From owner-dev-commits-ports-main@freebsd.org  Wed Sep 29 13:55:45 2021
Return-Path: <owner-dev-commits-ports-main@freebsd.org>
Delivered-To: dev-commits-ports-main@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 74691674BC1
 for <dev-commits-ports-main@mailman.nyi.freebsd.org>;
 Wed, 29 Sep 2021 13:55:45 +0000 (UTC)
 (envelope-from decke@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org
 [IPv6:2610:1c1:1:606c::24b:4])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4HKHvj2Cd3z3mvl
 for <dev-commits-ports-main@freebsd.org>; Wed, 29 Sep 2021 13:55:45 +0000 (UTC)
 (envelope-from decke@freebsd.org)
Received: from mail-io1-f48.google.com (mail-io1-f48.google.com
 [209.85.166.48])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 (Authenticated sender: decke)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 274BD2A254
 for <dev-commits-ports-main@freebsd.org>; Wed, 29 Sep 2021 13:55:45 +0000 (UTC)
 (envelope-from decke@freebsd.org)
Received: by mail-io1-f48.google.com with SMTP id q205so3200970iod.8
 for <dev-commits-ports-main@freebsd.org>; Wed, 29 Sep 2021 06:55:45 -0700 (PDT)
X-Gm-Message-State: AOAM530wfFGdRMdQ7ks1mKaR6l9RJu1OtXBl6ujce34J1bQ5MEMUvrWG
 WTgzP0C1vdbOa2otSaQoIczzr0x+b3qj7LXefXLTaQ==
X-Google-Smtp-Source: ABdhPJwrt9OSP7bI630d72RSElOxeBCien53ShFn0Eo58BNfhRCULmSVWYgyf2GwogO7uoibWo7RoGhXfiYaE2I4Fq4=
X-Received: by 2002:a05:6638:192:: with SMTP id
 a18mr9437519jaq.96.1632923744462; 
 Wed, 29 Sep 2021 06:55:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6e02:178f:0:0:0:0 with HTTP; Wed, 29 Sep 2021 06:55:43
 -0700 (PDT)
In-Reply-To: <CAE-m3X37tK0H4xvD=B9DE0b+_LKgh_Z=wvQcsJ4nhwA4LBWTXg@mail.gmail.com>
References: <202109172138.18HLc4NF056932__21043.0593624309$1631914770$gmane$org@gitrepo.freebsd.org>
 <czp6-g9bo-wny@FreeBSD.org>
 <CAE-m3X37tK0H4xvD=B9DE0b+_LKgh_Z=wvQcsJ4nhwA4LBWTXg@mail.gmail.com>
From: =?UTF-8?Q?Bernhard_Fr=C3=B6hlich?= <decke@freebsd.org>
Date: Wed, 29 Sep 2021 15:55:43 +0200
X-Gmail-Original-Message-ID: <CAE-m3X2hcVjZT1GrMxdFZRJMiGCiHiq8zn4vE-QVOGoxxNYQmQ@mail.gmail.com>
Message-ID: <CAE-m3X2hcVjZT1GrMxdFZRJMiGCiHiq8zn4vE-QVOGoxxNYQmQ@mail.gmail.com>
Subject: Re: git: f07b3de4630f - main - security/vuxml: update seatd 0.6.{0,
 1} entry
To: Jan Beich <jbeich@freebsd.org>
Cc: "ports-committers@freebsd.org" <ports-committers@freebsd.org>, 
 "dev-commits-ports-all@freebsd.org" <dev-commits-ports-all@freebsd.org>, 
 "dev-commits-ports-main@freebsd.org" <dev-commits-ports-main@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: dev-commits-ports-main@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commits to the main branch of the FreeBSD ports repository
 <dev-commits-ports-main.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-ports-main>, 
 <mailto:dev-commits-ports-main-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-ports-main/>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Help: <mailto:dev-commits-ports-main-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-ports-main>, 
 <mailto:dev-commits-ports-main-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Sep 2021 13:55:45 -0000

On Saturday, September 18, 2021, Bernhard Fr=C3=B6hlich <decke@freebsd.org>
wrote:

> On Friday, September 17, 2021, Jan Beich <jbeich@freebsd.org> wrote:
>
>> Jan Beich <jbeich@FreeBSD.org> writes:
>>
>> > The branch main has been updated by jbeich:
>> >
>> > URL: https://cgit.FreeBSD.org/ports/commit/?id=3Df07b3de4630f5062f4
>> de92232b6a5f5902ad21c8
>> >
>> > commit f07b3de4630f5062f4de92232b6a5f5902ad21c8
>> > Author:     Jan Beich <jbeich@FreeBSD.org>
>> > AuthorDate: 2021-09-17 21:34:14 +0000
>> > Commit:     Jan Beich <jbeich@FreeBSD.org>
>> > CommitDate: 2021-09-17 21:37:59 +0000
>> >
>> >     security/vuxml: update seatd 0.6.{0,1} entry
>> >
>> >     - Discovered 1 day before announcement
>> >     - Assigned CVE-2021-41387
>>
>> Bernhard, can you check if sysutils/seatd now needs USES=3Dcpe?
>> I've tried looking at NVD link[1] but it doesn't seem to list
>> "Known Affected Software Configurations".
>>
>> [1] https://nvd.nist.gov/vuln/detail/CVE-2021-41387
>>
>
> The source oft truth is the CPE Dictionary but I could not find a matchin=
g
> entry yet.
>
>  https://nvd.nist.gov/products/cpe/search/results?
> namingFormat=3D2.3&keyword=3Dseatd
>
> This is a nice example to check the timing when it is added to the CPE
> Dictionary. The CVE entry is currently in received state.
>

It took quite long but the CVE has switched to analyzed.

 https://nvd.nist.gov/vuln/detail/CVE-2021-41387

The used CPE is cpe:2.3:a:seatd_project:seatd so adding USES=3Dcpe and
CPE_VENDOR=3Dseatd_project will be correct.

Now I wonder when the CPE entry will be added to the CPE dictionary.


--=20
Bernhard Froehlich
http://www.bluelife.at/