From owner-freebsd-security@FreeBSD.ORG  Mon May  3 11:47:31 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C05E016A4CE
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 11:47:31 -0700 (PDT)
Received: from mail.xensia.net (colo1.xensia.net [217.158.173.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1EB9543D54
	for <freebsd-security@freebsd.org>;
	Mon,  3 May 2004 11:47:31 -0700 (PDT)
	(envelope-from listsucker@ipv5.net)
Received: from 81-174-2-199.f5.ngi.it ([81.174.2.199] helo=godzilla)
	by mail.xensia.net with asmtp (TLSv1:DES-CBC3-SHA:168)
	id 1BKiTR-000LWK-00; Mon, 03 May 2004 19:47:30 +0100
Date: Mon, 3 May 2004 20:47:13 +0200
From: Frankye - ML <listsucker@ipv5.net>
To: freebsd-security@freebsd.org
Message-Id: <20040503204713.3abb28e0@godzilla>
In-Reply-To: <40968883.3070103@pydo.org>
References: <40965500.4040205@pydo.org>
	<20040503144335.GA15293@madman.celabo.org>
	<40968883.3070103@pydo.org>
X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10; i386-portbld-freebsd4.10)
X-Face: =3I@Jvohf91[b8M]~KUNFaCt}pnTO2K^E#_P4`uCU]D"pHw<vv.g[XV?Zpoi"<2\iSqtx8mg!7,l,"Fw+yCvy[a&<$zz=zGwFX0d4QIxc-e}"VNP-/=W`*P4mM2tYl;s"b=.dOsO3?zC==4G}GWr7-EZxIcVm^6snu=b<'A_g?!)eS~JFGthz?vhiuiFfkl!M?T}m-D*=R
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: Bad VuXML check on PNG port ?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2004 18:47:31 -0000

On Mon, 03 May 2004 19:59:31 +0200
Artur Pydo <artur@pydo.org> wrote:

[cut]

| I know that there is a workaround
| modifying 'auditfile' by hand as it is a ascii file.
| 
| I suggest that in future one avoid setting vulnerable versions as > 0
| because the update fails as long as the reference file has not been
| updated with the correct vulnerable port later.
| 
| In this case it would be much more efficient to set 'png<1.2.5_3'
| from the beginning.

imvho the drawbacks of this solution outweight its usefulness.

If a commit does not solve the problem but makes the port to look not
vulnerable, and I'm a very sloppy or very overworked sysadmin, I might not
notice.
Would you prefer me sweating around the upgrade of something I know is
patched, but portaudit prevents me from portupgrading, or my cracked
zombie machine pounding at your network while I'm slacking off? :)

Just my 2 cents

Frankye