[Bug 278549] security/vuxml: false positivites for www/glpi

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 278549] security/vuxml: false positivites for www/glpi"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 24 Apr 2024 03:21:05 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278549

Philip Paeps <philip@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|ports-bugs@FreeBSD.org      |philip@FreeBSD.org
             Status|New                         |Open
                 CC|                            |philip@FreeBSD.org

--- Comment #1 from Philip Paeps <philip@FreeBSD.org> ---
I think what Jochen meant in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255948#c13 is that we don't
add new vulnerabilities to existing vuxml entries.  When new vulnerabilities
become known, we create new vuxml entries for them.


If previous entries are wrong though, we should correct them.

In this instance: I wonder if it's worth the churn of correcting the old
entries, given that newer vulnerabilities have been discovered that affect
every version prior to 10.0.14.

I'm happy to commit the corrections if someone could double-check them for me,
e.g. the maintainer?  Does this patch look correct Mathias?

-- 
You are receiving this mail because:
You are the assignee for the bug.