[EXTERNAL] Status of FreeBSD vulnerabilities in VUXML database
Miroslav Lachman
000.fbsd at quip.cz
Tue Jul 9 22:04:29 UTC 2019
Chisholm, Rick wrote on 2019/07/09 20:55:
> My understanding has always been vuXML is for ports / packages and the advisories page is for base.
Support for FreeBSD base vulnerabilities was created by Mark Felder 3
years ago
https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/
and the past Security Advisories was published in VUXML.
At this time there is no other automated system to report base system
vulnerabilities - are we really in 2019?
> -----Original Message-----
> From: owner-freebsd-security at freebsd.org <owner-freebsd-security at freebsd.org> On Behalf Of Miroslav Lachman
> Sent: July 9, 2019 2:14 PM
> To: freebsd-security at freebsd.org
> Subject: [EXTERNAL] Status of FreeBSD vulnerabilities in VUXML database
>
> This Message originated outside of the organization.
>
> What is the official status of FreeBSD Security Advisories and entries in VUXML database?
> I am asking especially because new FreeBSD base system vulnerabilities are not being added to the vuxml database. The last was added 2019-04-23 according to https://vuxml.freebsd.org/freebsd/
>
> Why?
>
> VUXML is FreeBSD's own pet so why new SAs are not added there the same day they are published as SA on https://www.freebsd.org/security/advisories.html?
>
> It makes base-audit periodic useless.
> https://www.freshports.org/security/base-audit/
>
> Kind regards
> Miroslav Lachman
> _______________________________________________
> freebsd-security at freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
>
More information about the freebsd-security
mailing list