From owner-freebsd-questions@freebsd.org  Sat Nov 25 16:21:45 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DBC71DEA1E8
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sat, 25 Nov 2017 16:21:45 +0000 (UTC)
 (envelope-from rplace@vivaldi.net)
Received: from mail.vivaldi.net (mail.vivaldi.net [82.221.99.162])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9DE9664FFC
 for <freebsd-questions@freebsd.org>; Sat, 25 Nov 2017 16:21:44 +0000 (UTC)
 (envelope-from rplace@vivaldi.net)
Received: from localhost (localhost [127.0.0.1])
 by mail.vivaldi.net (Postfix) with ESMTP id 1CF0252E
 for <freebsd-questions@freebsd.org>; Sat, 25 Nov 2017 16:21:47 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at vivaldi.net
Received: from mail.vivaldi.net ([127.0.0.1])
 by localhost (mail.vivaldi.net [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 70CuD3UzMN6Y for <freebsd-questions@freebsd.org>;
 Sat, 25 Nov 2017 16:21:45 +0000 (GMT)
Received: from 03c0.comcast.net (c-71-193-191-101.hsd1.or.comcast.net
 [71.193.191.101]) (Authenticated sender: rplace)
 by mail.vivaldi.net (Postfix) with ESMTPSA id 6894B527
 for <freebsd-questions@freebsd.org>; Sat, 25 Nov 2017 16:21:41 +0000 (GMT)
Date: Sat, 25 Nov 2017 16:21:17 +0000
From: rplace <rplace@vivaldi.net>
To: freebsd-questions@freebsd.org
Subject: why pkgs with vulnerabilities =?utf-8?Q?on?=
 =?utf-8?Q?_quarterly_aren=E2=80=99t?= updated
Message-ID: <20171125162116.GA7147@03c0.comcast.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Nov 2017 16:21:46 -0000


Every day I check pkg audit -F on 11.1 from quarterly, and for like a month
it’s listed many xorg-server vulnerabilities. And now it’s listed firefox-esr
vulnerabilities for what seems like at least a week.

For xorg-server, I see that there’s
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223286
which has drawn zero attention.

I see that there are newer versions in latest.

How do I tell when issues have fallen between the cracks vs
a change deliberately not being brought to quarterly?

In cases like this, does it make sense to talk to maintainers,
or to one of the pkg/ports lists, or…?