[Bug 288883] p5-Authen-SASL 2.19 showing as vulnerable on vuln.xml

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 288883] security/p5-Authen-SASL 2.19 showing as vulnerable on vuln.xml"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 15 Aug 2025 13:46:02 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=288883

            Bug ID: 288883
           Summary: p5-Authen-SASL 2.19 showing as vulnerable on vuln.xml
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: freebsd@gbtechlab.com

Hello, in:

https://cgit.freebsd.org/ports/commit/security/p5-Authen-SASL/Makefile?id=8812d657b0ca60d28ccdb1794284f1fa2d3a495a

range is noted as:
<range><lt>2.1900</lt></range>

but that is greater than PORTVERSION of 2.19 so latest 2.19 is being reported
as vulnerable.

There may also be a mixing of PORTVERSION and DISTVERSION in the Makefile.
https://docs.freebsd.org/en/books/porters-handbook/makefiles/index.html says 

"DISTVERSIONPREFIX and DISTVERSIONSUFFIX will not be used while constructing
PORTVERSION, but only used in DISTNAME."

-- 
You are receiving this mail because:
You are the assignee for the bug.