Date: Mon, 10 Aug 2009 10:04:06 +0200 From: Harald <hawei@free.fr> To: freebsd-stable@freebsd.org Subject: Re: status of flash9/flash10 support in RELENG_7 ? Message-ID: <20090810080406.GA1608@pollux.local.net> In-Reply-To: <20090809220452.GA56972@osiris.mauzo.dyndns.org> References: <20090725013500.GC62402@onelab2.iet.unipi.it> <20090725073805.GA11455@abigail.blackend.org> <20090806211401.GB2546@pollux.local.net> <68208453@h30.sp.ipt.ru> <20090809220452.GA56972@osiris.mauzo.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 09, 2009 at 11:04:52PM +0100, Ben Morrow wrote:
> I was about to say 'I believe the vuxml entry for firefox is incorrect',
> but I see it's been fixed. Neither 3.0.13 nor 3.5.2 are vulnerable, and
> vuxml now correctly reports this.
Today security/vuxml/vuln.xml says:
<affects>
<package>
<name>firefox</name>
<name>linux-firefox</name>
<range><lt>3.*,1</lt></range>
<range><gt>3.*,1</gt><lt>3.0.13,1</lt></range>
<range><gt>3.5.*,1</gt><lt>3.5.2,1</lt></range>
</package>
1. Could someone tell me the meaning of the ``*'' values please ?
I can't see the logic of the range lines.
2. Yesterday I installed firefox quickly with ``pkg_add -r firefox3''
and got firefox-3.0.10,1.
Portaudit declares it vulnerable which seems to correspond
to the second range line.
I guess I have to compile firefox3 to be clean ?
Harald
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090810080406.GA1608>