Date: Sun, 16 Jun 2013 14:06:06 +0000 From: "b.f." <bf1783@googlemail.com> To: Eitan Adler <eadler@freebsd.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Subject: Re: svn commit: r321045 - head/security/tor-devel Message-ID: <CAGFTUwPZM4u6LYvx_rsF4My7tHPZKS3V_N2YO7ur29HQyesOsQ@mail.gmail.com> In-Reply-To: <CAF6rxgm3x4VgGCnWBJC5SanViZuj1ZNQ-qfsZFgwiSmpBkvXuQ@mail.gmail.com> References: <201306161247.r5GCloLW020616@svn.freebsd.org> <CAF6rxgm3x4VgGCnWBJC5SanViZuj1ZNQ-qfsZFgwiSmpBkvXuQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/16/13, Eitan Adler <eadler@freebsd.org> wrote: > On Sun, Jun 16, 2013 at 2:47 PM, Brendan Fabeny <bf@freebsd.org> wrote: >> Author: bf >> Date: Sun Jun 16 12:47:50 2013 >> New Revision: 321045 >> URL: http://svnweb.freebsd.org/changeset/ports/321045 >> >> Log: >> Remove a problematic mirror, and note that the commit message for >> r321043 >> should have read: >> >> Update to 0.2.4.13-alpha >> >> Security: Tor bug 8833 and other potential remote crash >> vulnerabilities > > Is this documented in VuXML? > FWIW the Security tag is usually the CVE id or VuXML id for the issue. That is often the case, but we have always permitted other reliable references as well. In this case no CVEs were issued, and I rarely bother with VuXML entries for the -devel port, because users have come to expect frequent updates and bug disclosures, and a full list of the secure versions would be complicated and subject to frequent changes. However, I can add an entry marking all prior versions as vulnerable in this case if users think that it would be helpful. b.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGFTUwPZM4u6LYvx_rsF4My7tHPZKS3V_N2YO7ur29HQyesOsQ>