cvs commit: ports/security/vuxml vuln.xml
Andrew Pantyukhin
sat at FreeBSD.org
Tue Sep 26 10:38:02 PDT 2006
On 9/26/06, Simon L. Nielsen <simon at freebsd.org> wrote:
> On 2006.09.26 05:27:16 +0000, Andrew Pantyukhin wrote:
> > sat 2006-09-26 05:27:16 UTC
> >
> > FreeBSD ports repository
> >
> > Modified files:
> > security/vuxml vuln.xml
> > Log:
> > - Update the unace advisory
>
> Why did you add the Secunia advisory in the body? Isn't it just
> different wording for the same issues?
The original advisory is only for 1.x. Secunia added some info
about 2.x.
> Also, it's generally a bad idea to use <ge> if the port isn't fixed
> since you risk someone bumping port reversion etc. and therefor
> marking the port as fixed when it really isn't.
I understand. I used <le> because (1) this is a binary port and
there won't be a patch and a bump, so <lt> version+bump
does not make sense, (2) the bug has been confirmed in <=2.5
only, and winace team is not very public about security fixes,
(3) I'm the maintainer and I think the port has outlived its
usefulness, so I scheduled it for removal in a month unless
we are surprised by a brand new unace binary.
If you think that <gt> 0 or something like that is better, please
tell me and I'll fix the advisory.
Thanks!
More information about the cvs-ports
mailing list