Ports EOL vuxml entry
Gerhard Schmidt
estartu at ze.tum.de
Fri Aug 26 10:53:26 UTC 2016
Am 24.08.2016 um 11:36 schrieb Xin Li:
>
>
> On 8/23/16 14:23, Gerhard Schmidt wrote:
>> Is an outdated (EOL) port a vulnerability? I don't think so. It's a
>> possible vulnerability, but not a real one.
>
> Do you have an exact VuXML ID? I don't think vuxml actually warns about
> EoL'ed software, and it's likely that you have an actual issue, and
> choose to ignore it (probably for legitimate reason). If it's just
> reporting a software being outdated (rather than really vulnerable to
> something), then we should change the entry, I doubt that this is not
> the case, though.
python24-2.4.6 is vulnerable:
End of Life Ports
WWW:
https://vuxml.FreeBSD.org/freebsd/7fe7df75-6568-11e6-a590-14dae9d210b8.html
I Lists a number of ports that are outdated. Not actual vulnerability
mentioned.
> It seems to be sensible to implement Tim's suggestion, however, that
> allows the system administrator to explicitly override certain VuXML
> IDs, if they really knows what they are doing.
That would be really helpfull.
Regards
Gerhard Schmidt
--
----------------------------------------------------------
Gerhard Schmidt | E-Mail: schmidt at ze.tum.de
Technische Universität München | Jabber: estartu at ze.tum.de
WWW & Online Services |
Tel: +49 89 289-25270 | PGP-PublicKey
Fax: +49 89 289-25257 | on request
More information about the freebsd-security
mailing list