cvs commit: ports/security/vuxml vuln.xml
Chris Rees
crees at FreeBSD.org
Mon Apr 30 19:47:42 UTC 2012
On 30 April 2012 19:15, Xin Li <delphij at delphij.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 04/30/12 11:08, Chris Rees wrote:
>> On 30 April 2012 17:51, Xin LI <delphij at freebsd.org> wrote:
>>> delphij 2012-04-30 17:51:46 UTC
>>>
>>> FreeBSD ports repository
>>>
>>> Modified files: security/vuxml vuln.xml Log: Document samba
>>> incorrect permission checks vulnerability.
>>
>> + <range><gt>3.4.*</gt><lt>3.4.17</lt></range> + </package> +
>> <package> + <name>samba35</name> +
>> <range><gt>3.5.*</gt><lt>3.5.15</lt></range> + </package> +
>> <package> + <name>samba36</name> +
>> <range><gt>3.6.*</gt><lt>3.6.5</lt></range>
>>
>> Don't you want to use <ge /> for the minimum versions in each
>> range?
>
> That's a good question, frankly I'm not sure...
>
> I used gt here because * means -NaN to me (and there is no >= -NaN but
> only > -NaN), plus, older entries do this, too. It would probably a
> good idea to use <ge>3.6.0<ge> instead, though.
>
Good point. We're better off sticking with the former though--
<ge>3.6.0</ge> misses out 3.6.a etc of course.
Chris
More information about the cvs-ports
mailing list