svn commit: r312626 - head/security/vuxml

Alexey Dokuchaev danfe at FreeBSD.org
Wed Feb 20 14:34:22 UTC 2013


On Wed, Feb 20, 2013 at 09:03:38AM -0500, Eitan Adler wrote:
> On 20 February 2013 09:01, Alexey Dokuchaev <danfe at freebsd.org> wrote:
> > On Wed, Feb 20, 2013 at 01:58:20PM +0000, Ruslan Mahmatkhanov wrote:
> >> New Revision: 312626
> >> URL: http://svnweb.freebsd.org/changeset/ports/312626
> >>
> >>   According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11,
> >>   but since we never had this version in the ports tree, mark everything
> >>   < 0.8.12 as vulnerable.
> >
> > This seems weird.  Is there any limitation in VuXML that we need to cope
> > with by introducing such inconsistencies with official advisories?
> 
> VuXML is intended to address FreeBSD user concerns, not upstream concerns.

OK, but how does it hurt to provide correct version vs. version that was in
ports?  Users might have patched ports; others would be wondering why our
numbers differ from the upstream and/or popular vulnerability aggregators.

Anyway, since Ruslan agrees with you on this, I guess I better shut up.  :-)

./danfe


More information about the svn-ports-head mailing list