https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391
--- Comment #27 from Charlie Li <[email protected]> --- Since there seems to be some insistence on clearing pkg-audit(8) alerts because of the vuxml entries, I took a further look on backporting the three currently there. All three commits, taken from the 2.12 branch, are cleanly backportable to 2.11, and thus the commits will be used directly as PATCHFILES rather than individual files in ${PATCHDIR}. The test suite passes, which for fixes within a point release let alone within the same branch is good enough. I will adjust the vuxml entries accordingly. For future reference, considering upstream's current stance on security issues, please do not add vuxml/CVE entries against this port unless fix(es) for the same vuxml/CVE entry is committed upstream (open issues and merge requests do not count). Remember that both upstream and desktop@ are ultimately volunteers. -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.
