Chisholm, Rick wrote on 2019/07/09 20:55:
My understanding has always been vuXML is for ports / packages and the
advisories page is for base.
Support for FreeBSD base vulnerabilities was created by Mark Felder 3
years ago
https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/
and the past Security Advisories was published in VUXML.
At this time there is no other automated system to report base system
vulnerabilities - are we really in 2019?
-----Original Message-----
From: owner-freebsd-secur...@freebsd.org <owner-freebsd-secur...@freebsd.org>
On Behalf Of Miroslav Lachman
Sent: July 9, 2019 2:14 PM
To: freebsd-security@freebsd.org
Subject: [EXTERNAL] Status of FreeBSD vulnerabilities in VUXML database
This Message originated outside of the organization.
What is the official status of FreeBSD Security Advisories and entries in VUXML
database?
I am asking especially because new FreeBSD base system vulnerabilities are not
being added to the vuxml database. The last was added 2019-04-23 according to
https://vuxml.freebsd.org/freebsd/
Why?
VUXML is FreeBSD's own pet so why new SAs are not added there the same day they
are published as SA on https://www.freebsd.org/security/advisories.html?
It makes base-audit periodic useless.
https://www.freshports.org/security/base-audit/
Kind regards
Miroslav Lachman
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
