Date: Sat, 31 Aug 2019 08:12:51 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 240227] lang/ruby24: 2.4.7,1 still marked as vulnerable Message-ID: <bug-240227-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240227 Bug ID: 240227 Summary: lang/ruby24: 2.4.7,1 still marked as vulnerable Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ruby@FreeBSD.org Reporter: Trond.Endrestol@ximalas.info Flags: maintainer-feedback?(ruby@FreeBSD.org) Assignee: ruby@FreeBSD.org I believe the PORTEPOCH has to go in the entry for RDoc. $ pkg audit -Fr vulnxml file up-to-date ruby-2.4.7,1 is vulnerable: RDoc -- multiple jQuery vulnerabilities CVE: CVE-2015-9251 CVE: CVE-2012-6708 WWW: https://vuxml.FreeBSD.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html Packages that depend on ruby: ruby24-bdb, dtrace-toolkit, portupgrade 1 problem(s) in 1 installed package(s) found. I.e.: <package> <name>ruby</name> <range><ge>2.4.0</ge><lt>2.4.7,1</lt></range> <range><ge>2.5.0</ge><lt>2.5.6,1</lt></range> <range><ge>2.6.0</ge><lt>2.6.3,1</lt></range> </package> should be: <package> <name>ruby</name> <range><ge>2.4.0</ge><lt>2.4.7</lt></range> <range><ge>2.5.0</ge><lt>2.5.6</lt></range> <range><ge>2.6.0</ge><lt>2.6.3</lt></range> </package> --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240227-7788>