From owner-svn-ports-head@FreeBSD.ORG Sun Jun 16 14:06:06 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id AF79A8C8; Sun, 16 Jun 2013 14:06:06 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-ie0-x230.google.com (mail-ie0-x230.google.com [IPv6:2607:f8b0:4001:c03::230]) by mx1.freebsd.org (Postfix) with ESMTP id 6A6AA19FE; Sun, 16 Jun 2013 14:06:06 +0000 (UTC) Received: by mail-ie0-f176.google.com with SMTP id ar20so4899307iec.35 for ; Sun, 16 Jun 2013 07:06:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=+qnSMnyeeXH1TF518X6CuosTM73z7hQy54F1RAsKxUg=; b=soTK54ULOc7dFK0ANPV4qAt3zkJSKN/d0s64XMazeN6u8Pz6slOiKUAnBAdahMG+Rx HpU98Qe1UFQQBxg7lOKlsrKP8goNwHh4z7a+6gg/I39LH6uoz/df8NoS9XQU/di5KQ0d wOat0sDR+egaJKgkMunyPNSunkiuB0crSShldn+YxxymvD0ImFwnX4jQVK5LqKynEOUF lFntHGIURZd7HTCvWWM3GN93dsPONTnREsTe0gMURxy9WjANNLQEhQw10+NCsksRO+J8 ju8DxkbsGIKAxq4n5aYrzDDpwVaaWNhDEo6zO45Jlocn22OFirl1AV+puxnkOrCWdEIS ixyA== MIME-Version: 1.0 X-Received: by 10.50.66.199 with SMTP id h7mr2918674igt.8.1371391566144; Sun, 16 Jun 2013 07:06:06 -0700 (PDT) Received: by 10.64.39.201 with HTTP; Sun, 16 Jun 2013 07:06:06 -0700 (PDT) In-Reply-To: References: <201306161247.r5GCloLW020616@svn.freebsd.org> Date: Sun, 16 Jun 2013 14:06:06 +0000 Message-ID: Subject: Re: svn commit: r321045 - head/security/tor-devel From: "b.f." To: Eitan Adler Content-Type: text/plain; charset=ISO-8859-1 Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: bf1783@gmail.com List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jun 2013 14:06:06 -0000 On 6/16/13, Eitan Adler wrote: > On Sun, Jun 16, 2013 at 2:47 PM, Brendan Fabeny wrote: >> Author: bf >> Date: Sun Jun 16 12:47:50 2013 >> New Revision: 321045 >> URL: http://svnweb.freebsd.org/changeset/ports/321045 >> >> Log: >> Remove a problematic mirror, and note that the commit message for >> r321043 >> should have read: >> >> Update to 0.2.4.13-alpha >> >> Security: Tor bug 8833 and other potential remote crash >> vulnerabilities > > Is this documented in VuXML? > FWIW the Security tag is usually the CVE id or VuXML id for the issue. That is often the case, but we have always permitted other reliable references as well. In this case no CVEs were issued, and I rarely bother with VuXML entries for the -devel port, because users have come to expect frequent updates and bug disclosures, and a full list of the secure versions would be complicated and subject to frequent changes. However, I can add an entry marking all prior versions as vulnerable in this case if users think that it would be helpful. b.