From nobody Wed Apr 24 03:21:05 2024
X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VPPQX10CVz5JdNs
	for <ports-bugs@mlmmj.nyi.freebsd.org>; Wed, 24 Apr 2024 03:21:08 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VPPQW4hqCz4J3p
	for <ports-bugs@FreeBSD.org>; Wed, 24 Apr 2024 03:21:07 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1713928867; a=rsa-sha256; cv=none;
	b=Rpb2J93phFFr0Q+B1M1CR9slP6HcoGomp+iEm3KlIxtjGbiInu2Tbv6DP4yjtgcvq2sDOQ
	QScvDsMDmYUj4V9DcEp2JErZPu67lr3FfUcUrYOSdYynLDKxBggaAYybXtj0LMSH3N+38D
	B2kFNkwAkuBjL7Hl/2R2nAadiNLF1cl6KilVwIjsupAV+CYroub8b7HvLhx3/IZZyhFnLG
	yrZs4nRRswf7YgXb5XBIvKwX4MnvlU1H2kZhKcbzwmWz9nxxZkb+3gyOPvWExEopM9Elgs
	M2+IqdxgaJpxnhyn65+kPUe2O8Dmo2G0Hiaud9kmg/16Uba0Bd71whsAOvLDIA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1713928867;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=raSp5nHV80wnfpLm+A2cY6/7ekOfPeAHABWApP+xQGY=;
	b=iMfACt8sSFoD6/GXiDDIwaXkDiK8uOxwwowla/YpnKmyTFLPyHuCvoJQkO4Mu29Jzh6uCj
	3SZOw7WJtTz785oFyJvtewx5AGeuJjaNuDukEFzfxN+/GFTa1LRuUsiX4g0uUGXlS7iJbf
	wH+2h6CoU1pSg8Tbqy4LAfwDF0aQueYHTiMfZd4/bRlPppJwfeuaN0k0JI78q7bdV7C88M
	uCMH2u7nygOkIwtEB85W0HQSQ6V9H7lsEDdZg6hRGbrPqQu/JSvfrPUohXkeArq4vrYPEu
	lRxKgdZlZI+p3upogT+zFpOOK+tP0VO21aRnuHkudU5SQGrT1y8DTERNpiM+Kw==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VPPQW4BkVzysB
	for <ports-bugs@FreeBSD.org>; Wed, 24 Apr 2024 03:21:07 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 43O3L7P4023462
	for <ports-bugs@FreeBSD.org>; Wed, 24 Apr 2024 03:21:07 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 43O3L7GR023461
	for ports-bugs@FreeBSD.org; Wed, 24 Apr 2024 03:21:07 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 278549] security/vuxml: false positivites for www/glpi
Date: Wed, 24 Apr 2024 03:21:05 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: philip@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: philip@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to bug_status cc
Message-ID: <bug-278549-7788-LDPTWpmsbM@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-278549-7788@https.bugs.freebsd.org/bugzilla/>
References: <bug-278549-7788@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs
List-Help: <mailto:ports-bugs+help@freebsd.org>
List-Post: <mailto:ports-bugs@freebsd.org>
List-Subscribe: <mailto:ports-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports-bugs+unsubscribe@freebsd.org>
X-BeenThere: freebsd-ports-bugs@freebsd.org
Sender: owner-freebsd-ports-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278549

Philip Paeps <philip@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|ports-bugs@FreeBSD.org      |philip@FreeBSD.org
             Status|New                         |Open
                 CC|                            |philip@FreeBSD.org

--- Comment #1 from Philip Paeps <philip@FreeBSD.org> ---
I think what Jochen meant in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255948#c13 is that we d=
on't
add new vulnerabilities to existing vuxml entries.  When new vulnerabilities
become known, we create new vuxml entries for them.


If previous entries are wrong though, we should correct them.

In this instance: I wonder if it's worth the churn of correcting the old
entries, given that newer vulnerabilities have been discovered that affect
every version prior to 10.0.14.

I'm happy to commit the corrections if someone could double-check them for =
me,
e.g. the maintainer?  Does this patch look correct Mathias?

--=20
You are receiving this mail because:
You are the assignee for the bug.=