From owner-svn-ports-all@FreeBSD.ORG Wed Sep 12 13:33:43 2012 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7F234106566B for ; Wed, 12 Sep 2012 13:33:43 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 1D99A8FC15 for ; Wed, 12 Sep 2012 13:33:43 +0000 (UTC) Received: by dadr6 with SMTP id r6so1103498dad.13 for ; Wed, 12 Sep 2012 06:33:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=vg7sIP0yr0xU4f8dLhxD5caIbPqiEHy2SYpmNHgZItw=; b=CvlpYqZJjRUu5c+3nFCzqmBiQNdgPNWCTF45PsxY6oS8sAWe7x68V5X8mfPvwPXabM ebyzEUVW0bEOBwCKf2CjysXBfsAQY/UiwsiAxICmq0kzS02aHiLpg+1NB7a3cfD+m+kH 9cs5RQKGTdMOdoS8APWVi51qQBGJiVAp7encA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=vg7sIP0yr0xU4f8dLhxD5caIbPqiEHy2SYpmNHgZItw=; b=kdds3qiFN5vnuU8doIJednxX18PZh9qATtIJ9BoLHa0+NNGmmMfAy2xrG0NKphx+rK w4/JoyHmABfYnsfTdkZGj9dX9mNTsetzhZH8vH2BfjUbtV+7939S9DxL6u0VUITI5jg2 +oqL8lwtvoI3PPnS0YBqW3lcdIu0pHJEtM+9NpJE4fXYvkukOApHVVIk5/W5dr0jP/rI zVhStRbEDpbXAsjLs5CGRhLNcjlb/ORV95rQ//4eQDLhYHSKWItoEQEx7tIUpX6Ax5xl NlDXi1KpTaUOk11SWQHiM0lXx9sf6LkPSe2VnsKV1OqjSNJKAtxn+Dl09Duq9qXYHr6I 2iRg== Received: by 10.68.138.133 with SMTP id qq5mr16764466pbb.86.1347456821717; Wed, 12 Sep 2012 06:33:41 -0700 (PDT) MIME-Version: 1.0 Sender: lists@eitanadler.com Received: by 10.66.87.41 with HTTP; Wed, 12 Sep 2012 06:33:10 -0700 (PDT) In-Reply-To: <20120912132700.GA6185@FreeBSD.org> References: <201209120731.q8C7VMJ4020038@svn.freebsd.org> <20120912132700.GA6185@FreeBSD.org> From: Eitan Adler Date: Wed, 12 Sep 2012 09:33:10 -0400 X-Google-Sender-Auth: 4RXWdAxpXJ9hT1YjkAQs9KVhGHs Message-ID: To: Alexey Dokuchaev Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQkbLKKzTmXjwZeRue41W40QGSrHp85TvGGeljc/rr6hpebMlocjN/lNC8HUOeojFnXU3VIS Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r304136 - head/security/vuxml X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2012 13:33:43 -0000 On 12 September 2012 09:27, Alexey Dokuchaev wrote: > On Wed, Sep 12, 2012 at 08:48:31AM -0400, Eitan Adler wrote: >> On 12 September 2012 03:31, Alexey Dokuchaev wrote: >> > Author: danfe >> > Date: Wed Sep 12 07:31:22 2012 >> > New Revision: 304136 >> > URL: http://svn.freebsd.org/changeset/ports/304136 >> > >> > Log: >> > Update NVIDIA arbitrary memory access vulnerability with CVE-2012-4225. >> >> Thank you for working to document this issue. Since the vulnerability >> is separate issue and could you please create a new VuXML entry >> instead? > > I thought about it, but then after studying the patch, got convinced that > actually the issue is the same, but first patch did not address is > completely. Do you have another considerations that would warrant separate > entry? You can be patched against the first issue but still be vulnerable to the latter. One rule of thumb is if the version numbers differ between what was fixed it should be a separate VuXML. VuXML doesn't track the underlying issue, it tracks what would helpful for sysadmins or desktop users. Think about it this way: - User sees warning for vuxml vid N - User updates - A few days later user sees a warning for vid N again - User is confused -- Eitan Adler Source & Ports committer X11, Bugbusting teams