New pkg audit / vuln.xml failures (php55, unzoo)
Jason Unovitch
jason.unovitch at gmail.com
Sat May 23 16:14:55 UTC 2015
On Sat, May 23, 2015 at 11:30 AM, Roger Marquis <marquis at roble.com> wrote:
> If you find a vulnerability such as a new CVE or mailing list
> announcement please send it to the port maintainer and
> <ports-secteam at FreeBSD.org> as quickly as possible. They are whoefully
> understaffed and need our help. Though freebsd.org indicates that
> security alerts should be sent to <secteam at FreeBSD.org> this is
> incorrect. If the vulnerability is in a port or package send an alert to
> ports-secteam@ and NOT secteam@ as the secteam will generally not reply
> to your email or forward the alerts to ports-secteam.
>
> Roger
>
I've attempted to knock out a couple of these over the past 2 days.
There's certainly a non-trivial amount of PRs stuck in Bugzilla that
mention security or CVE that need some care and attention. Here's a
few that are now ready for the taking.
vuxml patch ready:
emulators/virtualbox-ose -- https://bugs.freebsd.org/200311
databases/cassandra -- https://bugs.freebsd.org/199091
databases/cassandra2 -- https://bugs.freebsd.org/200414 (refers to
vuxml patch in PR 199091)
sysutils/py-salt -- https://bugs.freebsd.org/200172
vuxml previously done and update patch ready:
net/chrony -- https://bugs.freebsd.org/199508
both vuxml and update patch ready:
mail/davmail -- https://bugs.freebsd.org/198297
Jason
More information about the freebsd-ports
mailing list