svn commit: r312626 - head/security/vuxml
Eitan Adler
eadler at freebsd.org
Wed Feb 20 14:04:11 UTC 2013
On 20 February 2013 09:01, Alexey Dokuchaev <danfe at freebsd.org> wrote:
> On Wed, Feb 20, 2013 at 01:58:20PM +0000, Ruslan Mahmatkhanov wrote:
>> New Revision: 312626
>> URL: http://svnweb.freebsd.org/changeset/ports/312626
>>
>> Log:
>> - add an entry for net/nss-pam-ldapd stack-based buffer overflow
>>
>> According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11,
>> but since we never had this version in the ports tree, mark everything
>> < 0.8.12 as vulnerable.
>
> This seems weird. Is there any limitation in VuXML that we need to cope
> with by introducing such inconsistencies with official advisories?
VuXML is intended to address FreeBSD user concerns, not upstream
concerns. There isn't a limitation here, but it makes sense to write
the VuXML <range> this way.
--
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams
More information about the svn-ports-all
mailing list