Date: Wed, 24 Aug 2016 17:36:18 +0800 From: Xin Li <delphij@delphij.net> To: freebsd-security@freebsd.org Cc: d@delphij.net, zingelman@fnal.gov Subject: Re: Ports EOL vuxml entry Message-ID: <0a6f9f6a-349a-0d03-69f8-97ad7c4d96b2@delphij.net> In-Reply-To: <a0a8f797-859e-23f7-7606-72a7dc50acb0@ze.tum.de> References: <6c3a84dc-5669-039c-6fa1-92565dd47dff@ze.tum.de> <3sHwFX4YYpz1y2W@mailrelay2.lrz.de> <a0a8f797-859e-23f7-7606-72a7dc50acb0@ze.tum.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --58FNbKvqceSHhuI4rV23PxoD7vSvL5Vpc Content-Type: multipart/mixed; boundary="ufnHtAV9TL9WqoVXsofCnme23qhgfKOhd" From: Xin Li <delphij@delphij.net> To: freebsd-security@freebsd.org Cc: d@delphij.net, zingelman@fnal.gov Message-ID: <0a6f9f6a-349a-0d03-69f8-97ad7c4d96b2@delphij.net> Subject: Re: Ports EOL vuxml entry References: <6c3a84dc-5669-039c-6fa1-92565dd47dff@ze.tum.de> <3sHwFX4YYpz1y2W@mailrelay2.lrz.de> <a0a8f797-859e-23f7-7606-72a7dc50acb0@ze.tum.de> In-Reply-To: <a0a8f797-859e-23f7-7606-72a7dc50acb0@ze.tum.de> --ufnHtAV9TL9WqoVXsofCnme23qhgfKOhd Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 8/23/16 14:23, Gerhard Schmidt wrote: > Is an outdated (EOL) port a vulnerability? I don't think so. It's a > possible vulnerability, but not a real one. Do you have an exact VuXML ID? I don't think vuxml actually warns about EoL'ed software, and it's likely that you have an actual issue, and choose to ignore it (probably for legitimate reason). If it's just reporting a software being outdated (rather than really vulnerable to something), then we should change the entry, I doubt that this is not the case, though. It seems to be sensible to implement Tim's suggestion, however, that allows the system administrator to explicitly override certain VuXML IDs, if they really knows what they are doing. Cheers, --ufnHtAV9TL9WqoVXsofCnme23qhgfKOhd-- --58FNbKvqceSHhuI4rV23PxoD7vSvL5Vpc Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXvWqVAAoJEJW2GBstM+nsu5oP/0vtzgQfX3g6eszFDEVmlvsI 0IykBfTh9DH/47qOxdexI55fbpNe8E40Zn+2xV58l9c7k9qfxIHTApqXqg9YnH9E gBNenJ4oK9pqW69evzfpjc4l1Fe86WrAh43NAjwMKgQQbI5TKy5IufRP2+YNepH9 CWAXhOXRHarB5jE6UsM3gMuI69J8hAAN01PYkZVe9Bil0yMWAWuyPjansHuhkww0 hTjiz6cUaWuwi0ZDODAzT50AKcA+2RgoxLPLnDgT6M1UqFGbM2wXc8RAN2KjtTwZ 2Wr4tboumKj6LufczLBDGbbnCGc+Ym3g4napm5az/UOj5slVrQ+U06ju1zvtPR6B UuQcrnzPeyeetwlNHvd3rpsjREb09wq5L3CF+YbSujqwxlelrYusDxF2zaocMJB8 GXGMjTfclgdbZGtNBNyXxogiH6ia0JZgv+0CHMVV+C8ZwW+2hvfXtHIxEr4obOfC nXp5TLoH3PzMatPzAMcFiyhvQlkILYsl1Poj0Kh5VUKdppTBb+HzbKJa/RzIN5WX 73LoFNce8x5ldjNOVTp0TRRLmqszCI0/erxyOPW6m+lhPrqa2wmMoQw/hsW9miRD iBpaAOUT40jDt++TgTBkxFYwlGoG7WXTQd7qsyk6srxljtUCRRHjB4TvrSJ2iGwA corhRG/VjkxjdrxzHYrV =S9i1 -----END PGP SIGNATURE----- --58FNbKvqceSHhuI4rV23PxoD7vSvL5Vpc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0a6f9f6a-349a-0d03-69f8-97ad7c4d96b2>