Date: Sat, 23 May 2015 12:14:54 -0400 From: Jason Unovitch <jason.unovitch@gmail.com> To: ports-secteam@FreeBSD.org, freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: Re: New pkg audit / vuln.xml failures (php55, unzoo) Message-ID: <CABW2x9oPxhzrNmRd8qmVkw13F9zwqQpMGV-UqxJ0TJgiZF6Zyw@mail.gmail.com> In-Reply-To: <20150523153031.A1A07357@hub.freebsd.org> References: <alpine.BSF.2.11.1505171402430.52815@eboyr.pbz> <20150523153031.A1A07357@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, May 23, 2015 at 11:30 AM, Roger Marquis <marquis@roble.com> wrote: > If you find a vulnerability such as a new CVE or mailing list > announcement please send it to the port maintainer and > <ports-secteam@FreeBSD.org> as quickly as possible. They are whoefully > understaffed and need our help. Though freebsd.org indicates that > security alerts should be sent to <secteam@FreeBSD.org> this is > incorrect. If the vulnerability is in a port or package send an alert to > ports-secteam@ and NOT secteam@ as the secteam will generally not reply > to your email or forward the alerts to ports-secteam. > > Roger > I've attempted to knock out a couple of these over the past 2 days. There's certainly a non-trivial amount of PRs stuck in Bugzilla that mention security or CVE that need some care and attention. Here's a few that are now ready for the taking. vuxml patch ready: emulators/virtualbox-ose -- https://bugs.freebsd.org/200311 databases/cassandra -- https://bugs.freebsd.org/199091 databases/cassandra2 -- https://bugs.freebsd.org/200414 (refers to vuxml patch in PR 199091) sysutils/py-salt -- https://bugs.freebsd.org/200172 vuxml previously done and update patch ready: net/chrony -- https://bugs.freebsd.org/199508 both vuxml and update patch ready: mail/davmail -- https://bugs.freebsd.org/198297 Jason
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABW2x9oPxhzrNmRd8qmVkw13F9zwqQpMGV-UqxJ0TJgiZF6Zyw>