[Bug 259534] archivers/advancecomp: Update to 2.2.g20210429 (Fixes multiple security vulnerabilities)

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 259534] archivers/advancecomp: Update to 2.2.g20210429 and fix CVEs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 11 Nov 2021 08:23:15 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259534

--- Comment #9 from Robert Clausecker <fuz@fuz.su> ---
(In reply to Guangyuan Yang from comment #8)

There is no version out that fixes this.  I had used 2.2.* to cover the version
I had originally used for this patch (i.e. 2.2.g20210429).  The meaning is:

> In a range specification, * (asterisk) denotes the smallest version number. In particular, 2.* is less than 2.a. Therefore an asterisk may be used for a range to match all possible alpha, beta, and RC versions. For instance, <ge>2.</ge><lt>3.</lt> will selectively match every 2.x version while <ge>2.0</ge><lt>3.0</lt> will not since the latter misses 2.r3 and matches 3.b.

(see Porter's Handbook, §12.3.2 A Short Introduction to VuXML)

However it is correct that with the corrected version for this patch, this is
no longer correct.  Please change the upper bound to <lt>2.1.6</lt> to address
this.

-- 
You are receiving this mail because:
You are the assignee for the bug.