Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 6 Apr 2017 23:48:39 +0800
From:      Sunpoet Po-Chuan Hsieh <sunpoet@freebsd.org>
To:        Jason Unovitch <junovitch@freebsd.org>
Cc:        Adam Weinberger <adamw@adamw.org>, Bernard Spil <brnrd@freebsd.org>, svn-ports-head@freebsd.org,  svn-ports-all@freebsd.org, ports-committers@freebsd.org
Subject:   Re: svn commit: r437790 - head/security/vuxml
Message-ID:  <CAMHz58TGb9UKTENy-t_PfWY018a6O-U2KCfdgV%2BqKJx8b1x%2Bow@mail.gmail.com>
In-Reply-To: <20170406133840.GA9711@FreeBSD.org>
References:  <201704051434.v35EYFBe007232@repo.freebsd.org> <CAC9A777-C72E-42C1-9F6A-E8FB834814CF@adamw.org> <20170406133840.GA9711@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 6, 2017 at 9:38 PM, Jason Unovitch <junovitch@freebsd.org>
wrote:

> On Thu, Apr 06, 2017 at 07:00:01AM -0600, Adam Weinberger wrote:
> > > On 5 Apr, 2017, at 8:34, Bernard Spil <brnrd@freebsd.org> wrote:
> > >
> > > Author: brnrd
> > > Date: Wed Apr  5 14:34:15 2017
> > > New Revision: 437790
> > > URL: https://svnweb.freebsd.org/changeset/ports/437790
> > >
> > > Log:
> > >  security/vuxml: Document curl vulnerability
> > >
> > > Modified:
> > >  head/security/vuxml/vuln.xml
> > >
> > > Modified: head/security/vuxml/vuln.xml
> > > ============================================================
> ==================
> > > --- head/security/vuxml/vuln.xml    Wed Apr  5 14:24:09 2017
> (r437789)
> > > +++ head/security/vuxml/vuln.xml    Wed Apr  5 14:34:15 2017
> (r437790)
> > > @@ -58,6 +58,39 @@ Notes:
> > >   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> > > -->
> > > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
> > > +  <vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf">
> > > +    <topic> -- </topic>
> > > +    <affects>
> > > +      <package>
> > > +   <name>curl</name>
> > > +   <range><ge>6.5</ge><lt>7.54.0</lt></range>
> >
> > The port wasn't updated to 7.54.0, the CVE patch was added to 7.53.1.
> Shouldn't it be <lt>7.53.1_1</lt>? Currently, our patched port is listed as
> still being vulnerable.
> >
>
> Fixed in r437865.
> _______________________________________________
> svn-ports-all@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-ports-all
> To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
>

Thanks!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMHz58TGb9UKTENy-t_PfWY018a6O-U2KCfdgV%2BqKJx8b1x%2Bow>