Date: Thu, 6 Apr 2017 07:00:01 -0600 From: Adam Weinberger <adamw@adamw.org> To: Bernard Spil <brnrd@freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r437790 - head/security/vuxml Message-ID: <CAC9A777-C72E-42C1-9F6A-E8FB834814CF@adamw.org> In-Reply-To: <201704051434.v35EYFBe007232@repo.freebsd.org> References: <201704051434.v35EYFBe007232@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 5 Apr, 2017, at 8:34, Bernard Spil <brnrd@freebsd.org> wrote: >=20 > Author: brnrd > Date: Wed Apr 5 14:34:15 2017 > New Revision: 437790 > URL: https://svnweb.freebsd.org/changeset/ports/437790 >=20 > Log: > security/vuxml: Document curl vulnerability >=20 > Modified: > head/security/vuxml/vuln.xml >=20 > Modified: head/security/vuxml/vuln.xml > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/security/vuxml/vuln.xml Wed Apr 5 14:24:09 2017 = (r437789) > +++ head/security/vuxml/vuln.xml Wed Apr 5 14:34:15 2017 = (r437790) > @@ -58,6 +58,39 @@ Notes: > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">; > + <vuln vid=3D"04f29189-1a05-11e7-bc6e-b499baebfeaf"> > + <topic> -- </topic> > + <affects> > + <package> > + <name>curl</name> > + <range><ge>6.5</ge><lt>7.54.0</lt></range> The port wasn't updated to 7.54.0, the CVE patch was added to 7.53.1. = Shouldn't it be <lt>7.53.1_1</lt>? Currently, our patched port is listed = as still being vulnerable. # Adam --=20 Adam Weinberger adamw@adamw.org https://www.adamw.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC9A777-C72E-42C1-9F6A-E8FB834814CF>