Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Nov 2015 03:53:07 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 204407] deskutils/owncloudclient: Missing VUXML entry for CVE-2015-7298
Message-ID:  <bug-204407-13-OaJ9HPM1Gr@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-204407-13@https.bugs.freebsd.org/bugzilla/>
References:  <bug-204407-13@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204407

Kubilay Kocak <koobs@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|deskutils/owncloudclient -  |deskutils/owncloudclient:
                   |Missing VUXML entry for     |Missing VUXML entry for
                   |CVE-2015-7298               |CVE-2015-7298

--- Comment #2 from Kubilay Kocak <koobs@FreeBSD.org> ---
Vulnerabilities not under embargo (public) are fine as public issues, and
perhaps better as public issues for transparency/accountability

Security issues require:

* An entry in security/vuxml
* A changeset (needs-patch) to address the vulnerability in HEAD and the
quarterly branch if the version in ports is/remains vulnerable

The issue summary at the moment only states a missing vuxml entry, but comment
0 eludes that there's still a vulnerability vector in the port.

@Sevan please clarify.

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-204407-13-OaJ9HPM1Gr>