From owner-freebsd-security@freebsd.org  Sun Apr 11 19:36:17 2021
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 344A25D97E5
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Sun, 11 Apr 2021 19:36:17 +0000 (UTC)
 (envelope-from SRS0=d2j5=JI=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4FJMYX05SWz4VRL
 for <freebsd-security@freebsd.org>; Sun, 11 Apr 2021 19:36:15 +0000 (UTC)
 (envelope-from SRS0=d2j5=JI=quip.cz=000.fbsd@elsa.codelab.cz)
Received: from elsa.codelab.cz (localhost [127.0.0.1])
 by elsa.codelab.cz (Postfix) with ESMTP id 294152840C
 for <freebsd-security@freebsd.org>; Sun, 11 Apr 2021 21:36:08 +0200 (CEST)
Received: from illbsd.quip.test (ip-94-113-69-69.net.upcbroadband.cz
 [94.113.69.69])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by elsa.codelab.cz (Postfix) with ESMTPSA id 8D80328416
 for <freebsd-security@freebsd.org>; Sun, 11 Apr 2021 21:36:06 +0200 (CEST)
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-21:08.vm
To: freebsd-security@freebsd.org
References: <20210406202258.1642E15C4A@freefall.freebsd.org>
 <20210406202303.3B6F715D1E@freefall.freebsd.org>
 <20210406202309.EECD015EA7@freefall.freebsd.org>
 <20210411075824.fzrbnrtus6iiw2cq@robinhood.fdc.rm-rf.it>
 <20210411192125.knknarbiul3alggx@robinhood.fdc.rm-rf.it>
From: Miroslav Lachman <000.fbsd@quip.cz>
Message-ID: <ab68d1d4-5ba3-3e94-b381-3b6d86516796@quip.cz>
Date: Sun, 11 Apr 2021 21:36:05 +0200
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20210411192125.knknarbiul3alggx@robinhood.fdc.rm-rf.it>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 4FJMYX05SWz4VRL
X-Spamd-Bar: ++
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of
 SRS0=d2j5=JI=quip.cz=000.fbsd@elsa.codelab.cz has no SPF policy when checking
 94.124.105.4) smtp.mailfrom=SRS0=d2j5=JI=quip.cz=000.fbsd@elsa.codelab.cz
X-Spamd-Result: default: False [2.21 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3];
 FORGED_SENDER(0.30)[000.fbsd@quip.cz,SRS0=d2j5=JI=quip.cz=000.fbsd@elsa.codelab.cz];
 RECEIVED_SPAMHAUS_PBL(0.00)[94.113.69.69:received];
 RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[94.124.105.4:from];
 MIME_TRACE(0.00)[0:+];
 FROM_NEQ_ENVFROM(0.00)[000.fbsd@quip.cz,SRS0=d2j5=JI=quip.cz=000.fbsd@elsa.codelab.cz];
 ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ];
 MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.99)[-0.988]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1];
 SPAMHAUS_ZRD(0.00)[94.124.105.4:from:127.0.2.255];
 DMARC_NA(0.00)[quip.cz]; NEURAL_SPAM_LONG(1.00)[1.000];
 R_SPF_NA(0.00)[no SPF record];
 MAILMAN_DEST(0.00)[freebsd-security]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Apr 2021 19:36:17 -0000

On 11/04/2021 21:21, Gian Piero Carrubba wrote:
> CCing ports-secteam@ as it seems a more appropriate recipient.

Vulnerabilities in base should be handled by core secteam, not ports 
secteam. Vuxml entries should be published together with Security 
Advisories.

Miroslav Lachman


> * [Sun, Apr 11, 2021 at 09:58:24AM +0200] Gian Piero Carrubba:
>> * [Tue, Apr 06, 2021 at 08:22:58PM +0000] FreeBSD Security Advisories:
>>> FreeBSD-SA-21:08.vm                                         Security
>>
>> * [Tue, Apr 06, 2021 at 08:23:03PM +0000] FreeBSD Security Advisories:
>>> FreeBSD-SA-21:09.accept_filter                              Security
>>
>> * [Tue, Apr 06, 2021 at 08:23:09PM +0000] FreeBSD Security Advisories:
>>> FreeBSD-SA-21:10.jail_mount                                 Security
>>
>> Not sure if this is the correct list for notifying about it, but none 
>> of the above mentioned SAs has been included in 
>> https://svn.freebsd.org/ports/head/security/vuxml/vuln.xml. This is a 
>> bit of inconvenience for people using base-audit like me.
>> More in general, which is the right process for including new SAs into 
>> vuln.xml?
>>
>> Thanks,
>> Gian Piero.