Date: Mon, 04 Apr 2016 17:09:34 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 208522] security/vuxml: many vuln regarding the base system use bad ranges Message-ID: <bug-208522-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208522 Bug ID: 208522 Summary: security/vuxml: many vuln regarding the base system use bad ranges Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Ports Framework Assignee: ports-secteam@FreeBSD.org Reporter: mat@FreeBSD.org CC: freebsd-ports-bugs@FreeBSD.org, secteam@FreeBSD.org I was looking at BIND security issues today, and I noticed many of the vuln that have FreeBSD base system in it have bad ranges. For example: <vuln vid=3D"3c90e093-7c6e-11e2-809b-6c626d99876c"> <topic>FreeBSD -- glob(3) related resource exhaustion</topic> <affects> <package> <name>FreeBSD</name> <range><gt>7.4</gt><lt>7.4_12</lt></range> <range><gt>8.3</gt><lt>8.3_6</lt></range> <range><gt>9.0</gt><lt>9.0_6</lt></range> <range><gt>9.1</gt><lt>9.1_1</lt></range> </package> I think the ranges should be, for instance, <ge>7.4</ge><lt>7.4_12</lt>, wi= th ge, not gt. Also, there may be missing base SA in there. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-208522-13>