Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 12 Sep 2012 09:33:10 -0400
From:      Eitan Adler <eadler@freebsd.org>
To:        Alexey Dokuchaev <danfe@freebsd.org>
Cc:        svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org
Subject:   Re: svn commit: r304136 - head/security/vuxml
Message-ID:  <CAF6rxgmDxwQ0bWEGjX3wcHjoVPfdToi6zGux3LfGnV13eT41YQ@mail.gmail.com>
In-Reply-To: <20120912132700.GA6185@FreeBSD.org>
References:  <201209120731.q8C7VMJ4020038@svn.freebsd.org> <CAF6rxgmhw5n0yq54ZOVx%2BVicWP9t=26Jj%2BMQsaJFnnK0zgw79Q@mail.gmail.com> <20120912132700.GA6185@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 12 September 2012 09:27, Alexey Dokuchaev <danfe@freebsd.org> wrote:
> On Wed, Sep 12, 2012 at 08:48:31AM -0400, Eitan Adler wrote:
>> On 12 September 2012 03:31, Alexey Dokuchaev <danfe@freebsd.org> wrote:
>> > Author: danfe
>> > Date: Wed Sep 12 07:31:22 2012
>> > New Revision: 304136
>> > URL: http://svn.freebsd.org/changeset/ports/304136
>> >
>> > Log:
>> >   Update NVIDIA arbitrary memory access vulnerability with CVE-2012-4225.
>>
>> Thank you for working to document this issue.  Since the vulnerability
>> is separate issue and could you please create a new VuXML entry
>> instead?
>
> I thought about it, but then after studying the patch, got convinced that
> actually the issue is the same, but first patch did not address is
> completely.  Do you have another considerations that would warrant separate
> entry?

You can be patched against the first issue but still be vulnerable to
the latter. One rule of thumb is if the version numbers differ between
what was fixed
it should be a separate VuXML.

VuXML doesn't track the underlying issue, it tracks what would helpful
for sysadmins or desktop users.

Think about it this way:
- User sees warning for vuxml vid N
- User updates
- A few days later user sees a warning for vid N again
- User is confused


-- 
Eitan Adler
Source & Ports committer
X11, Bugbusting teams

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgmDxwQ0bWEGjX3wcHjoVPfdToi6zGux3LfGnV13eT41YQ>