> On 14 Aug 2017, at 05:32, Roger Marquis <marq...@roble.com> wrote: > >> I do not think that holds: >> >> <vuln vid="b6402385-533b-11e6-a7bd-14dae9d210b8"> >> 17521 <topic>php -- multiple vulnerabilities</topic> >> 17522 <affects> >> 17523 <package> >> 17524 <name>php55</name> >> 17525 <range><lt>5.5.38</lt></range> >> 17526 </package> >> >> This is an entry from svnweb, for php55, which was added in 2016(07-26). >> >> So this entry is there. Thus it did not disappear from VuXML at least. > > You are right Remko. It looks like there was a policy or at least a > practice change about a year ago. Even have an archived email from > Gerhard Schmidt who first noticed it back in Aug 2016. My fault for not > doing sufficient fact rechecking, > > So we are safe from false negatives after all. Hurray, I can stop > relying on pkg-version (for this). > > That leaves just unpackaged base as FreeBSD's remaining audit weakness.
Hi, I am happy that I can reduce your worry factor a bit ;-) Can you share what the audit weakness is? freebsd-update cron checks whether or not an update is available and then emails you. If you run -RELEASE, then that means that either an EN or SA had been released.. Cheers Remko > > Roger > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
signature.asc
Description: Message signed with OpenPGP