Date: Sun, 19 Sep 2004 10:02:37 +0200 From: Mathieu Arnold <mat@FreeBSD.org> To: freebsd-vuxml@freebsd.org Subject: Re: confused by ranges Message-ID: <5127566408FEC0289696CC7A@nescarba.in.t-online.fr> In-Reply-To: <414C6EA1.25173.34BD6CDE@localhost> References: <414C6EA1.25173.34BD6CDE@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========0F38DDCE2B6CE880543A========== Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline +-le 18/09/2004 17:21 -0400, Dan Langille =E9crivait : | I'm having a quick look through vuln.xml: |=20 | <range><ge>2.0</ge><lt>2.0.50_3</lt></range> |=20 | Intuitively, that means you are vulnerable if you have versions >=3D=20 | 2.0 or < 2.0.50_3. This one is an AND : VER > 2.0 AND VER < 2.0.50_3 | Is that correct? Is that how to apply the rules. I found the DTD=20 | confused me more than the examples did. |=20 | This is an interesting example: |=20 | <range><lt>1.1.2_1</lt></range> | <range><ge>2.0</ge></range> |=20 | Two range statements in the same package... instead of one range with=20 | two operators. Why? This one is an OR, that is VER < 1.1.2_1 or VER > 2.0 because the version can't be < 1.1.2_1 and > 2.0. --=20 Mathieu Arnold --==========0F38DDCE2B6CE880543A========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) iQEVAwUBQU09I1vROjYJ63c1AQJptQf/bneQ6dFzY9AAbp5EcJog6/fxhvmiMdov AoDMaBmhxpdR0gtadJ/r/ZYwYQLxbGVWtU27Jy4D1l73T9ox/xeUoz0vNpMDuPgi YjQy5Tc9YvsqW2nzCaggwac88eaj1c1HNQyP3SSbXnVZNaYN5Ase2bmcbG+mHq7f wcEHsb3pr96IXT6CdMhWM9TClc+bo2yD6tBs7hE1bpIy4vb3wd8Z2aLZRjn/h53q +cl2ujeSi7zVMcE3M9zHJn38R/1XkRxL3D75n9wRY6Xmyom7x59cVeJBdAx5ZqM+ SGtbcUIw/XMfAMrACq7AvoeQFvfcTBvA876K72abmCQCU51p4hdUUQ== =4vzP -----END PGP SIGNATURE----- --==========0F38DDCE2B6CE880543A==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5127566408FEC0289696CC7A>