Date: Wed, 20 Mar 2013 17:22:50 +0000 From: "Simon L. B. Nielsen" <simon@qxnitro.org> To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: CPE [was old perl vulnerabilitiy] Message-ID: <CAC8HS2Gwjb5S6k2cnVLpoWzQEEDoGxXWWMqjCMdQM6d2uZBvqg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
On 18 March 2013 16:01, Dag-Erling Sm=C3=B8rgrav <des@des.no> wrote: > Ryan Steinmetz <zi@FreeBSD.org> writes: >> It does have the same issue. I've corrected the VuXML entry and you >> should see updated portaudit results within 30 minutes. Your 5.8.9 >> perl-threaded installation should also show up as vulnerable to the same >> issue. > > This wouldn't keep happening if we used CPEs whenever possible... Where would you use CPE - in all packages ? I assume you are talking about http://cpe.mitre.org/about/ ? Part of the problem for VuXML is the trilion names for packages some ports have, making it more painful. In the past we also had a number of the tools which let one simpler grep for package names, but those require infrastructure which doesn't exist anymore. --=20 Simon L. B. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC8HS2Gwjb5S6k2cnVLpoWzQEEDoGxXWWMqjCMdQM6d2uZBvqg>