From owner-cvs-all@FreeBSD.ORG Thu Mar 22 07:51:49 2007 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CDEB516A4E1; Thu, 22 Mar 2007 07:51:49 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59]) by mx1.freebsd.org (Postfix) with ESMTP id 8676013C4DB; Thu, 22 Mar 2007 07:51:44 +0000 (UTC) (envelope-from remko@elvandar.org) Received: from localhost (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id 8644092FCFF; Thu, 22 Mar 2007 08:26:41 +0100 (CET) Received: from caelis.elvandar.org ([217.148.169.59]) by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new, port 10024) with ESMTP id 36090-07; Thu, 22 Mar 2007 08:26:34 +0100 (CET) Received: from redqueen.evilcoder-services.org (caelis.elvandar.org [217.148.169.59]) by caelis.elvandar.org (Postfix) with ESMTP id 3CD0492FCB7; Thu, 22 Mar 2007 08:26:34 +0100 (CET) Received: by redqueen.evilcoder-services.org (Postfix, from userid 1001) id F11BA65DE; Thu, 22 Mar 2007 08:26:33 +0100 (CET) Date: Thu, 22 Mar 2007 08:26:33 +0100 From: Remko Lodder To: Kris Kennaway Message-ID: <20070322072633.GC40205@elvandar.org> References: <200703201828.l2KISn1V037775@repoman.freebsd.org> <20070320183210.GA15384@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070320183210.GA15384@xor.obsecurity.org> User-Agent: Mutt/1.5.13 (2006-08-11) X-Virus-Scanned: Maia Mailguard 1.0.1 at elvandar.org Cc: cvs-ports@FreeBSD.org, David Thiel , cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/webcalendar Makefile distinfo X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Mar 2007 07:51:49 -0000 On Tue, Mar 20, 2007 at 02:32:10PM -0400, Kris Kennaway wrote: > On Tue, Mar 20, 2007 at 06:28:49PM +0000, David Thiel wrote: > > lx 2007-03-20 18:28:49 UTC > > > > FreeBSD ports repository > > > > Modified files: > > www/webcalendar Makefile distinfo > > Log: > > Update to 1.0.5, fixing a remote variable overwrite vulnerability. > > See http://secunia.com/advisories/24403/ for more details. > > > > PR: ports/110587 > > Submitted by: Greg Larkin (maintainer) > > Approved by: edwin (mentor) > > FYI the Security: tag should be used in such situations so that the > security team flag it for inclusion in the vulnerability database. > > Kris Hi all, Yes indeed, the Security: tag can be used for that amongst others, other possible items are that Freshports (this is just an example) might be able to parse them and or keep track of them. By using this tag filtering becomes much easier, personally I scan most ports commits and look whether there is a mentioning of Security: or some reference, my life would be made a lot easier when Security: was always used for security related commits (with a reference to the source of the Security issue, and if possible the VuXML link). Thanks! -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */