svn commit: r304136 - head/security/vuxml

Alexey Dokuchaev danfe at
Wed Sep 12 14:07:43 UTC 2012

On Wed, Sep 12, 2012 at 09:33:10AM -0400, Eitan Adler wrote:
> You can be patched against the first issue but still be vulnerable to
> the latter. One rule of thumb is if the version numbers differ between
> what was fixed it should be a separate VuXML.
> VuXML doesn't track the underlying issue, it tracks what would helpful
> for sysadmins or desktop users.
> Think about it this way:
> - User sees warning for vuxml vid N
> - User updates
> - A few days later user sees a warning for vid N again
> - User is confused

He should not be: vulnerability description was updated accordingly.  As for
version numbers, it should not be an issue since previously I was more
conservative and now the range(s) cover all the spectrum.  In fact, I would
be confused to see two very similar VuXML vids.

That said, if you still prefer to have two separate entries, let it be so,
I'll update it.


More information about the svn-ports-all mailing list