I do not think that holds:
<vuln vid="b6402385-533b-11e6-a7bd-14dae9d210b8">
17521 <topic>php -- multiple vulnerabilities</topic>
17522 <affects>
17523 <package>
17524 <name>php55</name>
17525 <range><lt>5.5.38</lt></range>
17526 </package>
This is an entry from svnweb, for php55, which was added in 2016(07-26).
So this entry is there. Thus it did not disappear from VuXML at least.
You are right Remko. It looks like there was a policy or at least a
practice change about a year ago. Even have an archived email from
Gerhard Schmidt who first noticed it back in Aug 2016. My fault for not
doing sufficient fact rechecking,
So we are safe from false negatives after all. Hurray, I can stop
relying on pkg-version (for this).
That leaves just unpackaged base as FreeBSD's remaining audit weakness.
Roger
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
