On 8/23/16 14:23, Gerhard Schmidt wrote: > Is an outdated (EOL) port a vulnerability? I don't think so. It's a > possible vulnerability, but not a real one.
Do you have an exact VuXML ID? I don't think vuxml actually warns about EoL'ed software, and it's likely that you have an actual issue, and choose to ignore it (probably for legitimate reason). If it's just reporting a software being outdated (rather than really vulnerable to something), then we should change the entry, I doubt that this is not the case, though. It seems to be sensible to implement Tim's suggestion, however, that allows the system administrator to explicitly override certain VuXML IDs, if they really knows what they are doing. Cheers,
signature.asc
Description: OpenPGP digital signature
