New port with maintainer ports@FreeBSD.org [was: Question about
maintainers]
Simon L. Nielsen
simon at FreeBSD.org
Sat Jul 30 21:00:56 GMT 2005
On 2005.07.31 00:11:40 +0430, Babak Farrokhi wrote:
> Another example: I submitted patch to update editors/vim to patchlevel
> 79, now this version is vulnerable to arbitrary command execution
> according to CAN-2005-2368. So I submitted the patchlevel 85
> (ports/84145) and also notified security-team at . But the port is still
> awaiting approval.
With my Security Team hat:
When updating port for security issues it's always a weighting of
getting the fix in ASAP and waiting for maintainer approval/review.
Waiting for the maintainer is not just a matter of courtesy, but is
also done to make sure the patch doesn't break more than it fixes. In
general the Security Team don't know much about the inner workings of
each particular port.
For this particular case I know remko@ has been working on it and has
an almost ready to commit VuXML entry for the issue. I don't know the
status of the port update, other than what the PR says.
--
Simon L. Nielsen
FreeBSD Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20050730/b1e13d4d/attachment.bin
More information about the freebsd-ports
mailing list