Date: Sun, 19 Sep 2004 10:02:37 +0200 From: Mathieu Arnold <mat@FreeBSD.org> To: freebsd-vuxml@freebsd.org Subject: Re: confused by ranges Message-ID: <5127566408FEC0289696CC7A@nescarba.in.t-online.fr> In-Reply-To: <414C6EA1.25173.34BD6CDE@localhost> References: <414C6EA1.25173.34BD6CDE@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] +-le 18/09/2004 17:21 -0400, Dan Langille écrivait : | I'm having a quick look through vuln.xml: | | <range><ge>2.0</ge><lt>2.0.50_3</lt></range> | | Intuitively, that means you are vulnerable if you have versions >= | 2.0 or < 2.0.50_3. This one is an AND : VER > 2.0 AND VER < 2.0.50_3 | Is that correct? Is that how to apply the rules. I found the DTD | confused me more than the examples did. | | This is an interesting example: | | <range><lt>1.1.2_1</lt></range> | <range><ge>2.0</ge></range> | | Two range statements in the same package... instead of one range with | two operators. Why? This one is an OR, that is VER < 1.1.2_1 or VER > 2.0 because the version can't be < 1.1.2_1 and > 2.0. -- Mathieu Arnold [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iQEVAwUBQU09I1vROjYJ63c1AQJptQf/bneQ6dFzY9AAbp5EcJog6/fxhvmiMdov AoDMaBmhxpdR0gtadJ/r/ZYwYQLxbGVWtU27Jy4D1l73T9ox/xeUoz0vNpMDuPgi YjQy5Tc9YvsqW2nzCaggwac88eaj1c1HNQyP3SSbXnVZNaYN5Ase2bmcbG+mHq7f wcEHsb3pr96IXT6CdMhWM9TClc+bo2yD6tBs7hE1bpIy4vb3wd8Z2aLZRjn/h53q +cl2ujeSi7zVMcE3M9zHJn38R/1XkRxL3D75n9wRY6Xmyom7x59cVeJBdAx5ZqM+ SGtbcUIw/XMfAMrACq7AvoeQFvfcTBvA876K72abmCQCU51p4hdUUQ== =4vzP -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5127566408FEC0289696CC7A>