ports/154918: [PATCH] security/vuxml: fix up b0rked linux-sun-jdk entries
Matthias Andree
mandree at FreeBSD.org
Sun Feb 20 19:20:07 UTC 2011
>Number: 154918
>Category: ports
>Synopsis: [PATCH] security/vuxml: fix up b0rked linux-sun-jdk entries
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 20 19:20:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Matthias Andree
>Release: FreeBSD 8.2-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD apollo.emma.line.org 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #61: Tue Feb 15 23:03:47 CET 2011
>Description:
Fix bogus linux-sun-jdk entries to avoid bogus linux-sun-jdk16 vuln.
Do this by splitting lines to make sure that ranges for 1.5.* do not span
different PORTEPOCH values. Note I've researched the actually issued
portrevisions, so the (eq) tags would be safe.
Port maintainer (secteam at FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:
--- vuxml-1.1_1.patch begins here ---
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.2312
diff -u -u -r1.2312 vuln.xml
--- vuln.xml 20 Feb 2011 05:04:28 -0000 1.2312
+++ vuln.xml 20 Feb 2011 18:16:53 -0000
@@ -22381,8 +22381,10 @@
<name>linux-sun-jdk</name>
<range><ge>1.3.0</ge><lt>1.3.1.20</lt></range>
<range><ge>1.4.0</ge><lt>1.4.2.16</lt></range>
- <range><ge>1.5.0</ge><lt>1.6.0.03</lt></range>
- <range><ge>1.5.0.b1,1</ge><lt>1.5.0.13,2</lt></range>
+ <range><eq>1.5.0.b1</eq></range>
+ <range><eq>1.5.0.b1,1</eq></range>
+ <range><ge>1.5.0,2</ge><lt>1.5.0.13,2</lt></range>
+ <range><ge>1.6.0</ge><lt>1.6.0.03</lt></range>
</package>
</affects>
<description>
@@ -43380,7 +43382,9 @@
<package>
<name>linux-sun-jdk</name>
<range><le>1.4.2.08_1</le></range>
- <range><ge>1.5.*</ge><le>1.5.2.02,2</le></range>
+ <range><eq>1.5.0b1</eq></range>
+ <range><eq>1.5.0b1,1</eq></range>
+ <range><ge>1.5.0,2</ge><le>1.5.0.02,2</le></range>
</package>
<package>
<name>linux-blackdown-jdk</name>
--- vuxml-1.1_1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list