Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 05 Oct 2019 22:53:31 -0700
From:      Cy Schubert <Cy.Schubert@cschubert.com>
To:        Tobias Kortkamp <tobik@freebsd.org>
Cc:        Cy Schubert <cy@freebsd.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r513861 - head/security/vuxml
Message-ID:  <201910060553.x965rVQC004137@slippy.cwsent.com>
In-Reply-To: <20191006054201.GA62549@urd.tobik.me>
References:  <201910060148.x961mok1058065@repo.freebsd.org>  <20191006054201.GA62549@urd.tobik.me>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <20191006054201.GA62549@urd.tobik.me>, Tobias Kortkamp writes:
> 
>
> --8t9RHnE3ZwKMSgU+
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Sun, Oct 06, 2019 at 01:48:50AM +0000, Cy Schubert wrote:
> > Author: cy
> > Date: Sun Oct  6 01:48:49 2019
> > New Revision: 513861
> > URL: https://svnweb.freebsd.org/changeset/ports/513861
> >=20
> > Log:
> >   Document two new Xpdf vulnerabilities: CVE-2019-16927 and CVE-2019-9877.
> >  =20
> >   PR:		241066
> >   Security:	https://nvd.nist.gov/vuln/detail/CVE-2019-16927
> >   Security:	https://nvd.nist.gov/vuln/detail/CVE-2019-9877
> >   Security:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-9877
> >   Security:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-169=
> 27
> >=20
> > Modified:
> >   head/security/vuxml/vuln.xml
> >=20
> > Modified: head/security/vuxml/vuln.xml
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D
> > --- head/security/vuxml/vuln.xml	Sun Oct  6 01:42:14 2019	(r51386
> 0)
> > +++ head/security/vuxml/vuln.xml	Sun Oct  6 01:48:49 2019	(r51386
> 1)
> > @@ -58,6 +58,49 @@ Notes:
> >    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> >  -->
> >  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">;
> > +  <vuln vid=3D"791e8f79-e7d1-11e9-8b31-206a8a720317">
> > +    <topic>Xpdf -- Multiple Vulnerabilities</topic>
> > +    <affects>
> > +      <package>
> > +	<name>xpdf</name>
> > +	<range><lt>4.02</lt></range>
> > +      </package>
> > +      <package>
> > +	<name>xpdf4</name>
> > +	<range><lt>4.02</lt></range>
>
> Hi,
>
> the version range for xpdf4 (and maybe xpdf) is wrong.  graphics/xpdf4
> has PORTEPOCH=3D1, so it should be
>
> 	<range><lt>4.02,1</lt></range>
>
> Otherwise nobody will ever see this entry with pkg audit:
>
> $ pkg audit -f vuln.xml xpdf4-4.01_2,1
> 0 problem(s) in 0 installed package(s) found.
>
>

Thanks, fixed.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910060553.x965rVQC004137>