Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Feb 2013 14:34:22 +0000
From:      Alexey Dokuchaev <danfe@FreeBSD.org>
To:        Eitan Adler <eadler@freebsd.org>
Cc:        svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, Ruslan Mahmatkhanov <rm@freebsd.org>, ports-committers@freebsd.org
Subject:   Re: svn commit: r312626 - head/security/vuxml
Message-ID:  <20130220143422.GA95204@FreeBSD.org>
In-Reply-To: <CAF6rxg=AAEcuPzS_Hoeu%2B1KcpPeSxQxyW0czAM7BYiQgJ1KfTA@mail.gmail.com>
References:  <201302201358.r1KDwKxc094476@svn.freebsd.org> <20130220140104.GA75978@FreeBSD.org> <CAF6rxg=AAEcuPzS_Hoeu%2B1KcpPeSxQxyW0czAM7BYiQgJ1KfTA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 20, 2013 at 09:03:38AM -0500, Eitan Adler wrote:
> On 20 February 2013 09:01, Alexey Dokuchaev <danfe@freebsd.org> wrote:
> > On Wed, Feb 20, 2013 at 01:58:20PM +0000, Ruslan Mahmatkhanov wrote:
> >> New Revision: 312626
> >> URL: http://svnweb.freebsd.org/changeset/ports/312626
> >>
> >>   According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11,
> >>   but since we never had this version in the ports tree, mark everything
> >>   < 0.8.12 as vulnerable.
> >
> > This seems weird.  Is there any limitation in VuXML that we need to cope
> > with by introducing such inconsistencies with official advisories?
> 
> VuXML is intended to address FreeBSD user concerns, not upstream concerns.

OK, but how does it hurt to provide correct version vs. version that was in
ports?  Users might have patched ports; others would be wondering why our
numbers differ from the upstream and/or popular vulnerability aggregators.

Anyway, since Ruslan agrees with you on this, I guess I better shut up.  :-)

./danfe



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130220143422.GA95204>