Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05

From: Dan Langille <dan_at_langille.org>
Date: Thu, 07 Dec 2023 13:17:01 UTC
On Wed, Dec 6, 2023, at 11:55 PM, Philip Paeps wrote:
> On 2023-12-07 09:10:31 (+0800), Dan Langille wrote:
>> On Wed, Dec 6, 2023, at 7:52 PM, Philip Paeps wrote:
>>> On 2023-12-07 08:43:21 (+0800), Dan Langille wrote:
>>>> Why don't we check them and record them separately?
>>>
>>> I already record them separately in vuxml.  If a vulnerability only
>>> affects userland, I record 
>>> <package><name>FreeBSD</name>[...]</package>.
>>> If the kernel is affected I record
>>> <package><name>FreeBSD-kernel</name>[...]</package>.
>>>
>>> Hmm ... is that the problem?  Should I set the versions to the 
>>> *kernel*
>>> patch level for FreeBSD-kernel vulnerabilities?
>>
>> First, let's test if that fixes it.
>>
>> This fixes it for me:
>>
>>         <range><ge>13.2</ge><lt>13.2_4</lt></range>
>>
>> [...]
>>
>>> Is something going to get upset if I change the most recent entry to 
>>> <lt>12.2_4</lt>?
>>
>> That I don't know.
>>
>> VUXML entries have AMENDED values don't they?
>
> Thanks for testing this out.  I've pushed a <modified/> vuxml entry in 
> 4826396e5d15.

Thank you. All green on Ngaios: https://twitter.com/DLangille/status/1732750820431573086

Cheers
-- 
  Dan Langille
  dan@langille.org