confused by ranges
Mathieu Arnold
mat at FreeBSD.org
Sun Sep 19 01:01:54 PDT 2004
+-le 18/09/2004 17:21 -0400, Dan Langille écrivait :
| I'm having a quick look through vuln.xml:
|
| <range><ge>2.0</ge><lt>2.0.50_3</lt></range>
|
| Intuitively, that means you are vulnerable if you have versions >=
| 2.0 or < 2.0.50_3.
This one is an AND : VER > 2.0 AND VER < 2.0.50_3
| Is that correct? Is that how to apply the rules. I found the DTD
| confused me more than the examples did.
|
| This is an interesting example:
|
| <range><lt>1.1.2_1</lt></range>
| <range><ge>2.0</ge></range>
|
| Two range statements in the same package... instead of one range with
| two operators. Why?
This one is an OR, that is VER < 1.1.2_1 or VER > 2.0
because the version can't be < 1.1.2_1 and > 2.0.
--
Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 479 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-vuxml/attachments/20040919/86ed459c/attachment.bin
More information about the freebsd-vuxml
mailing list