Re: New pkg audit / vuln.xml failures (php55, unzoo)

On Mon, Jun 8, 2015, at 15:55, Roger Marquis wrote: > > On Fri, May 29, 2015 at 5:15 PM, Robert Simmons wrote: > > Crickets. > > > > May I ask again: > > > > How do we find out who the members of the Ports Secteam are? > > > > How do we join the team? > > Anyone? > I really hope this can

Re: New pkg audit / vuln.xml failures (php55, unzoo)

> On Fri, May 29, 2015 at 5:15 PM, Robert Simmons wrote: > Crickets. > > May I ask again: > > How do we find out who the members of the Ports Secteam are? > > How do we join the team? Anyone? >> On Thu, May 28, 2015 at 12:47 PM, Bryan Drewery >> wrote: >>> I think the VUXML database needs

Re: New pkg audit / vuln.xml failures (php55, unzoo)

Walter Parker wrote: > What actual assurance do Debian, Ubuntu, Redhat, and Suse provide that > their systems are secure? An audit trail of CVE issues fixed, while a > good start. is hardly a strong assurance that the system is secure. An important point and thank you for making it Walter. There

Re: New pkg audit / vuln.xml failures (php55, unzoo)

> Date: Wed, 27 May 2015 14:35:41 -0700 > From: "Roger Marquis" > To: "Mark Felder" > Cc: freebsd-po...@freebsd.org, freebsd-security@freebsd.org > Subject: Re: New pkg audit / vuln.xml failures (php55, unzoo) > Message-ID: > Content-Type: text/plain;

Re: New pkg audit / vuln.xml failures (php55, unzoo)

> Mark Felder wrote: >> Who is "ports-secteam"? > > It was Xin Li who alerted me to the ports-sect...@freebsd.org address > i.e., as being distinct from the "FreeBSD Security Team" > (sect...@freebsd.org) address noted on > . Also have to thank Remko Lodder for p

Re: New pkg audit / vuln.xml failures (php55, unzoo)

>> * operators of FreeBSD servers (unlike Debian, Ubuntu, RedHat, Suse and >> OpenBSD server operators) have no assurance that their systems are >> secure. > > Slow down here for a second. Where's the command-line tool on RedHat or > Debian that lists only the known vulnerable packages? In R

Re: New pkg audit / vuln.xml failures (php55, unzoo)

On Sun, May 24, 2015 at 12:53 AM, Xin Li wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi, > > On 5/23/15 09:14, Jason Unovitch wrote: > > On Sat, May 23, 2015 at 11:30 AM, Roger Marquis > > wrote: > >> If you find a vulnerability such as a new CVE or mailing list > >> announcem

Re: New pkg audit / vuln.xml failures (php55, unzoo)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, On 5/23/15 09:14, Jason Unovitch wrote: > On Sat, May 23, 2015 at 11:30 AM, Roger Marquis > wrote: >> If you find a vulnerability such as a new CVE or mailing list >> announcement please send it to the port maintainer and >> as quickly as po

Re: New pkg audit / vuln.xml failures (php55, unzoo)

Please send these things to ports-sect...@freebsd.org so that they can have a look at these please. Thanks, Remko > On 23 May 2015, at 17:30, Roger Marquis wrote: > > FYI regarding these new and significant failures of FreeBSD security > policy and procedures. > > PHP55 vulnerabilities announ

Re: New pkg audit / vuln.xml failures (php55, unzoo)

Is it enough to only update php55? I could create a patch with relative easyness in that case. 2015-05-23 17:30 GMT+02:00 Roger Marquis : > FYI regarding these new and significant failures of FreeBSD security > policy and procedures. > > PHP55 vulnerabilities announced over a week ago >

Re: New pkg audit / vuln.xml failures (php55, unzoo)

On Sat, May 23, 2015 at 11:30 AM, Roger Marquis wrote: > If you find a vulnerability such as a new CVE or mailing list > announcement please send it to the port maintainer and > as quickly as possible. They are whoefully > understaffed and need our help. Though freebsd.org indicates that > secu

New pkg audit / vuln.xml failures (php55, unzoo)

FYI regarding these new and significant failures of FreeBSD security policy and procedures. PHP55 vulnerabilities announced over a week ago ) have still not been ported to lang/php55. You can, however, edit the Makefile, increment the POR