svn commit: r304136 - head/security/vuxml
Alexey Dokuchaev
danfe at FreeBSD.org
Wed Sep 12 14:07:43 UTC 2012
On Wed, Sep 12, 2012 at 09:33:10AM -0400, Eitan Adler wrote:
> You can be patched against the first issue but still be vulnerable to
> the latter. One rule of thumb is if the version numbers differ between
> what was fixed it should be a separate VuXML.
>
> VuXML doesn't track the underlying issue, it tracks what would helpful
> for sysadmins or desktop users.
>
> Think about it this way:
> - User sees warning for vuxml vid N
> - User updates
> - A few days later user sees a warning for vid N again
> - User is confused
He should not be: vulnerability description was updated accordingly. As for
version numbers, it should not be an issue since previously I was more
conservative and now the range(s) cover all the spectrum. In fact, I would
be confused to see two very similar VuXML vids.
That said, if you still prefer to have two separate entries, let it be so,
I'll update it.
./danfe
More information about the svn-ports-head
mailing list