pkg audit / vuln.xml failures

Bryan Drewery bdrewery at FreeBSD.org
Mon May 18 14:41:16 UTC 2015


On 5/17/2015 4:02 PM, Roger Marquis wrote:
> Does anyone know what's going on with vuln.xml updates?  Over the last
> few weeks and months CVEs and application mailing lists have announced
> vulnerabilities for several ports that in some cases only showed up in
> vuln.xml after several days and in other cases are still not listed
> (despite email to the security team).
> 
> Is there a URL outlining the policies and procedures of vuln.xml
> maintenance?
> 

ports-secteam@ owns this file, not secteam at . The team needs more help.
Would you like to volunteer to submit vuxml updates? Many contributors,
and committers, feel the file is not easy to contribute to.

Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20150518/b5e4603f/attachment.sig>


More information about the freebsd-ports mailing list