Date: Sat, 16 Aug 2025 10:20:51 +0000 From: bugzilla-noreply@freebsd.org To: perl@FreeBSD.org Subject: [Bug 288883] security/p5-Authen-SASL 2.19 showing as vulnerable on vuln.xml Message-ID: <bug-288883-14331-FptwhRh9w5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-288883-14331@https.bugs.freebsd.org/bugzilla/> References: <bug-288883-14331@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288883 --- Comment #1 from commit-hook@FreeBSD.org --- A commit in branch 2025Q3 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9c916baee01d7d640a1117cab1090ef9bea84a56 commit 9c916baee01d7d640a1117cab1090ef9bea84a56 Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2025-08-16 10:07:09 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2025-08-16 10:20:25 +0000 security/p5-Authen-SASL: Use upstream version scheme which brings the port version in line with the upstream and make security assessments easier WRT versioning. See https://metacpan.org/release/EHUELS/Authen-SASL-2.1900/source/Makefile.PL#L29 See https://metacpan.org/release/EHUELS/Authen-SASL-2.1900/source/Changes#L2 See https://vuxml.freebsd.org/freebsd/defe9a20-781e-11f0-97c4-40b034429ecf.html which added the vulnerability CVE-2025-40918 and correctly marked 2.1900 fixed, but we ship 2.19 instead because we forge our own version scheme. (cherry picked from commit 192c4d399bd4ce6eb7c398552629e6256f29e867) PR: 288883 security/p5-Authen-SASL/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-288883-14331-FptwhRh9w5>