From owner-freebsd-security@FreeBSD.ORG  Mon May 18 20:20:15 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7F9A233F;
 Mon, 18 May 2015 20:20:15 +0000 (UTC)
Received: from mail-wg0-x22f.google.com (mail-wg0-x22f.google.com
 [IPv6:2a00:1450:400c:c00::22f])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 196201F08;
 Mon, 18 May 2015 20:20:15 +0000 (UTC)
Received: by wgbgq6 with SMTP id gq6so27219505wgb.3;
 Mon, 18 May 2015 13:20:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=vvqmhFfLT9Uvec8QFMJ/8/YkB8DH7HQeY5GOoGwoZGY=;
 b=Ef6kWCCmw3F778C+6Y6PF7hDOycuhgm7v0oLCjfylqJT5hEgy4Hn/UuStyE1zMhTK0
 D9vJd1g+Ul1UpWVyCMvTs2/VGAoZ3kou9D1DAUOQ/n377f3RiOJAHDqK335gCMC+541r
 3uwXKCs3NVaPvv3Jb1v+vGpZwuPOC56Nnzj+q6e0ZssHlSwMvA2AXziNQ3wH3xRnsaSq
 eBQpjb4t/DKsfRqrttjbfCj4fZD1c3SOLrp1dYXI3fTKckD+D5ruzUUGoTgcdeBg1EBX
 mvmmmmDDKGvKvppCza7DOW9NBBZ5Pbh4adjCh9NTuDvCMcGRb8/liXP5OBCXcU+npiur
 WA/Q==
MIME-Version: 1.0
X-Received: by 10.180.206.211 with SMTP id lq19mr25259969wic.26.1431980411996; 
 Mon, 18 May 2015 13:20:11 -0700 (PDT)
Received: by 10.194.88.165 with HTTP; Mon, 18 May 2015 13:20:11 -0700 (PDT)
In-Reply-To: <1431977178.2897923.271980105.0D554040@webmail.messagingengine.com>
References: <20150517210300.45FF67B8@hub.freebsd.org>
 <1431972413.2880876.271908321.6959F2D3@webmail.messagingengine.com>
 <CA+U3Mf4kzdkFjO1Jd78Sw4Oj2DWk9N9zws9wPgngLJoBmZ8ZFQ@mail.gmail.com>
 <1431977178.2897923.271980105.0D554040@webmail.messagingengine.com>
Date: Mon, 18 May 2015 21:20:11 +0100
Message-ID: <CA+U3Mf7AskL25eTQ4qcic19+Hzo-EA+v5+VPeUP5sK4ppOuuOQ@mail.gmail.com>
Subject: Re: pkg audit / vuln.xml failures
From: "Sevan / Venture37" <venture37@gmail.com>
To: Mark Felder <feld@freebsd.org>
Cc: freebsd-security@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 May 2015 20:20:15 -0000

On 18 May 2015 at 20:26, Mark Felder <feld@freebsd.org> wrote:
> I was just thinking it might be nice when you're committing a change to
> a port to fix a CVE if there was a tag you can drop in the commit log to
> tell ports-security if there is a need for an entry to vuln.xml. At
> least those without experience editing vuln.xml can more easily have
> someone else assist them with getting it added.

Ah, yes, that applies to those with those shiny commit bits. I'm on
the other side. It certainly needs to be added to the workflow of
updating/maintaining ports somehow.
There's the problem of
Maintaining the vuxml entries
Flagging security issues resolved in updates
Flagging unaddressed security updates


Sevan / Venture37