Date: Wed, 25 Jul 2007 06:30:31 +0800 From: Xin LI <delphij@delphij.net> To: "Simon L. Nielsen" <simon@FreeBSD.ORG> Cc: cvs-ports@FreeBSD.ORG, Xin LI <delphij@FreeBSD.ORG>, cvs-all@FreeBSD.ORG, ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <46A67D87.7090108@delphij.net> In-Reply-To: <20070724222656.GD1003@zaphod.nitro.dk> References: <200707241417.l6OEH7oG049577@repoman.freebsd.org> <20070724222656.GD1003@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Simon L. Nielsen wrote: > On 2007.07.24 14:17:07 +0000, Xin LI wrote: >> delphij 2007-07-24 14:17:07 UTC >> >> FreeBSD ports repository >> >> Modified files: >> security/vuxml vuln.xml >> Log: >> The previous vuxml entry applies to jakarta-tomcat 4.0.x as well, so mark >> it as affected as well. Since there is no newer release I have used 4.1.0 >> as the "fixed" version. > > Has it actually been fixed in 4.1.0? If not you should just not set a > top version to avoid a new release which actually doesn't fix the > issue being marked secure. No. The version is chosen because that 4.1.0 is greater than the possible version (the port itself is 4.0.x). Should there be a better way to represent it, please feel free to commit a fix, thanks! Cheers,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46A67D87.7090108>