Date: Sat, 30 Jul 2005 23:00:33 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Babak Farrokhi <bfarrokhi@gmail.com> Cc: ports@freebsd.org, Mark Linimon <linimon@lonesome.com> Subject: Re: New port with maintainer ports@FreeBSD.org [was: Question about maintainers] Message-ID: <20050730210033.GM930@zaphod.nitro.dk> In-Reply-To: <9f7e126b050730124130c9bf87@mail.gmail.com> References: <20050728154248.GA943@zi025.glhnet.mhn.de> <20050728164111.GA66015@isis.sigpipe.cz> <20050728170401.GA9534@soaustin.net> <20050728172249.GD66015@isis.sigpipe.cz> <20050728175142.GA11503@soaustin.net> <20050728225650.GE66015@isis.sigpipe.cz> <20050729020225.GA28471@soaustin.net> <20050729102158.GA73490@isis.sigpipe.cz> <20050729203324.GA19476@soaustin.net> <9f7e126b050730124130c9bf87@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--SBT+cnFS/G3NVgv4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.07.31 00:11:40 +0430, Babak Farrokhi wrote: > Another example: I submitted patch to update editors/vim to patchlevel > 79, now this version is vulnerable to arbitrary command execution > according to CAN-2005-2368. So I submitted the patchlevel 85 > (ports/84145) and also notified security-team@. But the port is still > awaiting approval. With my Security Team hat: When updating port for security issues it's always a weighting of getting the fix in ASAP and waiting for maintainer approval/review. Waiting for the maintainer is not just a matter of courtesy, but is also done to make sure the patch doesn't break more than it fixes. In general the Security Team don't know much about the inner workings of each particular port. For this particular case I know remko@ has been working on it and has an almost ready to commit VuXML entry for the issue. I don't know the status of the port update, other than what the PR says. --=20 Simon L. Nielsen FreeBSD Security Team --SBT+cnFS/G3NVgv4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC6+pxh9pcDSc1mlERAgJaAKCl/n/9agnExc9QMyIBBe7oPDyGBgCeIeTv GhT8hdtE0FRCWnQB0q217Ls= =yJbw -----END PGP SIGNATURE----- --SBT+cnFS/G3NVgv4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050730210033.GM930>