Date: Fri, 21 Sep 2007 09:14:11 -0700 (PDT) From: Nick Barkas <snb@threerings.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/116516: [patch] security/vuxml update for buzilla createemailregexp bug Message-ID: <20070921161411.B443061DB6@smtp.earth.threerings.net> Resent-Message-ID: <200709211620.l8LGK1nk014647@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116516 >Category: ports >Synopsis: [patch] security/vuxml update for buzilla createemailregexp bug >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Sep 21 16:20:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Nick Barkas >Release: FreeBSD 6.2-RELEASE-p4 i386 >Organization: Three Rings Design >Environment: System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386 >Description: http://www.vuxml.org/freebsd/f8d3689e-6770-11dc-8be8-02e0185f8d72.html currently lists all versions of bugzilla as vulnerable to this bug, but a new release has been made which reportedly fixes it. This is just a patch to this vuxml entry modifying the package version range, and the modified date. >How-To-Repeat: >Fix: --- vuxml.patch begins here --- --- vuln.xml.orig Fri Sep 21 06:14:29 2007 +++ vuln.xml Fri Sep 21 09:05:02 2007 @@ -289,7 +289,7 @@ <affects> <package> <name>bugzilla</name> - <range><gt>0</gt></range> + <range><lt>3.0.2</lt></range> </package> </affects> <description> @@ -313,6 +313,7 @@ <dates> <discovery>2007-09-18</discovery> <entry>2007-09-20</entry> + <modified>2007-09-21</modified> </dates> </vuln> --- vuxml.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070921161411.B443061DB6>