On Mon, May 18, 2015, at 14:01, Sevan / Venture37 wrote: > On 18 May 2015 at 19:06, Mark Felder <f...@freebsd.org> wrote: > > > > > > On Sun, May 17, 2015, at 16:02, Roger Marquis wrote: > >> Does anyone know what's going on with vuln.xml updates? Over the last > >> few weeks and months CVEs and application mailing lists have announced > >> vulnerabilities for several ports that in some cases only showed up in > >> vuln.xml after several days and in other cases are still not listed > >> (despite email to the security team). > >> > >> Is there a URL outlining the policies and procedures of vuln.xml > >> maintenance? > >> > > > > I am also interested. I know there is a desire to leverage CPE in the > > future, but I've seen CPE entries take weeks to show up. Our vuln.xml > > maintenance has always been pretty solid. Is there a lack of manpower > > right now? Are there notices/reports not being processed? > > > > How can we help? > > Bug reports with notice of new additions just to give a heads up at the > least. >
I was just thinking it might be nice when you're committing a change to a port to fix a CVE if there was a tag you can drop in the commit log to tell ports-security if there is a need for an entry to vuln.xml. At least those without experience editing vuln.xml can more easily have someone else assist them with getting it added. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
