Date: Thu, 07 Dec 2023 12:55:43 +0800 From: Philip Paeps <philip@freebsd.org> To: Dan Langille <dan@langille.org> Cc: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05 Message-ID: <1A46BB39-EBBA-4E02-97A4-860DD9608000@freebsd.org> In-Reply-To: <01372e6b-0e2d-4249-9f36-fdb24b380c71@app.fastmail.com> References: <202312052304.3B5N4IOf078862@gitrepo.freebsd.org> <4c967ca4-bfa1-4e30-b330-feb94d6c765b@app.fastmail.com> <38DAC2D1-58B0-43C5-9F1E-97281068AFD5@freebsd.org> <d532ec63-66fc-410d-b397-7170a34a5f30@app.fastmail.com> <BD01492D-CF73-4A7F-8FCF-6236D25BDA1E@freebsd.org> <01372e6b-0e2d-4249-9f36-fdb24b380c71@app.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2023-12-07 09:10:31 (+0800), Dan Langille wrote: > On Wed, Dec 6, 2023, at 7:52 PM, Philip Paeps wrote: >> On 2023-12-07 08:43:21 (+0800), Dan Langille wrote: >>> Why don't we check them and record them separately? >> >> I already record them separately in vuxml. If a vulnerability only >> affects userland, I record >> <package><name>FreeBSD</name>[...]</package>. >> If the kernel is affected I record >> <package><name>FreeBSD-kernel</name>[...]</package>. >> >> Hmm ... is that the problem? Should I set the versions to the >> *kernel* >> patch level for FreeBSD-kernel vulnerabilities? > > First, let's test if that fixes it. > > This fixes it for me: > > <range><ge>13.2</ge><lt>13.2_4</lt></range> > > [...] > >> Is something going to get upset if I change the most recent entry to >> <lt>12.2_4</lt>? > > That I don't know. > > VUXML entries have AMENDED values don't they? Thanks for testing this out. I've pushed a <modified/> vuxml entry in 4826396e5d15. Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1A46BB39-EBBA-4E02-97A4-860DD9608000>