Date: Tue, 30 Sep 2008 00:46:44 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Cc: freebsd-ports-bugs@FreeBSD.org, eik@freebsd.org, secteam@freebsd.org, miwi@FreeBSD.org Subject: Re: ports/127712: bad version specification for firefox3 in VuXML entry 2273879e-8a2f-11dd-a6fe-0030843d3802 Message-ID: <20080929224643.GA1139@arthur.nitro.dk> In-Reply-To: <4q1MIJYnkAI2/uhQIJO5iMTkJO8@jzvzJIf8fRWoTzX3FjwxUqmHGm0> References: <200809291146.m8TBk1WE048611@freefall.freebsd.org> <4q1MIJYnkAI2/uhQIJO5iMTkJO8@jzvzJIf8fRWoTzX3FjwxUqmHGm0>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2008.09.29 16:08:40 +0400, Eygene Ryabinkin wrote: > Martin, good day. > > Mon, Sep 29, 2008 at 11:46:01AM +0000, miwi@FreeBSD.org wrote: > > State-Changed-Why: > > Committed. Thanks! > > I think that just changing 'firefox3' to 'firefox' is not enough: > such specification will catch firefox 2.x too: > ----- > $ pkg_info -E 'firefox<3.0.2,1' > firefox-2.0.0.17,1 > > $ sh portaudit -a > Affected package: firefox-2.0.0.17,1 > Type of problem: mozilla -- multiple vulnerabilities. > Reference: <http://www.FreeBSD.org/ports/portaudit/2273879e-8a2f-11dd-a6fe-0030843d3802.html>; > > 1 problem(s) in your installed packages found. > > You are advised to update or deinstall the affected package(s) immediately. > ----- > One should put a lower bound on firefox 3.x too: '>=3.0.0,1<3.0.2,1'. > Or I am missing something? No, I did a too quick review of the patch and didn't think about the firefox 2 part. The latest issue should fix this (at least it works for me with my vxquery(1) tests). Thanks the report! -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080929224643.GA1139>