svn commit: r450767 - head/security/vuxml
Raphael Kubo da Costa
rakuco at FreeBSD.org
Wed Sep 27 16:50:22 UTC 2017
Author: rakuco
Date: Wed Sep 27 16:50:21 2017
New Revision: 450767
URL: https://svnweb.freebsd.org/changeset/ports/450767
Log:
Fix version range for libzip's CVE-2017-14107 (r450692).
I am going to land a fix for libzip 1.1.3 (the version currently in the ports
tree) instead of updating the port to 1.3.0. 1.3.0 has a different SOVERSION
number, which also requires updating dependent ports and makes MFH'ing the fix
more difficult.
PR: 222638
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Sep 27 16:41:52 2017 (r450766)
+++ head/security/vuxml/vuln.xml Wed Sep 27 16:50:21 2017 (r450767)
@@ -166,7 +166,7 @@ Notes:
<affects>
<package>
<name>libzip</name>
- <range><lt>1.3.0</lt></range>
+ <range><lt>1.1.13_1</lt></range>
</package>
</affects>
<description>
@@ -184,7 +184,7 @@ Notes:
</references>
<dates>
<discovery>2017-9-1</discovery>
- <entry>2017-9-26</entry>
+ <entry>2017-9-27</entry>
</dates>
</vuln>
More information about the svn-ports-all
mailing list