Date: Fri, 29 Dec 2006 14:15:08 +0100 From: Matthieu Michaud <ohmer@epita.info> To: freebsd-ports@freebsd.org Subject: Re: squirrelmail vuln not published on vuxml ? Message-ID: <459514DC.6060208@epita.info> In-Reply-To: <4594EA9D.5070604@infracaninophile.co.uk> References: <en19c0$amq$1@sea.gmane.org> <4594EA9D.5070604@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > Matthieu Michaud wrote: > >> if i'm not wrong, it seems like the security issue with squirrelmail >> 1.4.8 published on squirrelmail.org is not reported on vuxml. shouldn't >> it be ? > > It looks like a good candidate for that, yes. In order for such problems > to find their way into vuxml the Security Team first has to be made aware > of them. E-mail to sec-team@freebsd.org generally suffices, and it will > help them if references to security advisories, reports on Bugtraq, Secunia > and similar sites, CVE numbers etc. can be included in the report. > > However making that report (along with updating the port to fix the > vulnerabilities) is the port maintainer's responsibility in the first > instance -- only if the maintainer fails to reply or deal with your > concerns should you go direct. > > When updating a port to fix a security hole, adding [security] to the > synopsis (which becomes the Subject line in the gnats e-mails) and CC'ing > sec-team@freebsd.org is generally sufficient to get appropriate entries > made in vuxml and portaudit's DB. > > Cheers, > > Matthew > let's do it, maintainer CC'ed (please read above :p).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?459514DC.6060208>