Date: Sun, 8 Jul 2012 12:27:47 -0700 From: Xin LI <delphij@gmail.com> To: Eitan Adler <eadler@freebsd.org> Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <CAGMYy3vL48W98bD9Jvmx%2B2pP_wX0hTYxPJgZJ%2B7f91DL1h-BFA@mail.gmail.com> In-Reply-To: <201207081900.q68J08f7088286@repoman.freebsd.org> References: <201207081900.q68J08f7088286@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 8, 2012 at 12:00 PM, Eitan Adler <eadler@freebsd.org> wrote: > eadler 2012-07-08 19:00:08 UTC > > FreeBSD ports repository > > Modified files: > security/vuxml vuln.xml > Log: > openx reported a new security issue but does not provide any details: inform users of this. I don't think it's right to assign same identifier to different issues. For 2.8.9 I think it was: http://www.infosecstuff.com/openx-releases-patch-for-csrf-vulnerability/ And for 2.8.8 it was: http://secunia.com/advisories/48275/ It seems that OpenX does not release any information about the vulnerability which is a bad practice in my opinion by the way. Cheers, -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGMYy3vL48W98bD9Jvmx%2B2pP_wX0hTYxPJgZJ%2B7f91DL1h-BFA>