From owner-freebsd-ports@freebsd.org Mon Jul 23 19:29:20 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B8AC310531A0 for ; Mon, 23 Jul 2018 19:29:20 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4C1D38B2F4 for ; Mon, 23 Jul 2018 19:29:20 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 0961B105319C; Mon, 23 Jul 2018 19:29:20 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E93D5105319B; Mon, 23 Jul 2018 19:29:19 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 934908B2F3; Mon, 23 Jul 2018 19:29:19 +0000 (UTC) (envelope-from mat@FreeBSD.org) Received: from atuin.in.mat.cc (unknown [IPv6:2a01:678:42:ffff:3e15:c2ff:fec4:452e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: mat/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id EBE4DD03D; Mon, 23 Jul 2018 19:29:18 +0000 (UTC) (envelope-from mat@FreeBSD.org) Date: Mon, 23 Jul 2018 21:29:14 +0200 From: Mathieu Arnold To: Franco Fichtner Cc: FreeBSD Ports , ports-secteam@FreeBSD.org Subject: Re: LibreSSL CVE-2018-0732 correction Message-ID: <20180723192914.elydx54y6w6q22ic@atuin.in.mat.cc> References: <9FACEB69-15B0-4022-8F0B-EE1FD801DBB3@lastsummer.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4m23iw7o4oyor2u6" Content-Disposition: inline In-Reply-To: <9FACEB69-15B0-4022-8F0B-EE1FD801DBB3@lastsummer.de> User-Agent: NeoMutt/20180716 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jul 2018 19:29:20 -0000 --4m23iw7o4oyor2u6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 23, 2018 at 09:14:48PM +0200, Franco Fichtner wrote: > Hi, >=20 > What's the policy for picking these up? Is there the same > kind of maintainer timeout at play here? Feedback welcome. >=20 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D229037 security/vuxml is maintained by ports-secteam@, so it's their turf. Or the maintainer of the offending port, or the person who did the first commit to vuln.xml file about this entry. In any way, the vuln.xml file is open to anyone to commit, so anyone can do it. --=20 Mathieu Arnold --4m23iw7o4oyor2u6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAABCgB9FiEEOraXidLtEhBkQLpbOkUW81GDzkgFAltWLIlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNB QjY5Nzg5RDJFRDEyMTA2NDQwQkE1QjNBNDUxNkYzNTE4M0NFNDgACgkQOkUW81GD zkjNEw/8Dv+xPZLKV+EdiPCClj1Tyq91Ac0W5Dt6B/D2ViBeCFmpGJwTzMapYmGC Gyv8V/sT+jeNhzy16o/sidiaYU+w1guJUzh7HySpnNiDGU/IWfbt2NCJvGe3zmql OaFb0gU5OvvLhMDeCPgdOMqW2LpnH0HEvSuefbmK9//BhdtL1lMoJPhkqUGeHmYC oX9P+eH63tXZM/PPJ1hfvSGkWwf83RtkPTgeBKAL/+ptdq7WkbYm2i/HjkaXc4lh IKk99vJH4lXbgrHvHxY2wmDcmpyJB77so34DUxIEXDxxXBmmBiuXr69gq1nhF0qp AA2BnBssLvYPVrW8p1t0yY1mVMwNDf9/CNQqaFJUOoWXGjDWY1vwkfaw+RRhGkun Ga68U5aAlqY3Sz07Tis/1gLqHhbuUx15FVrhBjsVDp2IbZGcXi+Zu4zuAbBjbATo LBAfeKByO1yk339yRds3j2yTDLGvBRvaJ8dtXbIeEuGvTaGyXToN+Kyke6hMjj4U yb22nK838FohDpMFTA3YTxeCmsBbHsMNckZAJd+MmKcSE59+72HUAbv+ZRyXCx9W L8cujCqJWS5E8vfwundSGBWGrrOS/rH+oUQiuovLKsIQZV7nMys5CRBpdOC/4ffK +Ke3W4Vhz+Lf4TLJbAHUJMbr8f6CVX5YRikpUXi8wrlk1fgiKLA= =0uOD -----END PGP SIGNATURE----- --4m23iw7o4oyor2u6--