pkg audit / vuln.xml failures
Sevan / Venture37
venture37 at gmail.com
Mon May 18 19:01:32 UTC 2015
On 18 May 2015 at 19:06, Mark Felder <feld at freebsd.org> wrote:
>
>
> On Sun, May 17, 2015, at 16:02, Roger Marquis wrote:
>> Does anyone know what's going on with vuln.xml updates? Over the last
>> few weeks and months CVEs and application mailing lists have announced
>> vulnerabilities for several ports that in some cases only showed up in
>> vuln.xml after several days and in other cases are still not listed
>> (despite email to the security team).
>>
>> Is there a URL outlining the policies and procedures of vuln.xml
>> maintenance?
>>
>
> I am also interested. I know there is a desire to leverage CPE in the
> future, but I've seen CPE entries take weeks to show up. Our vuln.xml
> maintenance has always been pretty solid. Is there a lack of manpower
> right now? Are there notices/reports not being processed?
>
> How can we help?
Bug reports with notice of new additions just to give a heads up at the least.
Sevan / Venture37
More information about the freebsd-security
mailing list