Date: Tue, 7 Aug 2018 12:14:03 +0200 From: =?UTF-8?B?VMSzbA==?= Coosemans <tijl@FreeBSD.org> To: Steve Wills <swills@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r475438 - head/security/vuxml Message-ID: <20180807121403.1aa7b10f@kalimero.tijl.coosemans.org> In-Reply-To: <201807271304.w6RD4Rbd049642@repo.freebsd.org> References: <201807271304.w6RD4Rbd049642@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 Jul 2018 13:04:27 +0000 (UTC) Steve Wills <swills@FreeBSD.org> wrote: > Author: swills > Date: Fri Jul 27 13:04:27 2018 > New Revision: 475438 > URL: https://svnweb.freebsd.org/changeset/ports/475438 > > Log: > security/vuxml: document openjpeg issues > > PR: 225805 > Submitted by: VK <vlad-fbsd@acheronmedia.com> > > Modified: > head/security/vuxml/vuln.xml > > Modified: head/security/vuxml/vuln.xml > ============================================================================== > --- head/security/vuxml/vuln.xml Fri Jul 27 13:00:45 2018 (r475437) > +++ head/security/vuxml/vuln.xml Fri Jul 27 13:04:27 2018 (r475438) > @@ -58,6 +58,42 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid="11dc3890-0e64-11e8-99b0-d017c2987f9a"> > + <topic>OpenJPEG -- multiple vulnerabilities</topic> > + <affects> > + <package> > + <name>openjpeg</name> > + <range><le>2.3.0</le></range> Please never use <le>. If the port gets bumped without fixing the issue it will not be marked vulnerable. Use <ge>first vulnerable version</ge> and/or <lt>first fixed version</lt>. AFAICT <gt> and <le> are always wrong. In this case you could use <ge>*</ge>.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180807121403.1aa7b10f>