From owner-svn-ports-all@freebsd.org  Thu Apr  6 15:49:20 2017
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E06BED327C0
 for <svn-ports-all@mailman.ysv.freebsd.org>;
 Thu,  6 Apr 2017 15:49:20 +0000 (UTC)
 (envelope-from sunpoet@sunpoet.net)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com
 [IPv6:2607:f8b0:4003:c06::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A26DEA0A
 for <svn-ports-all@freebsd.org>; Thu,  6 Apr 2017 15:49:20 +0000 (UTC)
 (envelope-from sunpoet@sunpoet.net)
Received: by mail-oi0-x236.google.com with SMTP id b187so56285670oif.0
 for <svn-ports-all@freebsd.org>; Thu, 06 Apr 2017 08:49:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=sunpoet-net.20150623.gappssmtp.com; s=20150623;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=fVqe7nCBPiD4/74VKC5DO4rHMCmEGkZQZPH29XPLWsk=;
 b=YPyOcbDBMpVKY8RlSJG+WkR/Ja8T31pB4/3lNF3avm15GOny6XvD8mpa11hKq/7EXX
 0RjNlNcBnrjdq6DPngmz8cNdyNBCIr21zK4Kz0o15qR7WTAQu4/uBPsVrt3ZeWn/7S4J
 8x0mO25KiPG2FRecebzijLxhGVNCjL226kxUY6XoYg2vW5AVf9Tk+sG0w90P7lwM2Ff+
 LecjyYw8KH/n+xRA7JWcbVYs6Rxoja921VvBAlfpzs1/4vKidRLkJUFAsL42HACpzwBG
 uWwOhMnZBQjmihNH/SqM5+XtGvhic+GgVOt7oOoGcuHq/noxwIQEcz+RiQSrQQRIDYOl
 /WXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=fVqe7nCBPiD4/74VKC5DO4rHMCmEGkZQZPH29XPLWsk=;
 b=RoIJvE46DyziDeqFFIfNWXEZiB/qkoR5b2pO6RngULF0c8bBybZELVNTeCpRYvjR6j
 9ZHsk+OBXZdSaWZpEY5PeRKw9TSz0ZEU97N1P/OYHd9GwcBBSLcslWLW4KQmsXLq5P/N
 BBQHvw4ZAPrZr8+cKNvIAg08407SsvE9BrwaooB6oDuCJFheBDnIxld/FytTmW6RlO/0
 3msAX9XNAFcgoQjRQpQzf2qxr2BaWvhb/tCRriuiFby8aXfuQKkUajZyTR9mHVWbh8qu
 J4KEW4ZnRHA5YCuv9npS0TLidPIE9ZcP+LF2XniVyYffF0PytrrZM0G/Drk80eoU/Lnm
 Xicw==
X-Gm-Message-State: AFeK/H0K3KTO87FPBxmGKJRyeTxiTbfThIU7UJlfK5xV+/zBYC/+POtNYl0T8o8ARuvrLyyxu4yhAkDwdqYb7Q==
X-Received: by 10.157.28.142 with SMTP id l14mr16534683ota.199.1491493759814; 
 Thu, 06 Apr 2017 08:49:19 -0700 (PDT)
MIME-Version: 1.0
Sender: sunpoet@sunpoet.net
Received: by 10.157.3.180 with HTTP; Thu, 6 Apr 2017 08:48:39 -0700 (PDT)
In-Reply-To: <20170406133840.GA9711@FreeBSD.org>
References: <201704051434.v35EYFBe007232@repo.freebsd.org>
 <CAC9A777-C72E-42C1-9F6A-E8FB834814CF@adamw.org>
 <20170406133840.GA9711@FreeBSD.org>
From: Sunpoet Po-Chuan Hsieh <sunpoet@freebsd.org>
Date: Thu, 6 Apr 2017 23:48:39 +0800
X-Google-Sender-Auth: j2bmJvZMb82H_z2iCpRzM-mbeMs
Message-ID: <CAMHz58TGb9UKTENy-t_PfWY018a6O-U2KCfdgV+qKJx8b1x+ow@mail.gmail.com>
Subject: Re: svn commit: r437790 - head/security/vuxml
To: Jason Unovitch <junovitch@freebsd.org>
Cc: Adam Weinberger <adamw@adamw.org>, Bernard Spil <brnrd@freebsd.org>,
 svn-ports-head@freebsd.org, 
 svn-ports-all@freebsd.org, ports-committers@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 15:49:21 -0000

On Thu, Apr 6, 2017 at 9:38 PM, Jason Unovitch <junovitch@freebsd.org>
wrote:

> On Thu, Apr 06, 2017 at 07:00:01AM -0600, Adam Weinberger wrote:
> > > On 5 Apr, 2017, at 8:34, Bernard Spil <brnrd@freebsd.org> wrote:
> > >
> > > Author: brnrd
> > > Date: Wed Apr  5 14:34:15 2017
> > > New Revision: 437790
> > > URL: https://svnweb.freebsd.org/changeset/ports/437790
> > >
> > > Log:
> > >  security/vuxml: Document curl vulnerability
> > >
> > > Modified:
> > >  head/security/vuxml/vuln.xml
> > >
> > > Modified: head/security/vuxml/vuln.xml
> > > ============================================================
> ==================
> > > --- head/security/vuxml/vuln.xml    Wed Apr  5 14:24:09 2017
> (r437789)
> > > +++ head/security/vuxml/vuln.xml    Wed Apr  5 14:34:15 2017
> (r437790)
> > > @@ -58,6 +58,39 @@ Notes:
> > >   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> > > -->
> > > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> > > +  <vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf">
> > > +    <topic> -- </topic>
> > > +    <affects>
> > > +      <package>
> > > +   <name>curl</name>
> > > +   <range><ge>6.5</ge><lt>7.54.0</lt></range>
> >
> > The port wasn't updated to 7.54.0, the CVE patch was added to 7.53.1.
> Shouldn't it be <lt>7.53.1_1</lt>? Currently, our patched port is listed as
> still being vulnerable.
> >
>
> Fixed in r437865.
> _______________________________________________
> svn-ports-all@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-ports-all
> To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
>

Thanks!