Am 24.08.2016 um 11:36 schrieb Xin Li: > > > On 8/23/16 14:23, Gerhard Schmidt wrote: >> Is an outdated (EOL) port a vulnerability? I don't think so. It's a >> possible vulnerability, but not a real one. > > Do you have an exact VuXML ID? I don't think vuxml actually warns about > EoL'ed software, and it's likely that you have an actual issue, and > choose to ignore it (probably for legitimate reason). If it's just > reporting a software being outdated (rather than really vulnerable to > something), then we should change the entry, I doubt that this is not > the case, though.
python24-2.4.6 is vulnerable: End of Life Ports WWW: https://vuxml.FreeBSD.org/freebsd/7fe7df75-6568-11e6-a590-14dae9d210b8.html I Lists a number of ports that are outdated. Not actual vulnerability mentioned. > It seems to be sensible to implement Tim's suggestion, however, that > allows the system administrator to explicitly override certain VuXML > IDs, if they really knows what they are doing. That would be really helpfull. Regards Gerhard Schmidt -- ---------------------------------------------------------- Gerhard Schmidt | E-Mail: schm...@ze.tum.de Technische Universität München | Jabber: esta...@ze.tum.de WWW & Online Services | Tel: +49 89 289-25270 | PGP-PublicKey Fax: +49 89 289-25257 | on request _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
