svn commit: r312626 - head/security/vuxml
Ruslan Makhmatkhanov
cvs-src at yandex.ru
Wed Feb 20 14:18:43 UTC 2013
Eitan Adler wrote on 20.02.2013 18:03:
> On 20 February 2013 09:01, Alexey Dokuchaev <danfe at freebsd.org> wrote:
>> On Wed, Feb 20, 2013 at 01:58:20PM +0000, Ruslan Mahmatkhanov wrote:
>>> New Revision: 312626
>>> URL: http://svnweb.freebsd.org/changeset/ports/312626
>>>
>>> Log:
>>> - add an entry for net/nss-pam-ldapd stack-based buffer overflow
>>>
>>> According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11,
>>> but since we never had this version in the ports tree, mark everything
>>> < 0.8.12 as vulnerable.
>>
>> This seems weird. Is there any limitation in VuXML that we need to cope
>> with by introducing such inconsistencies with official advisories?
>
> VuXML is intended to address FreeBSD user concerns, not upstream
> concerns. There isn't a limitation here, but it makes sense to write
> the VuXML <range> this way.
This is exactly what I guided when making decision: change it to 0.8.11
or left it as 0.8.12 that was in original submission.
--
Regards,
Ruslan
Tinderboxing kills... the drives.
More information about the svn-ports-head
mailing list