Date: Wed, 12 Sep 2012 09:33:10 -0400 From: Eitan Adler <eadler@freebsd.org> To: Alexey Dokuchaev <danfe@freebsd.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r304136 - head/security/vuxml Message-ID: <CAF6rxgmDxwQ0bWEGjX3wcHjoVPfdToi6zGux3LfGnV13eT41YQ@mail.gmail.com> In-Reply-To: <20120912132700.GA6185@FreeBSD.org> References: <201209120731.q8C7VMJ4020038@svn.freebsd.org> <CAF6rxgmhw5n0yq54ZOVx%2BVicWP9t=26Jj%2BMQsaJFnnK0zgw79Q@mail.gmail.com> <20120912132700.GA6185@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 September 2012 09:27, Alexey Dokuchaev <danfe@freebsd.org> wrote: > On Wed, Sep 12, 2012 at 08:48:31AM -0400, Eitan Adler wrote: >> On 12 September 2012 03:31, Alexey Dokuchaev <danfe@freebsd.org> wrote: >> > Author: danfe >> > Date: Wed Sep 12 07:31:22 2012 >> > New Revision: 304136 >> > URL: http://svn.freebsd.org/changeset/ports/304136 >> > >> > Log: >> > Update NVIDIA arbitrary memory access vulnerability with CVE-2012-4225. >> >> Thank you for working to document this issue. Since the vulnerability >> is separate issue and could you please create a new VuXML entry >> instead? > > I thought about it, but then after studying the patch, got convinced that > actually the issue is the same, but first patch did not address is > completely. Do you have another considerations that would warrant separate > entry? You can be patched against the first issue but still be vulnerable to the latter. One rule of thumb is if the version numbers differ between what was fixed it should be a separate VuXML. VuXML doesn't track the underlying issue, it tracks what would helpful for sysadmins or desktop users. Think about it this way: - User sees warning for vuxml vid N - User updates - A few days later user sees a warning for vid N again - User is confused -- Eitan Adler Source & Ports committer X11, Bugbusting teams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgmDxwQ0bWEGjX3wcHjoVPfdToi6zGux3LfGnV13eT41YQ>