pkg audit / vuln.xml failures
Mark Felder
feld at FreeBSD.org
Mon May 18 18:06:55 UTC 2015
On Sun, May 17, 2015, at 16:02, Roger Marquis wrote:
> Does anyone know what's going on with vuln.xml updates? Over the last
> few weeks and months CVEs and application mailing lists have announced
> vulnerabilities for several ports that in some cases only showed up in
> vuln.xml after several days and in other cases are still not listed
> (despite email to the security team).
>
> Is there a URL outlining the policies and procedures of vuln.xml
> maintenance?
>
I am also interested. I know there is a desire to leverage CPE in the
future, but I've seen CPE entries take weeks to show up. Our vuln.xml
maintenance has always been pretty solid. Is there a lack of manpower
right now? Are there notices/reports not being processed?
How can we help?
More information about the freebsd-security
mailing list