Site Navigation

Date:      Wed, 11 Sep 2019 11:03:56 +0200
From:      Tobias Kortkamp <tobik@freebsd.org>
To:        Bernard Spil <brnrd@freebsd.org>
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r511802 - head/security/vuxml
Message-ID:  <20190911090356.GA39847@urd.tobik.me>
In-Reply-To: <201909110830.x8B8Uvg8089076@repo.freebsd.org>
References:  <201909110830.x8B8Uvg8089076@repo.freebsd.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 11, 2019 at 08:30:57AM +0000, Bernard Spil wrote:
> Author: brnrd
> Date: Wed Sep 11 08:30:57 2019
> New Revision: 511802
> URL: https://svnweb.freebsd.org/changeset/ports/511802
>=20
> Log:
>   security/vuxml: Document OpenSSL vulnerabilities
>=20
> Modified:
>   head/security/vuxml/vuln.xml
>=20
> Modified: head/security/vuxml/vuln.xml
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/security/vuxml/vuln.xml	Wed Sep 11 08:30:16 2019	(r511801)
> +++ head/security/vuxml/vuln.xml	Wed Sep 11 08:30:57 2019	(r511802)
> @@ -58,6 +58,39 @@ Notes:
>    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>  -->
>  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">;
> +  <vuln vid=3D"9e0c6f7a-d46d-11e9-a1c7-b499baebfeaf">
> +    <topic>OpenSSL -- Multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +	<name>openssl</name>
> +	<range><lt>1.0.2t</lt></range>

Hi,

the version range here is not correct.  security/openssl has
PORTEPOCH=3D1.  It should be

	<range><lt>1.0.2t,1</lt></range>

or no one will ever be informed about it through pkg audit.

--6c2NcOVqGQ03X4Wi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGTBAEBCgB9FiEElXvTEJc6ePgdQuobpPCftzzFH2EFAl14uHlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk1
N0JEMzEwOTczQTc4RjgxRDQyRUExQkE0RjA5RkI3M0NDNTFGNjEACgkQpPCftzzF
H2EZZAgAjZakQbrLWHwjs7cNU0+Jyw7GqnSOfXxc1B3j6GoTc1U80F6jVEhRbOoX
hIMyz8elUrCwtgWyFzJd5BHJnElZrPco6Alu5USW0FYgYd9zyc8RUts85/hsNk4i
5KbTFoo5FPPTpbjwYi7jY13s6NuH2KvYOPYDH8wPe7gtW3nQy5NlrQT3o+6CpjQu
6FQ5DgreWhiyEo8BCeKVJPSdJgpu0Jcx6Amc7THgdlN5Eezn8rimIe5AjxS2TSfa
R/kexEcDZn/ToqIAw34tbOixejCGy+uzoix/MoB0WclDIRZ3Kjm0SJZuIV9rskoY
XNHpHlo1G5dNifTg6oVs6d+1BaZ9Cw==
=Bc3s
-----END PGP SIGNATURE-----

--6c2NcOVqGQ03X4Wi--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190911090356.GA39847>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact