On 9/26/06, Simon L. Nielsen <[EMAIL PROTECTED]> wrote:
On 2006.09.26 05:27:16 +0000, Andrew Pantyukhin wrote:
> sat 2006-09-26 05:27:16 UTC
>
> FreeBSD ports repository
>
> Modified files:
> security/vuxml vuln.xml
> Log:
> - Update the unace advisory
Why did you add the Secunia advisory in the body? Isn't it just
different wording for the same issues?
The original advisory is only for 1.x. Secunia added some info
about 2.x.
Also, it's generally a bad idea to use <ge> if the port isn't fixed
since you risk someone bumping port reversion etc. and therefor
marking the port as fixed when it really isn't.
I understand. I used <le> because (1) this is a binary port and
there won't be a patch and a bump, so <lt> version+bump
does not make sense, (2) the bug has been confirmed in <=2.5
only, and winace team is not very public about security fixes,
(3) I'm the maintainer and I think the port has outlived its
usefulness, so I scheduled it for removal in a month unless
we are surprised by a brand new unace binary.
If you think that <gt> 0 or something like that is better, please
tell me and I'll fix the advisory.
Thanks!
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
