pkg audit / vuln.xml / no more updates for base system and kernel ??

Quip

Member

Reaction score: 13
Messages: 26

No, this is not normal from my point of view and I am really pi**ed off of it.
I tried many times to discuss it on freebsd-security@ mailing list - why SAs are not added automatically to the vuln.xml - without any reply.
Entries were mainly added by Mark Felder who invented this https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/ but he is not Security Officer.
Then I created security/base-audit to ease the monitoring of vulnerabilities for users (it is simple periodic script running daily). Now it is useless because there are no SA entries.
It seems like nobody from FreeBSD officials care about reporting vulnerabilities to users. I really don't know why. Are we really in 2019 without tool and entries to automatically check and report vulnerabilities in the base system if we have it for ports / packages?

Even if I created patch for the latest missing SA entries and submitted PR then nobody can commit it for a month https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240322
It can be so simple to just commit it that I can't get it why it was not done yet.
 

dvl@

Aspiring Daemon
Developer

Reaction score: 103
Messages: 609

Quip

Member

Reaction score: 13
Messages: 26

January entries were submitted by me.
Current NTP entry was added with entries for port version of ntp.
 
Top