Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 8 Jul 2012 12:27:47 -0700
From:      Xin LI <delphij@gmail.com>
To:        Eitan Adler <eadler@freebsd.org>
Cc:        cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org
Subject:   Re: cvs commit: ports/security/vuxml vuln.xml
Message-ID:  <CAGMYy3vL48W98bD9Jvmx%2B2pP_wX0hTYxPJgZJ%2B7f91DL1h-BFA@mail.gmail.com>
In-Reply-To: <201207081900.q68J08f7088286@repoman.freebsd.org>
References:  <201207081900.q68J08f7088286@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 8, 2012 at 12:00 PM, Eitan Adler <eadler@freebsd.org> wrote:
> eadler      2012-07-08 19:00:08 UTC
>
>   FreeBSD ports repository
>
>   Modified files:
>     security/vuxml       vuln.xml
>   Log:
>   openx reported a new security issue but does not provide any details: inform users of this.

I don't think it's right to assign same identifier to different
issues.  For 2.8.9 I think it was:

http://www.infosecstuff.com/openx-releases-patch-for-csrf-vulnerability/

And for 2.8.8 it was:

http://secunia.com/advisories/48275/

It seems that OpenX does not release any information about the
vulnerability which is a bad practice in my opinion by the way.

Cheers,
-- 
Xin LI <delphij@delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGMYy3vL48W98bD9Jvmx%2B2pP_wX0hTYxPJgZJ%2B7f91DL1h-BFA>