested. I know there is a desire to leverage CPE in the > > future, but I've seen CPE entries take weeks to show up. Our vuln.xml > > maintenance has always been pretty solid. Is there a lack of manpower > > right now? Are there notices/reports not being processed? > > > > How can we help? > > Bug reports with notice of new additions just to give a heads up at the > least. > I was just thinking it might be nice when you're committing a change to a port to fix a CVE if there was a tag you can drop in the commit log to tell ports-security if there is a need for an entry to vuln.xml. At least those without experience editing vuln.xml can more easily have someone else assist them with getting it added.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1431977178.2897923.271980105.0D554040>