Date: Wed, 27 Sep 2017 16:50:21 +0000 (UTC) From: Raphael Kubo da Costa <rakuco@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r450767 - head/security/vuxml Message-ID: <201709271650.v8RGoL1B045776@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rakuco Date: Wed Sep 27 16:50:21 2017 New Revision: 450767 URL: https://svnweb.freebsd.org/changeset/ports/450767 Log: Fix version range for libzip's CVE-2017-14107 (r450692). I am going to land a fix for libzip 1.1.3 (the version currently in the ports tree) instead of updating the port to 1.3.0. 1.3.0 has a different SOVERSION number, which also requires updating dependent ports and makes MFH'ing the fix more difficult. PR: 222638 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Sep 27 16:41:52 2017 (r450766) +++ head/security/vuxml/vuln.xml Wed Sep 27 16:50:21 2017 (r450767) @@ -166,7 +166,7 @@ Notes: <affects> <package> <name>libzip</name> - <range><lt>1.3.0</lt></range> + <range><lt>1.1.13_1</lt></range> </package> </affects> <description> @@ -184,7 +184,7 @@ Notes: </references> <dates> <discovery>2017-9-1</discovery> - <entry>2017-9-26</entry> + <entry>2017-9-27</entry> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709271650.v8RGoL1B045776>