On 18 May 2015 at 20:26, Mark Felder wrote:
> I was just thinking it might be nice when you're committing a change to
> a port to fix a CVE if there was a tag you can drop in the commit log to
> tell ports-security if there is a need for an entry to vuln.xml. At
> least those without experience ed
On Mon, May 18, 2015, at 14:01, Sevan / Venture37 wrote:
> On 18 May 2015 at 19:06, Mark Felder wrote:
> >
> >
> > On Sun, May 17, 2015, at 16:02, Roger Marquis wrote:
> >> Does anyone know what's going on with vuln.xml updates? Over the last
> >> few weeks and months CVEs and application maili
On 18 May 2015 at 19:06, Mark Felder wrote:
>
>
> On Sun, May 17, 2015, at 16:02, Roger Marquis wrote:
>> Does anyone know what's going on with vuln.xml updates? Over the last
>> few weeks and months CVEs and application mailing lists have announced
>> vulnerabilities for several ports that in so
On Sun, May 17, 2015, at 16:02, Roger Marquis wrote:
> Does anyone know what's going on with vuln.xml updates? Over the last
> few weeks and months CVEs and application mailing lists have announced
> vulnerabilities for several ports that in some cases only showed up in
> vuln.xml after several
ports-secteam@ owns this file, not secteam@.
Thanks for the pointer Bryan. I would hope that port vulnerability
emails are forwarded from secteam@ to ports-secteam@, by policy, as the
freebsd.org website is not clear on this. Either way at least I/we now
know the right address/es.
The team n
On 5/17/2015 4:02 PM, Roger Marquis wrote:
> Does anyone know what's going on with vuln.xml updates? Over the last
> few weeks and months CVEs and application mailing lists have announced
> vulnerabilities for several ports that in some cases only showed up in
> vuln.xml after several days and in
