Re: git: 21557ec77021 - main - security/vuxml: libspf2 >= 1.2.11_1 not vulnerable

In reply to: Philip Paeps : "git: 21557ec77021 - main - security/vuxml: libspf2 >= 1.2.11_1 not vulnerable"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Philip Paeps <philip_at_freebsd.org>
Date: Sun, 04 May 2025 03:27:34 UTC

On 2025-05-04 11:11:43 (+0800), Philip Paeps wrote:
>  	<name>libspf2</name>
> -	<range><le>1.2.11</le></range>
> +	<range><lt>1.2.11_1</lt></range>

I know these ranges are effectively identical.  We've received reports 
that at least one external vulnerability scanning tool does not catch 
that 1.2.11_1 > 1.2.11.  I hope spelling >1.2.11 as >=1.2.11_1 helps 
victims of these tools.

Philip