Date: Tue, 15 Jul 2014 16:42:57 +0200 From: =?UTF-8?Q?Ren=C3=A9_Ladan?= <rene@freebsd.org> To: Baptiste Daroussin <bapt@freebsd.org> Cc: "ports@freebsd.org Ports" <ports@freebsd.org> Subject: Re: marking vulnerable ports forbidden? Message-ID: <CADL2u4gSNkUWnjBAkeqBzesvP%2BbJUUv7kHuz=Qs8ZTgtcz3How@mail.gmail.com> In-Reply-To: <20140715124819.GU93051@ivaldir.etoilebsd.net> References: <CADL2u4gw7VSvuYwk_N26QnrOCyBd71=-R9U225372vYPEVz=Bw@mail.gmail.com> <20140715124819.GU93051@ivaldir.etoilebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
2014-07-15 14:48 GMT+02:00 Baptiste Daroussin <bapt@freebsd.org>: > On Tue, Jul 15, 2014 at 02:45:19PM +0200, Ren=C3=A9 Ladan wrote: > > Hi, > > > > according to Freshports [1] there are currently 24 vulnerable ports not > > marked as forbidden. > > How about checking this list on a regular basis and marking such ports > and > > forbidden and optionally as deprecated? This would inform users not usi= ng > > vuxml earlier about vulnerabilities. > > > > [1] http://www.freshports.org/ports-vulnerable.php > > Please mark them as forbidden > > In progress... I marked all relevant ports as forbidden locally. For some ports the vulnerability information is wrong, e.g. x11/nvidia-driver-96 is a false positive. I'll have to filter ports with multiple vulnerabilities. Regards, Ren=C3=A9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADL2u4gSNkUWnjBAkeqBzesvP%2BbJUUv7kHuz=Qs8ZTgtcz3How>