From owner-freebsd-vuxml@FreeBSD.ORG Sun Sep 26 18:05:04 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6451B16A4CF for ; Sun, 26 Sep 2004 18:05:04 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07D4A43D49 for ; Sun, 26 Sep 2004 18:05:04 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 009B45487E; Sun, 26 Sep 2004 13:05:00 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 01197-10; Sun, 26 Sep 2004 13:04:48 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id ACB7B54861; Sun, 26 Sep 2004 13:04:48 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id D460F6D468; Sun, 26 Sep 2004 13:04:36 -0500 (CDT) Date: Sun, 26 Sep 2004 13:04:36 -0500 From: "Jacques A. Vidrine" To: Dan Langille Message-ID: <20040926180436.GA20112@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Dan Langille , freebsd-vuxml@freebsd.org References: <20040925221034.T54484@xeon.unixathome.org> <4155A7A2.15775.198F30A@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040925221034.T54484@xeon.unixathome.org> <4155A7A2.15775.198F30A@localhost> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-vuxml@freebsd.org Subject: vuxml corrections (was Re: FreshPorts :: VuXML - 6e740881-0cae-11d9-8a8a-000c41e2cdad) X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Sep 2004 18:05:04 -0000 Thanks for catching and reporting these, Dan! On Sat, Sep 25, 2004 at 05:15:14PM -0400, Dan Langille wrote: > Hi folks, > > I'm looking for additional pairs of eyes to verify that FreshPorts > has marked the correct commits for: > > 6e740881-0cae-11d9-8a8a-000c41e2cdad > > The FreshPorts pages to view are: > > > > Nothing affect by this vuln. It seems the affecte versions where > never put into our tree. Ranges are: > > 1.7.a,21.7 > 1.8.a,21.8.a2,2 > > Should that top one be 1.7,2 not 1.7? Yep! Corrected. > There are two packages with the name mozilla. In addition to the URL > listed above, see also: > > > > Nothing affecte there. We have only 1.4b-1.6a in the tree. Looks > good. I think I misunderstood something. We certainly have later versions, and the referenced page lists them, e.g. mozilla-1.8.a3,2. > > > The ranges are: 1.7.a1.7 > > Nothing marked at that URL either. > > Is this looking good or bad? Yep, that looks good! On Sat, Sep 25, 2004 at 10:13:18PM -0400, Dan Langille wrote: > Hi folks, > > Just looking at "ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93" which contains > this: > > apache13 > > But, from what FreshPorts knows, there is no such package. These are the > packages it knows: > > www/apache13-ssl | apache+ssl > www/apache13-modssl+ipv6 | apache+mod_ssl+ipv6 > www/apache13-modssl | apache+mod_ssl > www/apache13-modperl | apache+mod_perl > www/apache13+ipv6 | apache+ipv6 > www/apache13 | apache > www/apache-jserv | apache-jserv > www/apache2 | apache > www/apache-forrest | apache-forrest > www/apache-contrib | apache-contrib > net/apache-soap | apache-soap > devel/apache-ant | apache-ant > sysutils/apachetop | apachetop > > Should the vuln be changed? Is FreshPorts wrong? You are correct, the element is wrong. Corrected. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org