Date: Wed, 10 Jul 2019 00:04:21 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: "Chisholm, Rick" <rick.chisholm@hubinternational.com>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: [EXTERNAL] Status of FreeBSD vulnerabilities in VUXML database Message-ID: <1dec1b4c-e54f-ba65-c1dc-cc91b9a5dec2@quip.cz> In-Reply-To: <0054FFE9E041FC4EB2D50A99E26B120A06314D8F@EDCV-XHG-TNP01.hub.local> References: <af0f5734-180e-33e3-6b39-ea97fb2422fa@quip.cz> <0054FFE9E041FC4EB2D50A99E26B120A06314D8F@EDCV-XHG-TNP01.hub.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Chisholm, Rick wrote on 2019/07/09 20:55: > My understanding has always been vuXML is for ports / packages and the advisories page is for base. Support for FreeBSD base vulnerabilities was created by Mark Felder 3 years ago https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/ and the past Security Advisories was published in VUXML. At this time there is no other automated system to report base system vulnerabilities - are we really in 2019? > -----Original Message----- > From: owner-freebsd-security@freebsd.org <owner-freebsd-security@freebsd.org> On Behalf Of Miroslav Lachman > Sent: July 9, 2019 2:14 PM > To: freebsd-security@freebsd.org > Subject: [EXTERNAL] Status of FreeBSD vulnerabilities in VUXML database > > This Message originated outside of the organization. > > What is the official status of FreeBSD Security Advisories and entries in VUXML database? > I am asking especially because new FreeBSD base system vulnerabilities are not being added to the vuxml database. The last was added 2019-04-23 according to https://vuxml.freebsd.org/freebsd/ > > Why? > > VUXML is FreeBSD's own pet so why new SAs are not added there the same day they are published as SA on https://www.freebsd.org/security/advisories.html? > > It makes base-audit periodic useless. > https://www.freshports.org/security/base-audit/ > > Kind regards > Miroslav Lachman > _______________________________________________ > freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1dec1b4c-e54f-ba65-c1dc-cc91b9a5dec2>