On Sat, May 23, 2015 at 11:30 AM, Roger Marquis <marq...@roble.com> wrote: > If you find a vulnerability such as a new CVE or mailing list > announcement please send it to the port maintainer and > <ports-sect...@freebsd.org> as quickly as possible. They are whoefully > understaffed and need our help. Though freebsd.org indicates that > security alerts should be sent to <sect...@freebsd.org> this is > incorrect. If the vulnerability is in a port or package send an alert to > ports-secteam@ and NOT secteam@ as the secteam will generally not reply > to your email or forward the alerts to ports-secteam. > > Roger >
I've attempted to knock out a couple of these over the past 2 days. There's certainly a non-trivial amount of PRs stuck in Bugzilla that mention security or CVE that need some care and attention. Here's a few that are now ready for the taking. vuxml patch ready: emulators/virtualbox-ose -- https://bugs.freebsd.org/200311 databases/cassandra -- https://bugs.freebsd.org/199091 databases/cassandra2 -- https://bugs.freebsd.org/200414 (refers to vuxml patch in PR 199091) sysutils/py-salt -- https://bugs.freebsd.org/200172 vuxml previously done and update patch ready: net/chrony -- https://bugs.freebsd.org/199508 both vuxml and update patch ready: mail/davmail -- https://bugs.freebsd.org/198297 Jason _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
