Date: Wed, 20 Feb 2013 18:17:48 +0400 From: Ruslan Makhmatkhanov <cvs-src@yandex.ru> To: Eitan Adler <eadler@freebsd.org> Cc: svn-ports-head@freebsd.org, Alexey Dokuchaev <danfe@freebsd.org>, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r312626 - head/security/vuxml Message-ID: <5124DB0C.8030703@yandex.ru> In-Reply-To: <CAF6rxg=AAEcuPzS_Hoeu%2B1KcpPeSxQxyW0czAM7BYiQgJ1KfTA@mail.gmail.com> References: <201302201358.r1KDwKxc094476@svn.freebsd.org> <20130220140104.GA75978@FreeBSD.org> <CAF6rxg=AAEcuPzS_Hoeu%2B1KcpPeSxQxyW0czAM7BYiQgJ1KfTA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Eitan Adler wrote on 20.02.2013 18:03: > On 20 February 2013 09:01, Alexey Dokuchaev <danfe@freebsd.org> wrote: >> On Wed, Feb 20, 2013 at 01:58:20PM +0000, Ruslan Mahmatkhanov wrote: >>> New Revision: 312626 >>> URL: http://svnweb.freebsd.org/changeset/ports/312626 >>> >>> Log: >>> - add an entry for net/nss-pam-ldapd stack-based buffer overflow >>> >>> According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11, >>> but since we never had this version in the ports tree, mark everything >>> < 0.8.12 as vulnerable. >> >> This seems weird. Is there any limitation in VuXML that we need to cope >> with by introducing such inconsistencies with official advisories? > > VuXML is intended to address FreeBSD user concerns, not upstream > concerns. There isn't a limitation here, but it makes sense to write > the VuXML <range> this way. This is exactly what I guided when making decision: change it to 0.8.11 or left it as 0.8.12 that was in original submission. -- Regards, Ruslan Tinderboxing kills... the drives.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5124DB0C.8030703>