Date: Thu, 16 May 2019 11:41:23 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: Alan Somers <asomers@freebsd.org> Cc: FreeBSD Stable ML <stable@freebsd.org>, Mel Pilgrim <list_freebsd@bluerosetech.com> Subject: Re: FreeBSD flood of 8 breakage announcements in 3 mins. Message-ID: <8e472993-2d01-003f-acbb-77f9edf512dc@quip.cz> In-Reply-To: <CAOtMX2hnk2Y3ZD3r5XOgjXp_otMoi_m0uXZ0EFs6WRgGpS9qAw@mail.gmail.com> References: <201905151425.x4FEPNqk065975@fire.js.berklix.net> <e8125e97-6308-5ad0-b850-6825069683d4@bluerosetech.com> <fdb00d1a-3cf2-89ac-a03c-010c8a7501d6@quip.cz> <CAOtMX2hnk2Y3ZD3r5XOgjXp_otMoi_m0uXZ0EFs6WRgGpS9qAw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alan Somers wrote on 2019/05/16 05:16: > On Wed, May 15, 2019 at 9:14 PM Miroslav Lachman <000.fbsd@quip.cz> wrote: >> It would also be good if base system vulnerabilities are first published >> in FreeBSD vuxml. Then it can be reported to sysadmins by package >> security/base-audit. > > +1. Reporting base + ports vulnerabilities in a common way would be > great. I assume that this is already part of the pkgbase project > being worked on by brd and others. The functionality is already there. The only part missing is Security Office should fill the data in to vuxml at the time of publishing new SA. Thanks to Mark Felder https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/ Then I provided periodic script https://www.freshports.org/security/base-audit/ Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e472993-2d01-003f-acbb-77f9edf512dc>