Missing fixes for various ports in Q4 branch?
Vlad K.
vlad-fbsd at acheronmedia.com
Tue Dec 5 11:47:31 UTC 2017
On 2017-12-05 12:32, Patrick M. Hausen wrote:
>
> We relied on just updating the branch every night and running
> poudriere ... looks
> like I should implement something around pkg audit that sends us daily
> status
> reports.
Yes, but note that pkgaudit depends on VuXML which is also not up to
date (it's on the best effort basis just like MFH). There's some effort
going on to automate CVE entries, but until that's implemented (and if
at all, as automation depends on CPE which many ports do not have), I'd
suggest tracking CVEs independently in order to be best informed.
Following linux distros secvuln announcements (Canonical's, RedHat's,
Debian's) is a good start, so is being subscribed to oss-seclist, and of
course the NVD or Mitre feeds themselves.
* https://usn.ubuntu.com/usn/rss.xml
* https://www.debian.org/security/dsa
* https://cve.mitre.org/
It'd be very helpful if bug reports would be filed on FreeBSD's bugzilla
(https://bugs.freebsd.org) tagged with keyword "security" if any
undocumented vulns (not submitted to VuXML) are found.
--
Vlad K.
More information about the freebsd-ports
mailing list