Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 29 Dec 2006 10:14:53 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Matthieu Michaud <ohmer@epita.info>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: squirrelmail vuln not published on vuxml ?
Message-ID:  <4594EA9D.5070604@infracaninophile.co.uk>
In-Reply-To: <en19c0$amq$1@sea.gmane.org>
References:  <en19c0$amq$1@sea.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD67DFC7807B7FFB5CDA670F5
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable

Matthieu Michaud wrote:

> if i'm not wrong, it seems like the security issue with squirrelmail
> 1.4.8 published on squirrelmail.org is not reported on vuxml. shouldn't=

> it be ?

It looks like a good candidate for that, yes.  In order for such problems=

to find their way into vuxml the Security Team first has to be made aware=

of them.  E-mail to sec-team@freebsd.org generally suffices, and it will
help them if references to security advisories, reports on Bugtraq, Secun=
ia
and similar sites, CVE numbers etc. can be included in the report.

However making that report (along with updating the port to fix the
vulnerabilities) is the port maintainer's responsibility in the first
instance -- only if the maintainer fails to reply or deal with your
concerns should you go direct.

When updating a port to fix a security hole, adding [security] to the
synopsis (which becomes the Subject line in the gnats e-mails) and CC'ing=

sec-team@freebsd.org is generally sufficient to get appropriate entries
made in vuxml and portaudit's DB. =20

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW


--------------enigD67DFC7807B7FFB5CDA670F5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFlOqj8Mjk52CukIwRCD0rAKCEzwm2E1fCsETTg7AUZQjAQOB5xACfTMMz
fyqpm+0BEAr5imB9ey1B2+Y=
=NWBZ
-----END PGP SIGNATURE-----

--------------enigD67DFC7807B7FFB5CDA670F5--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4594EA9D.5070604>