squirrelmail vuln not published on vuxml ?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Fri Dec 29 04:36:58 PST 2006
Matthieu Michaud wrote:
> if i'm not wrong, it seems like the security issue with squirrelmail
> 1.4.8 published on squirrelmail.org is not reported on vuxml. shouldn't
> it be ?
It looks like a good candidate for that, yes. In order for such problems
to find their way into vuxml the Security Team first has to be made aware
of them. E-mail to sec-team at freebsd.org generally suffices, and it will
help them if references to security advisories, reports on Bugtraq, Secunia
and similar sites, CVE numbers etc. can be included in the report.
However making that report (along with updating the port to fix the
vulnerabilities) is the port maintainer's responsibility in the first
instance -- only if the maintainer fails to reply or deal with your
concerns should you go direct.
When updating a port to fix a security hole, adding [security] to the
synopsis (which becomes the Subject line in the gnats e-mails) and CC'ing
sec-team at freebsd.org is generally sufficient to get appropriate entries
made in vuxml and portaudit's DB.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20061229/523af5ad/signature.pgp
More information about the freebsd-ports
mailing list