Date: Sun, 01 Jun 2025 06:02:25 +0000 From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: [Bug 286455] pkg-audit(8) listing false positives for librewolf v137.0.2 with "vuln.xml" of 20250425 Message-ID: <bug-286455-32340-CjHC3oOmMl@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-286455-32340@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286455 --- Comment #8 from ax61@disroot.org --- (In reply to Fernando ApesteguĂa from comment #7) Since opening of this PR, I have been trying to understand seemingly not taking the major version into account. From the attached JSON output ... "pkg_count": 1, "packages": { "librewolf": { "version": "137.0.2", "issue_count": 6, "issues": [ { "Affected versions": [ "< 136.0,2" ], "description": "mozilla -- memory corruption", "cve": [ "CVE-2025-1934", "CVE-2025-1935", "CVE-2025-1938" ], "url": "https://vuxml.FreeBSD.org/freebsd/b31a4e74-109d-11f0-8195-b42e991fc52e.html" }, ... Version of "librewolf" is "137.0.2"; affected versions are those less than "136.0,2". So, does the commit imply that PORTECHO causes more weight to be given to PORTEPOCH, overriding "simple" comparison of major versions? -- You are receiving this mail because: You are on the CC list for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-286455-32340-CjHC3oOmMl>