Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Aug 2019 14:17:26 +0200
From:      Tobias Kortkamp <tobik@freebsd.org>
To:        Jochen Neumeister <joneum@freebsd.org>
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r508895 - head/security/vuxml
Message-ID:  <20190814121726.GA50509@urd.tobik.me>
In-Reply-To: <201908140722.x7E7MdSW088299@repo.freebsd.org>
References:  <201908140722.x7E7MdSW088299@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 14, 2019 at 07:22:39AM +0000, Jochen Neumeister wrote:
> Author: joneum
> Date: Wed Aug 14 07:22:39 2019
> New Revision: 508895
> URL: https://svnweb.freebsd.org/changeset/ports/508895
>=20
> Log:
>   Add entry for www/nginx and www/nginx-devel
>  =20
>   Sponsored by:	Netzkommune GmbH
>=20
> Modified:
>   head/security/vuxml/vuln.xml
>=20
> Modified: head/security/vuxml/vuln.xml
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/security/vuxml/vuln.xml	Wed Aug 14 07:08:19 2019	(r508894)
> +++ head/security/vuxml/vuln.xml	Wed Aug 14 07:22:39 2019	(r508895)
> @@ -58,6 +58,43 @@ Notes:
>    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>  -->
>  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">;
> +  <vuln vid=3D"87679fcb-be60-11e9-9051-4c72b94353b5">
> +    <topic>NGINX -- Multiple vulnerabilities</topic>
> +    <affects>
> +      <package>
> +	<name>nginx</name>
> +	<range><lt>1.16.1</lt></range>
> +      </package>

This entry is not correct:

$ pkg info -E nginx
nginx-1.16.0_1,2
$ pkg audit -f security/vuxml/vuln.xml nginx-1.16.0_1,2
0 problem(s) in 0 installed package(s) found.

www/nginx has PORTEPOCH=3D2 so the entry should have

	<range><lt>1.16.1,2</lt></range>

or users will never be informed of this via pkg audit.

--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGTBAEBCgB9FiEElXvTEJc6ePgdQuobpPCftzzFH2EFAl1T+9BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk1
N0JEMzEwOTczQTc4RjgxRDQyRUExQkE0RjA5RkI3M0NDNTFGNjEACgkQpPCftzzF
H2Eh+Qf+LWfFImWmR8THjCBEtFWMMxMXnpAX1QJOu8Xb4vgJLGeEsfs6/OTnu/Dw
1WE3GJAvJBK/2AGb4o9STLsQF48e5LmIOh4O0qepYXS2gBOAnA/k1X4zBBQ2DYRU
s0y+QQXU9yahh+CQ/WKRc1RA8qRKL/hB9lWVN+3Mf69gi20212FTp31deBV9s1tq
NnyVKLEqXC5SAdDmG6ZK79I20OfOovpbD3+zmuRNxeHkQbo0ctHcDpTlyH8iiuk+
FUNbozCuOr1wBxovoGSYxkakir2fICx9642MRhqIkNIjD8SOecC7AGf3T62jxnPH
xwde0xDJ1VzbIAHcRmvrlCRj0zuR6g==
=Xs6V
-----END PGP SIGNATURE-----

--cNdxnHkX5QqsyA0e--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190814121726.GA50509>