Ports EOL vuxml entry

Xin Li delphij at delphij.net
Wed Aug 24 09:36:31 UTC 2016



On 8/23/16 14:23, Gerhard Schmidt wrote:
> Is an outdated (EOL) port a vulnerability? I don't think so. It's a
> possible vulnerability, but not a real one.

Do you have an exact VuXML ID?  I don't think vuxml actually warns about
EoL'ed software, and it's likely that you have an actual issue, and
choose to ignore it (probably for legitimate reason).  If it's just
reporting a software being outdated (rather than really vulnerable to
something), then we should change the entry, I doubt that this is not
the case, though.

It seems to be sensible to implement Tim's suggestion, however, that
allows the system administrator to explicitly override certain VuXML
IDs, if they really knows what they are doing.

Cheers,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160824/cb546097/attachment.sig>


More information about the freebsd-security mailing list