Matthew Seaman wrote:
Matthieu Michaud wrote:
if i'm not wrong, it seems like the security issue with squirrelmail
1.4.8 published on squirrelmail.org is not reported on vuxml. shouldn't
it be ?
It looks like a good candidate for that, yes. In order for such problems
to find their way into vuxml the Security Team first has to be made aware
of them. E-mail to [EMAIL PROTECTED] generally suffices, and it will
help them if references to security advisories, reports on Bugtraq, Secunia
and similar sites, CVE numbers etc. can be included in the report.
However making that report (along with updating the port to fix the
vulnerabilities) is the port maintainer's responsibility in the first
instance -- only if the maintainer fails to reply or deal with your
concerns should you go direct.
When updating a port to fix a security hole, adding [security] to the
synopsis (which becomes the Subject line in the gnats e-mails) and CC'ing
[EMAIL PROTECTED] is generally sufficient to get appropriate entries
made in vuxml and portaudit's DB.
Cheers,
Matthew
let's do it, maintainer CC'ed (please read above :p).
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"