svn commit: r538674 - head/security/vuxml
Danilo G. Baio
dbaio at FreeBSD.org
Sat Jun 13 14:08:04 UTC 2020
Author: dbaio
Date: Sat Jun 13 14:08:03 2020
New Revision: 538674
URL: https://svnweb.freebsd.org/changeset/ports/538674
Log:
security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries
Python 3.6 and 3.7 are not vulnerable in the ports tree anymore.
Change range for python35 to <le>, suggested by swills.
PR: 246984, 246738
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat Jun 13 14:06:18 2020 (r538673)
+++ head/security/vuxml/vuln.xml Sat Jun 13 14:08:03 2020 (r538674)
@@ -1960,15 +1960,15 @@ Workaround:
</package>
<package>
<name>python37</name>
- <range><lt>3.7.8</lt></range>
+ <range><le>3.7.7</le></range>
</package>
<package>
<name>python36</name>
- <range><lt>3.6.11</lt></range>
+ <range><lt>3.6.10</lt></range>
</package>
<package>
<name>python35</name>
- <range><lt>3.5.10</lt></range>
+ <range><le>3.5.9_4</le></range>
</package>
</affects>
<description>
@@ -1990,7 +1990,7 @@ Workaround:
<dates>
<discovery>2019-10-24</discovery>
<entry>2020-05-09</entry>
- <modified>2020-06-07</modified>
+ <modified>2020-06-13</modified>
</dates>
</vuln>
@@ -2710,15 +2710,15 @@ If successful, a malicious third party could trigger e
</package>
<package>
<name>python37</name>
- <range><lt>3.7.8</lt></range>
+ <range><le>3.7.7</le></range>
</package>
<package>
<name>python36</name>
- <range><lt>3.6.11</lt></range>
+ <range><lt>3.6.10</lt></range>
</package>
<package>
<name>python35</name>
- <range><lt>3.5.10</lt></range>
+ <range><le>3.5.9_4</le></range>
</package>
<package>
<name>python27</name>
@@ -2746,7 +2746,7 @@ If successful, a malicious third party could trigger e
<dates>
<discovery>2019-11-17</discovery>
<entry>2020-04-23</entry>
- <modified>2020-06-07</modified>
+ <modified>2020-06-13</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list