From owner-svn-ports-head@freebsd.org Thu Apr 6 15:49:20 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D9F3BD327BF for ; Thu, 6 Apr 2017 15:49:20 +0000 (UTC) (envelope-from sunpoet@sunpoet.net) Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9C11BA07 for ; Thu, 6 Apr 2017 15:49:20 +0000 (UTC) (envelope-from sunpoet@sunpoet.net) Received: by mail-oi0-x231.google.com with SMTP id d2so56190287oig.1 for ; Thu, 06 Apr 2017 08:49:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sunpoet-net.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=fVqe7nCBPiD4/74VKC5DO4rHMCmEGkZQZPH29XPLWsk=; b=YPyOcbDBMpVKY8RlSJG+WkR/Ja8T31pB4/3lNF3avm15GOny6XvD8mpa11hKq/7EXX 0RjNlNcBnrjdq6DPngmz8cNdyNBCIr21zK4Kz0o15qR7WTAQu4/uBPsVrt3ZeWn/7S4J 8x0mO25KiPG2FRecebzijLxhGVNCjL226kxUY6XoYg2vW5AVf9Tk+sG0w90P7lwM2Ff+ LecjyYw8KH/n+xRA7JWcbVYs6Rxoja921VvBAlfpzs1/4vKidRLkJUFAsL42HACpzwBG uWwOhMnZBQjmihNH/SqM5+XtGvhic+GgVOt7oOoGcuHq/noxwIQEcz+RiQSrQQRIDYOl /WXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=fVqe7nCBPiD4/74VKC5DO4rHMCmEGkZQZPH29XPLWsk=; b=QD2eu6WEWE3N+3+XKncw5KSseHMWo6Ws5WbcsLPKDKB9EX4oo+oKclCtYHdAt4FEjU tXy4aVfVl7TirvCoPPM5IjErcN+m/dl29119DZ9ZGPNjn+UbIfgnY3YGFDtnBiUDmIXN Og8Yo1kq55BQk9yjZIFaQZNq7A0v9xF0upFhgVaxHQyTc9zLr6hhPY2CEbtXW3A9kpRA vWxW9nZ1Go4FzQ4C5+pxToyGEmeS6WR26E4NY33KRsGk8B6XkbGRjaQN1L2lSXUnNR9h V7JPIgBIU6tbJtxul0GY/JhF/MqqmDG7uATV7HeBlzmEMrfX6XEIZOn6eNVerGagXzn+ w4jQ== X-Gm-Message-State: AFeK/H3ICsKqk3XYPZhx/oseu5MrlBFFNhqZdXaCd/sKPbrBqY4uCCi2vjUYiGw2QW8UC3cSU4ldgcjGDH/DLw== X-Received: by 10.157.28.142 with SMTP id l14mr16534683ota.199.1491493759814; Thu, 06 Apr 2017 08:49:19 -0700 (PDT) MIME-Version: 1.0 Sender: sunpoet@sunpoet.net Received: by 10.157.3.180 with HTTP; Thu, 6 Apr 2017 08:48:39 -0700 (PDT) In-Reply-To: <20170406133840.GA9711@FreeBSD.org> References: <201704051434.v35EYFBe007232@repo.freebsd.org> <20170406133840.GA9711@FreeBSD.org> From: Sunpoet Po-Chuan Hsieh Date: Thu, 6 Apr 2017 23:48:39 +0800 X-Google-Sender-Auth: j2bmJvZMb82H_z2iCpRzM-mbeMs Message-ID: Subject: Re: svn commit: r437790 - head/security/vuxml To: Jason Unovitch Cc: Adam Weinberger , Bernard Spil , svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Apr 2017 15:49:21 -0000 On Thu, Apr 6, 2017 at 9:38 PM, Jason Unovitch wrote: > On Thu, Apr 06, 2017 at 07:00:01AM -0600, Adam Weinberger wrote: > > > On 5 Apr, 2017, at 8:34, Bernard Spil wrote: > > > > > > Author: brnrd > > > Date: Wed Apr 5 14:34:15 2017 > > > New Revision: 437790 > > > URL: https://svnweb.freebsd.org/changeset/ports/437790 > > > > > > Log: > > > security/vuxml: Document curl vulnerability > > > > > > Modified: > > > head/security/vuxml/vuln.xml > > > > > > Modified: head/security/vuxml/vuln.xml > > > ============================================================ > ================== > > > --- head/security/vuxml/vuln.xml Wed Apr 5 14:24:09 2017 > (r437789) > > > +++ head/security/vuxml/vuln.xml Wed Apr 5 14:34:15 2017 > (r437790) > > > @@ -58,6 +58,39 @@ Notes: > > > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > > > --> > > > > > > + > > > + -- > > > + > > > + > > > + curl > > > + 6.57.54.0 > > > > The port wasn't updated to 7.54.0, the CVE patch was added to 7.53.1. > Shouldn't it be 7.53.1_1? Currently, our patched port is listed as > still being vulnerable. > > > > Fixed in r437865. > _______________________________________________ > svn-ports-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-ports-all > To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org" > Thanks!