From owner-svn-ports-all@FreeBSD.ORG Wed Feb 20 14:34:22 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 1033) id A718AF16; Wed, 20 Feb 2013 14:34:22 +0000 (UTC) Date: Wed, 20 Feb 2013 14:34:22 +0000 From: Alexey Dokuchaev To: Eitan Adler Subject: Re: svn commit: r312626 - head/security/vuxml Message-ID: <20130220143422.GA95204@FreeBSD.org> References: <201302201358.r1KDwKxc094476@svn.freebsd.org> <20130220140104.GA75978@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, Ruslan Mahmatkhanov , ports-committers@freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2013 14:34:22 -0000 On Wed, Feb 20, 2013 at 09:03:38AM -0500, Eitan Adler wrote: > On 20 February 2013 09:01, Alexey Dokuchaev wrote: > > On Wed, Feb 20, 2013 at 01:58:20PM +0000, Ruslan Mahmatkhanov wrote: > >> New Revision: 312626 > >> URL: http://svnweb.freebsd.org/changeset/ports/312626 > >> > >> According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11, > >> but since we never had this version in the ports tree, mark everything > >> < 0.8.12 as vulnerable. > > > > This seems weird. Is there any limitation in VuXML that we need to cope > > with by introducing such inconsistencies with official advisories? > > VuXML is intended to address FreeBSD user concerns, not upstream concerns. OK, but how does it hurt to provide correct version vs. version that was in ports? Users might have patched ports; others would be wondering why our numbers differ from the upstream and/or popular vulnerability aggregators. Anyway, since Ruslan agrees with you on this, I guess I better shut up. :-) ./danfe