cvs commit: ports/security/vuxml vuln.xml

Xin LI delphij at delphij.net
Tue Jul 24 22:30:36 UTC 2007


Simon L. Nielsen wrote:
> On 2007.07.24 14:17:07 +0000, Xin LI wrote:
>> delphij     2007-07-24 14:17:07 UTC
>>
>>   FreeBSD ports repository
>>
>>   Modified files:
>>     security/vuxml       vuln.xml 
>>   Log:
>>   The previous vuxml entry applies to jakarta-tomcat 4.0.x as well, so mark
>>   it as affected as well.  Since there is no newer release I have used 4.1.0
>>   as the "fixed" version.
> 
> Has it actually been fixed in 4.1.0?  If not you should just not set a
> top version to avoid a new release which actually doesn't fix the
> issue being marked secure.

No.  The version is chosen because that 4.1.0 is greater than the 
possible version (the port itself is 4.0.x).  Should there be a better 
way to represent it, please feel free to commit a fix, thanks!

Cheers,


More information about the cvs-ports mailing list