svn commit: r304136 - head/security/vuxml
danfe at FreeBSD.org
Wed Sep 12 14:07:43 UTC 2012
On Wed, Sep 12, 2012 at 09:33:10AM -0400, Eitan Adler wrote:
> You can be patched against the first issue but still be vulnerable to
> the latter. One rule of thumb is if the version numbers differ between
> what was fixed it should be a separate VuXML.
> VuXML doesn't track the underlying issue, it tracks what would helpful
> for sysadmins or desktop users.
> Think about it this way:
> - User sees warning for vuxml vid N
> - User updates
> - A few days later user sees a warning for vid N again
> - User is confused
He should not be: vulnerability description was updated accordingly. As for
version numbers, it should not be an issue since previously I was more
conservative and now the range(s) cover all the spectrum. In fact, I would
be confused to see two very similar VuXML vids.
That said, if you still prefer to have two separate entries, let it be so,
I'll update it.
More information about the svn-ports-all