Date: Thu, 22 Mar 2007 08:26:33 +0100 From: Remko Lodder <remko@elvandar.org> To: Kris Kennaway <kris@obsecurity.org> Cc: cvs-ports@FreeBSD.org, David Thiel <lx@FreeBSD.org>, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/webcalendar Makefile distinfo Message-ID: <20070322072633.GC40205@elvandar.org> In-Reply-To: <20070320183210.GA15384@xor.obsecurity.org> References: <200703201828.l2KISn1V037775@repoman.freebsd.org> <20070320183210.GA15384@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 20, 2007 at 02:32:10PM -0400, Kris Kennaway wrote: > On Tue, Mar 20, 2007 at 06:28:49PM +0000, David Thiel wrote: > > lx 2007-03-20 18:28:49 UTC > > > > FreeBSD ports repository > > > > Modified files: > > www/webcalendar Makefile distinfo > > Log: > > Update to 1.0.5, fixing a remote variable overwrite vulnerability. > > See http://secunia.com/advisories/24403/ for more details. > > > > PR: ports/110587 > > Submitted by: Greg Larkin (maintainer) > > Approved by: edwin (mentor) > > FYI the Security: tag should be used in such situations so that the > security team flag it for inclusion in the vulnerability database. > > Kris Hi all, Yes indeed, the Security: tag can be used for that amongst others, other possible items are that Freshports (this is just an example) might be able to parse them and or keep track of them. By using this tag filtering becomes much easier, personally I scan most ports commits and look whether there is a mentioning of Security: or some reference, my life would be made a lot easier when Security: was always used for security related commits (with a reference to the source of the Security issue, and if possible the VuXML link). Thanks! -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070322072633.GC40205>