From owner-freebsd-ports-bugs@freebsd.org  Wed Sep 23 16:41:33 2015
Return-Path: <owner-freebsd-ports-bugs@freebsd.org>
Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0F6BA0671C
 for <freebsd-ports-bugs@mailman.ysv.freebsd.org>;
 Wed, 23 Sep 2015 16:41:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8DE20122F
 for <freebsd-ports-bugs@FreeBSD.org>; Wed, 23 Sep 2015 16:41:33 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t8NGfXZo005130
 for <freebsd-ports-bugs@FreeBSD.org>; Wed, 23 Sep 2015 16:41:33 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-ports-bugs@FreeBSD.org
Subject: [Bug 203227] vuln.xml incorrectly flagging ruby20 as insecure
Date: Wed, 23 Sep 2015 16:41:33 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Ports Framework
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: terry@tmk.com
X-Bugzilla-Status: Open
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ports-secteam@FreeBSD.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-203227-13-hPBXL7ud2o@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-203227-13@https.bugs.freebsd.org/bugzilla/>
References: <bug-203227-13@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs/>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
 <mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2015 16:41:33 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203227

--- Comment #10 from terry@tmk.com ---
Other than some unneeded checks (ruby20 should always refer to 2.0, ruby22
should always refer to 2.2 - it is only ruby (no suffix) that can refer to
multiple versions) that type of solution seems fine.

However, with the entry updated as you show above, it is still complaining that
ruby-2.0.0.647,1 is vulnerable.

If it helps, I can give you access to a system where this is happening and
chown the vuln.xml file so you can modify it to help track down the issue.

-- 
You are receiving this mail because:
You are on the CC list for the bug.