New pkg audit / vuln.xml failures (php55, unzoo)

Jason Unovitch jason.unovitch at gmail.com
Sat May 23 16:14:55 UTC 2015


On Sat, May 23, 2015 at 11:30 AM, Roger Marquis <marquis at roble.com> wrote:
> If you find a vulnerability such as a new CVE or mailing list
> announcement please send it to the port maintainer and
> <ports-secteam at FreeBSD.org> as quickly as possible.  They are whoefully
> understaffed and need our help.  Though freebsd.org indicates that
> security alerts should be sent to <secteam at FreeBSD.org> this is
> incorrect.  If the vulnerability is in a port or package send an alert to
> ports-secteam@ and NOT secteam@ as the secteam will generally not reply
> to your email or forward the alerts to ports-secteam.
>
> Roger
>

I've attempted to knock out a couple of these over the past 2 days.
There's certainly a non-trivial amount of PRs stuck in Bugzilla that
mention security or CVE that need some care and attention.  Here's a
few that are now ready for the taking.

vuxml patch ready:
emulators/virtualbox-ose -- https://bugs.freebsd.org/200311
databases/cassandra -- https://bugs.freebsd.org/199091
databases/cassandra2 -- https://bugs.freebsd.org/200414 (refers to
vuxml patch in PR 199091)
sysutils/py-salt -- https://bugs.freebsd.org/200172

vuxml previously done and update patch ready:
net/chrony -- https://bugs.freebsd.org/199508

both vuxml and update patch ready:
mail/davmail -- https://bugs.freebsd.org/198297

Jason


More information about the freebsd-ports mailing list