Again and again and again...
New Security Vulnerabilities were published almost 2 weeks ago but they
were not added to VuXML database again so
/usr/local/etc/periodic/security/410.pkg-audit from pkg cannot report
these vulnerabilities on kernel and userland on any vulnerable system.
Please can Security Team add all past vulnerabilities in to VuXML and
fix process of publishing future SAs that they will never be missed again?
Kind regards
Miroslav Lachman
On 04/05/2023 19:56, Miroslav Lachman wrote:
As was noted on FreeBSD forum [1], there is problem with missing SA
entries in VuXML (again).
The last entry is from 2022-08-31 for zlip heap buffer overflow [2]
5 SA entries are missing. Can somebody from Securitu Officers take a
look on it and publish missing entries?
And fix the SA release process for all future SAs so we do not miss any
again? Periodic 405.pkg-base-audit from pkg is usless without up to date
VuXML.
[1]
https://forums.freebsd.org/threads/pkg-audit-vuln-xml-no-more-updates-for-base-system-and-kernel.71239/#post-609407
[2] https://www.vuxml.org/freebsd/pkg-FreeBSD.html
Kind regards
Miroslav Lachman
