From owner-freebsd-security@FreeBSD.ORG Sun May 17 21:02:58 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7C0D4763; Sun, 17 May 2015 21:02:58 +0000 (UTC) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6EB611E9B; Sun, 17 May 2015 21:02:58 +0000 (UTC) Date: Sun, 17 May 2015 14:02:57 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org, freebsd-ports@freebsd.org Subject: pkg audit / vuln.xml failures User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 May 2015 21:02:58 -0000 Does anyone know what's going on with vuln.xml updates? Over the last few weeks and months CVEs and application mailing lists have announced vulnerabilities for several ports that in some cases only showed up in vuln.xml after several days and in other cases are still not listed (despite email to the security team). Is there a URL outlining the policies and procedures of vuln.xml maintenance? Roger Marquis