From owner-svn-ports-all@FreeBSD.ORG Wed Feb 20 14:04:11 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 0B081176 for ; Wed, 20 Feb 2013 14:04:11 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) by mx1.freebsd.org (Postfix) with ESMTP id D916B638 for ; Wed, 20 Feb 2013 14:04:10 +0000 (UTC) Received: by mail-pb0-f44.google.com with SMTP id wz12so2917799pbc.17 for ; Wed, 20 Feb 2013 06:04:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=x-received:mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=Zdp4k6GkdeXAQUs7FApfFOdtvryw+Xr3uc/G7dNOMBw=; b=QwCBfdgRqfZ64oGXxN14n1oEvMQHzrO6Y3qcZoxpHyBirLQ9P2PW72VP/LLXfbM+bB zZmFAeCaw7wpeH3JV1d+Snjo9i5FTskU/88iCXzjZ8J1pDnEyVSWusDlNd16Cleh7W7j y0ySlNevzw0X/NMXEULG+HwcRQn2ZrwCYgciw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=Zdp4k6GkdeXAQUs7FApfFOdtvryw+Xr3uc/G7dNOMBw=; b=lB6BmWgy5kzTfnCvzQViv+x6UU/NqwK+wlSt+pUgim6NsGfwds7SSslOmHcpiKpQGn hAEgGlwi//HfoxH6I1y0dWbX6KTmqfqgQiy0viAv7p+TYemNYYCTr8MMo0NmgeZtzGKf MazH03IuULmiJO0fZv/aIx8YMQ11KuMwuVK7n7TXyfC7Zn95MUKGDK5BtU7HKlpxrVSz Gzm3IoCpVggHsYXR0RKlIBhSltK3QOdtCAavL95mq4BW5MoqbcIzBHP/rqrn80Mcu0HT 00yt55fvQ8fie1oLSSMmeRKrpewHi0j28ujxb9sY319Xw5O762MfMNWTxg+8J8QyLKh/ Saqw== X-Received: by 10.68.135.38 with SMTP id pp6mr21281511pbb.111.1361369049701; Wed, 20 Feb 2013 06:04:09 -0800 (PST) MIME-Version: 1.0 Sender: lists@eitanadler.com Received: by 10.66.158.169 with HTTP; Wed, 20 Feb 2013 06:03:38 -0800 (PST) In-Reply-To: <20130220140104.GA75978@FreeBSD.org> References: <201302201358.r1KDwKxc094476@svn.freebsd.org> <20130220140104.GA75978@FreeBSD.org> From: Eitan Adler Date: Wed, 20 Feb 2013 09:03:38 -0500 X-Google-Sender-Auth: 1xUxKCe_x6E2JDnL81pmxAYGWrM Message-ID: Subject: Re: svn commit: r312626 - head/security/vuxml To: Alexey Dokuchaev Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQknH0JphkWRb/vOhqxpv8P1cRgXbewxI+QtLmqA5Em91YRpM0OxU0XrsSVotrLg5iitQNCZ Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, Ruslan Mahmatkhanov , ports-committers@freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2013 14:04:11 -0000 On 20 February 2013 09:01, Alexey Dokuchaev wrote: > On Wed, Feb 20, 2013 at 01:58:20PM +0000, Ruslan Mahmatkhanov wrote: >> New Revision: 312626 >> URL: http://svnweb.freebsd.org/changeset/ports/312626 >> >> Log: >> - add an entry for net/nss-pam-ldapd stack-based buffer overflow >> >> According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11, >> but since we never had this version in the ports tree, mark everything >> < 0.8.12 as vulnerable. > > This seems weird. Is there any limitation in VuXML that we need to cope > with by introducing such inconsistencies with official advisories? VuXML is intended to address FreeBSD user concerns, not upstream concerns. There isn't a limitation here, but it makes sense to write the VuXML this way. -- Eitan Adler Source, Ports, Doc committer Bugmeister, Ports Security teams