ports/154918: [PATCH] security/vuxml: fix up b0rked linux-sun-jdk entries

Matthias Andree mandree at FreeBSD.org
Sun Feb 20 19:20:07 UTC 2011 

>Number:         154918
>Category:       ports
>Synopsis:       [PATCH] security/vuxml: fix up b0rked linux-sun-jdk entries
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 20 19:20:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 8.2-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD apollo.emma.line.org 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #61: Tue Feb 15 23:03:47 CET 2011
>Description:
Fix bogus linux-sun-jdk entries to avoid bogus linux-sun-jdk16 vuln.
Do this by splitting lines to make sure that ranges for 1.5.* do not span
different PORTEPOCH values. Note I've researched the actually issued
portrevisions, so the (eq) tags would be safe.

Port maintainer (secteam at FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:

--- vuxml-1.1_1.patch begins here ---
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.2312
diff -u -u -r1.2312 vuln.xml
--- vuln.xml	20 Feb 2011 05:04:28 -0000	1.2312
+++ vuln.xml	20 Feb 2011 18:16:53 -0000
@@ -22381,8 +22381,10 @@
 	<name>linux-sun-jdk</name>
 	<range><ge>1.3.0</ge><lt>1.3.1.20</lt></range>
 	<range><ge>1.4.0</ge><lt>1.4.2.16</lt></range>
-	<range><ge>1.5.0</ge><lt>1.6.0.03</lt></range>
-	<range><ge>1.5.0.b1,1</ge><lt>1.5.0.13,2</lt></range>
+	<range><eq>1.5.0.b1</eq></range>
+	<range><eq>1.5.0.b1,1</eq></range>
+	<range><ge>1.5.0,2</ge><lt>1.5.0.13,2</lt></range>
+	<range><ge>1.6.0</ge><lt>1.6.0.03</lt></range>
       </package>
     </affects>
     <description>
@@ -43380,7 +43382,9 @@
       <package>
 	<name>linux-sun-jdk</name>
 	<range><le>1.4.2.08_1</le></range>
-	<range><ge>1.5.*</ge><le>1.5.2.02,2</le></range>
+	<range><eq>1.5.0b1</eq></range>
+	<range><eq>1.5.0b1,1</eq></range>
+	<range><ge>1.5.0,2</ge><le>1.5.0.02,2</le></range>
       </package>
       <package>
 	<name>linux-blackdown-jdk</name>
--- vuxml-1.1_1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list