[Bug 288883] security/p5-Authen-SASL 2.19 showing as vulnerable on vuln.xml

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 16 Aug 2025 10:20:51 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288883

--- Comment #1 from commit-hook@FreeBSD.org ---
A commit in branch 2025Q3 references this bug:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=9c916baee01d7d640a1117cab1090ef9bea84a56

commit 9c916baee01d7d640a1117cab1090ef9bea84a56
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2025-08-16 10:07:09 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2025-08-16 10:20:25 +0000

    security/p5-Authen-SASL: Use upstream version scheme

    which brings the port version in line with the upstream and
    make security assessments easier WRT versioning.

    See
https://metacpan.org/release/EHUELS/Authen-SASL-2.1900/source/Makefile.PL#L29
    See
https://metacpan.org/release/EHUELS/Authen-SASL-2.1900/source/Changes#L2
    See
https://vuxml.freebsd.org/freebsd/defe9a20-781e-11f0-97c4-40b034429ecf.html
    which added the vulnerability CVE-2025-40918 and correctly marked 2.1900
    fixed, but we ship 2.19 instead because we forge our own version scheme.

    (cherry picked from commit 192c4d399bd4ce6eb7c398552629e6256f29e867)

    PR:             288883

 security/p5-Authen-SASL/Makefile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

-- 
You are receiving this mail because:
You are on the CC list for the bug.