Date: Sun, 13 Aug 2023 19:43:37 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: freebsd-security@freebsd.org Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: vulnerablities in base unreported in VuXML Message-ID: <dada4886-f75e-df01-2382-ec464f0c8b13@quip.cz> In-Reply-To: <08443176-fdef-ee00-ed7e-6d90d2b241f7@quip.cz> References: <08443176-fdef-ee00-ed7e-6d90d2b241f7@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Again and again and again... New Security Vulnerabilities were published almost 2 weeks ago but they were not added to VuXML database again so /usr/local/etc/periodic/security/410.pkg-audit from pkg cannot report these vulnerabilities on kernel and userland on any vulnerable system. Please can Security Team add all past vulnerabilities in to VuXML and fix process of publishing future SAs that they will never be missed again? Kind regards Miroslav Lachman On 04/05/2023 19:56, Miroslav Lachman wrote: > As was noted on FreeBSD forum [1], there is problem with missing SA > entries in VuXML (again). > The last entry is from 2022-08-31 for zlip heap buffer overflow [2] > 5 SA entries are missing. Can somebody from Securitu Officers take a > look on it and publish missing entries? > And fix the SA release process for all future SAs so we do not miss any > again? Periodic 405.pkg-base-audit from pkg is usless without up to date > VuXML. > > [1] > https://forums.freebsd.org/threads/pkg-audit-vuln-xml-no-more-updates-for-base-system-and-kernel.71239/#post-609407 > [2] https://www.vuxml.org/freebsd/pkg-FreeBSD.html > > Kind regards > Miroslav Lachman >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dada4886-f75e-df01-2382-ec464f0c8b13>