Re: vulnerablities in base unreported in VuXML
- In reply to: Miroslav Lachman : "vulnerablities in base unreported in VuXML"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 13 Aug 2023 17:43:37 UTC
Again and again and again... New Security Vulnerabilities were published almost 2 weeks ago but they were not added to VuXML database again so /usr/local/etc/periodic/security/410.pkg-audit from pkg cannot report these vulnerabilities on kernel and userland on any vulnerable system. Please can Security Team add all past vulnerabilities in to VuXML and fix process of publishing future SAs that they will never be missed again? Kind regards Miroslav Lachman On 04/05/2023 19:56, Miroslav Lachman wrote: > As was noted on FreeBSD forum [1], there is problem with missing SA > entries in VuXML (again). > The last entry is from 2022-08-31 for zlip heap buffer overflow [2] > 5 SA entries are missing. Can somebody from Securitu Officers take a > look on it and publish missing entries? > And fix the SA release process for all future SAs so we do not miss any > again? Periodic 405.pkg-base-audit from pkg is usless without up to date > VuXML. > > [1] > https://forums.freebsd.org/threads/pkg-audit-vuln-xml-no-more-updates-for-base-system-and-kernel.71239/#post-609407 > [2] https://www.vuxml.org/freebsd/pkg-FreeBSD.html > > Kind regards > Miroslav Lachman >