Date: Thu, 6 Apr 2017 13:38:40 +0000 From: Jason Unovitch <junovitch@FreeBSD.org> To: Adam Weinberger <adamw@adamw.org> Cc: Bernard Spil <brnrd@freebsd.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r437790 - head/security/vuxml Message-ID: <20170406133840.GA9711@FreeBSD.org> In-Reply-To: <CAC9A777-C72E-42C1-9F6A-E8FB834814CF@adamw.org> References: <201704051434.v35EYFBe007232@repo.freebsd.org> <CAC9A777-C72E-42C1-9F6A-E8FB834814CF@adamw.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 06, 2017 at 07:00:01AM -0600, Adam Weinberger wrote: > > On 5 Apr, 2017, at 8:34, Bernard Spil <brnrd@freebsd.org> wrote: > > > > Author: brnrd > > Date: Wed Apr 5 14:34:15 2017 > > New Revision: 437790 > > URL: https://svnweb.freebsd.org/changeset/ports/437790 > > > > Log: > > security/vuxml: Document curl vulnerability > > > > Modified: > > head/security/vuxml/vuln.xml > > > > Modified: head/security/vuxml/vuln.xml > > ============================================================================== > > --- head/security/vuxml/vuln.xml Wed Apr 5 14:24:09 2017 (r437789) > > +++ head/security/vuxml/vuln.xml Wed Apr 5 14:34:15 2017 (r437790) > > @@ -58,6 +58,39 @@ Notes: > > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > > --> > > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; > > + <vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf"> > > + <topic> -- </topic> > > + <affects> > > + <package> > > + <name>curl</name> > > + <range><ge>6.5</ge><lt>7.54.0</lt></range> > > The port wasn't updated to 7.54.0, the CVE patch was added to 7.53.1. Shouldn't it be <lt>7.53.1_1</lt>? Currently, our patched port is listed as still being vulnerable. > Fixed in r437865.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170406133840.GA9711>