On 1/8/2013 21:14, Raphael Kubo da Costa wrote:
Adam Vande More<amvandem...@gmail.com> writes:
On Mon, Jan 7, 2013 at 12:53 PM, John Marino<freebs...@marino.st> wrote:
"possibly insecure": I think this needs to be "known insecure" rather
than holding it's last release date against it.
http://www.kde.org/info/security/advisory-20100413-1.txt
Probably other security issues as well. I didn't have to look very long.
In a codebase as large as KDE's, it seems a very slim chance indeed years
could go by without maintenance and still maintain security.
Additionally, I'd argue that it is hard for it to be "known insecure"
since upstream does not maintain it even for security vulnerabilities
anymore, so security problems have nowhere to be reported and
vulnerabilities common to KDE3 and KDE4 only get published and fixed in
the latter.
This doesn't count?
http://cve.mitre.org/cve/
http://web.nvd.nist.gov/view/vuln/search?execution=e2s1
It seems to be there is somewhere to report them...
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
