[Bug 288883] security/p5-Authen-SASL 2.19 showing as vulnerable on vuln.xml

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 16 Aug 2025 10:24:39 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288883

--- Comment #3 from Matthias Andree <mandree@FreeBSD.org> ---
Mainline also fixed:

-----

The branch main has been updated by mandree:

URL:
https://cgit.FreeBSD.org/ports/commit/?id=192c4d399bd4ce6eb7c398552629e6256f29e867

commit 192c4d399bd4ce6eb7c398552629e6256f29e867
Author:     Matthias Andree <mandree@FreeBSD.org>
AuthorDate: 2025-08-16 10:07:09 +0000
Commit:     Matthias Andree <mandree@FreeBSD.org>
CommitDate: 2025-08-16 10:11:01 +0000

    security/p5-Authen-SASL: Use upstream version scheme

    which brings the port version in line with the upstream and
    make security assessments easier WRT versioning.

    See
https://metacpan.org/release/EHUELS/Authen-SASL-2.1900/source/Makefile.PL#L29
    See
https://metacpan.org/release/EHUELS/Authen-SASL-2.1900/source/Changes#L2
    See
https://vuxml.freebsd.org/freebsd/defe9a20-781e-11f0-97c4-40b034429ecf.html
    which added the vulnerability CVE-2025-40918 and correctly marked 2.1900
    fixed, but we ship 2.19 instead because we forge our own version scheme.
---
 security/p5-Authen-SASL/Makefile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/security/p5-Authen-SASL/Makefile
b/security/p5-Authen-SASL/Makefile
index 98cf182cf2f5..476ddab022e5 100644
--- a/security/p5-Authen-SASL/Makefile
+++ b/security/p5-Authen-SASL/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=      Authen-SASL
-PORTVERSION=   2.19
-DISTVERSIONSUFFIX=     00
+PORTVERSION=   2.1900
 CATEGORIES=    security perl5
 MASTER_SITES=  CPAN
 PKGNAMEPREFIX= p5-

-- 
You are receiving this mail because:
You are on the CC list for the bug.