CPE [was old perl vulnerabilitiy]
Simon L. B. Nielsen
simon at qxnitro.org
Wed Mar 20 17:22:51 UTC 2013
On 18 March 2013 16:01, Dag-Erling Smørgrav <des at des.no> wrote:
> Ryan Steinmetz <zi at FreeBSD.org> writes:
>> It does have the same issue. I've corrected the VuXML entry and you
>> should see updated portaudit results within 30 minutes. Your 5.8.9
>> perl-threaded installation should also show up as vulnerable to the same
>> issue.
>
> This wouldn't keep happening if we used CPEs whenever possible...
Where would you use CPE - in all packages ? I assume you are talking
about http://cpe.mitre.org/about/ ?
Part of the problem for VuXML is the trilion names for packages some
ports have, making it more painful.
In the past we also had a number of the tools which let one simpler
grep for package names, but those require infrastructure which doesn't
exist anymore.
--
Simon L. B. Nielsen
More information about the freebsd-security
mailing list