Date: Wed, 20 Feb 2013 14:34:22 +0000 From: Alexey Dokuchaev <danfe@FreeBSD.org> To: Eitan Adler <eadler@freebsd.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, Ruslan Mahmatkhanov <rm@freebsd.org>, ports-committers@freebsd.org Subject: Re: svn commit: r312626 - head/security/vuxml Message-ID: <20130220143422.GA95204@FreeBSD.org> In-Reply-To: <CAF6rxg=AAEcuPzS_Hoeu%2B1KcpPeSxQxyW0czAM7BYiQgJ1KfTA@mail.gmail.com> References: <201302201358.r1KDwKxc094476@svn.freebsd.org> <20130220140104.GA75978@FreeBSD.org> <CAF6rxg=AAEcuPzS_Hoeu%2B1KcpPeSxQxyW0czAM7BYiQgJ1KfTA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 20, 2013 at 09:03:38AM -0500, Eitan Adler wrote: > On 20 February 2013 09:01, Alexey Dokuchaev <danfe@freebsd.org> wrote: > > On Wed, Feb 20, 2013 at 01:58:20PM +0000, Ruslan Mahmatkhanov wrote: > >> New Revision: 312626 > >> URL: http://svnweb.freebsd.org/changeset/ports/312626 > >> > >> According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11, > >> but since we never had this version in the ports tree, mark everything > >> < 0.8.12 as vulnerable. > > > > This seems weird. Is there any limitation in VuXML that we need to cope > > with by introducing such inconsistencies with official advisories? > > VuXML is intended to address FreeBSD user concerns, not upstream concerns. OK, but how does it hurt to provide correct version vs. version that was in ports? Users might have patched ports; others would be wondering why our numbers differ from the upstream and/or popular vulnerability aggregators. Anyway, since Ruslan agrees with you on this, I guess I better shut up. :-) ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130220143422.GA95204>