Date: Mon, 18 May 2015 20:01:30 +0100 From: "Sevan / Venture37" <venture37@gmail.com> To: Mark Felder <feld@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: pkg audit / vuln.xml failures Message-ID: <CA%2BU3Mf4kzdkFjO1Jd78Sw4Oj2DWk9N9zws9wPgngLJoBmZ8ZFQ@mail.gmail.com> In-Reply-To: <1431972413.2880876.271908321.6959F2D3@webmail.messagingengine.com> References: <20150517210300.45FF67B8@hub.freebsd.org> <1431972413.2880876.271908321.6959F2D3@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 May 2015 at 19:06, Mark Felder <feld@freebsd.org> wrote: > > > On Sun, May 17, 2015, at 16:02, Roger Marquis wrote: >> Does anyone know what's going on with vuln.xml updates? Over the last >> few weeks and months CVEs and application mailing lists have announced >> vulnerabilities for several ports that in some cases only showed up in >> vuln.xml after several days and in other cases are still not listed >> (despite email to the security team). >> >> Is there a URL outlining the policies and procedures of vuln.xml >> maintenance? >> > > I am also interested. I know there is a desire to leverage CPE in the > future, but I've seen CPE entries take weeks to show up. Our vuln.xml > maintenance has always been pretty solid. Is there a lack of manpower > right now? Are there notices/reports not being processed? > > How can we help? Bug reports with notice of new additions just to give a heads up at the least. Sevan / Venture37
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BU3Mf4kzdkFjO1Jd78Sw4Oj2DWk9N9zws9wPgngLJoBmZ8ZFQ>