On 11/04/2021 21:21, Gian Piero Carrubba wrote:> CCing ports-secteam@ as it seems a more appropriate recipient.
Vulnerabilities in base should be handled by core secteam, not ports
secteam. Vuxml entries should be published together with Security
Advisories.
Miroslav Lachman
> * [Sun, Apr 11, 2021 at 09:58:24AM +0200] Gian Piero Carrubba:
>> * [Tue, Apr 06, 2021 at 08:22:58PM +0000] FreeBSD Security Advisories:
>>> FreeBSD-SA-21:08.vm????????????????????????????????????????
Security
>>
>> * [Tue, Apr 06, 2021 at 08:23:03PM +0000] FreeBSD Security Advisories:
>>> FreeBSD-SA-21:09.accept_filter?????????????????????????????
Security
>>
>> * [Tue, Apr 06, 2021 at 08:23:09PM +0000] FreeBSD Security Advisories:
>>> FreeBSD-SA-21:10.jail_mount????????????????????????????????
Security
>>
>> Not sure if this is the correct list for notifying about it, but none
>> of the above mentioned SAs has been included in
>> https://svn.freebsd.org/ports/head/security/vuxml/vuln.xml. This is a
>> bit of inconvenience for people using base-audit like me.
>> More in general, which is the right process for including new SAs into
>> vuln.xml?
>>
>> Thanks,
>> Gian Piero.