From owner-freebsd-ports@FreeBSD.ORG Sat Jul 30 21:00:56 2005 Return-Path: X-Original-To: ports@freebsd.org Delivered-To: freebsd-ports@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C900316A422 for ; Sat, 30 Jul 2005 21:00:56 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8952343D66 for ; Sat, 30 Jul 2005 21:00:35 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id B8AC111B07; Sat, 30 Jul 2005 23:00:33 +0200 (CEST) Date: Sat, 30 Jul 2005 23:00:33 +0200 From: "Simon L. Nielsen" To: Babak Farrokhi Message-ID: <20050730210033.GM930@zaphod.nitro.dk> References: <20050728154248.GA943@zi025.glhnet.mhn.de> <20050728164111.GA66015@isis.sigpipe.cz> <20050728170401.GA9534@soaustin.net> <20050728172249.GD66015@isis.sigpipe.cz> <20050728175142.GA11503@soaustin.net> <20050728225650.GE66015@isis.sigpipe.cz> <20050729020225.GA28471@soaustin.net> <20050729102158.GA73490@isis.sigpipe.cz> <20050729203324.GA19476@soaustin.net> <9f7e126b050730124130c9bf87@mail.gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SBT+cnFS/G3NVgv4" Content-Disposition: inline In-Reply-To: <9f7e126b050730124130c9bf87@mail.gmail.com> User-Agent: Mutt/1.5.9i Cc: ports@freebsd.org, Mark Linimon Subject: Re: New port with maintainer ports@FreeBSD.org [was: Question about maintainers] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Jul 2005 21:00:56 -0000 --SBT+cnFS/G3NVgv4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.07.31 00:11:40 +0430, Babak Farrokhi wrote: > Another example: I submitted patch to update editors/vim to patchlevel > 79, now this version is vulnerable to arbitrary command execution > according to CAN-2005-2368. So I submitted the patchlevel 85 > (ports/84145) and also notified security-team@. But the port is still > awaiting approval. With my Security Team hat: When updating port for security issues it's always a weighting of getting the fix in ASAP and waiting for maintainer approval/review. Waiting for the maintainer is not just a matter of courtesy, but is also done to make sure the patch doesn't break more than it fixes. In general the Security Team don't know much about the inner workings of each particular port. For this particular case I know remko@ has been working on it and has an almost ready to commit VuXML entry for the issue. I don't know the status of the port update, other than what the PR says. --=20 Simon L. Nielsen FreeBSD Security Team --SBT+cnFS/G3NVgv4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFC6+pxh9pcDSc1mlERAgJaAKCl/n/9agnExc9QMyIBBe7oPDyGBgCeIeTv GhT8hdtE0FRCWnQB0q217Ls= =yJbw -----END PGP SIGNATURE----- --SBT+cnFS/G3NVgv4--