misc/166207: fix vuxml entries for firefox3.6
Sergey Kandaurov
pluknet at gmail.com
Sat Mar 17 17:40:14 UTC 2012
>Number: 166207
>Category: misc
>Synopsis: fix vuxml entries for firefox3.6
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Mar 17 17:40:13 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Sergey Kandaurov
>Release:
>Organization:
>Environment:
>Description:
entries like this
<range><ge>3.6.*</ge><lt>3.6.26</lt></range>
do not cover packages with epoch like 3.6.*,1
>How-To-Repeat:
This command
``portaudit -v firefox-3.6.23,1''
will currently print only one correct entry.
Those for 3.6.24 and above are not correct.
>Fix:
fix entries for <3.6.26, <3.6.27, <3.6.28
Patch attached with submission follows:
--- security/vuxml/vuln.xml.orig 2012-03-17 21:28:16.000000000 +0400
+++ security/vuxml/vuln.xml 2012-03-17 21:28:49.000000000 +0400
@@ -164,7 +164,7 @@
<package>
<name>firefox</name>
<range><gt>4.0,1</gt><lt>10.0.3,1</lt></range>
- <range><ge>3.6.*</ge><lt>3.6.28</lt></range>
+ <range><ge>3.6.*,1</ge><lt>3.6.28</lt></range>
</package>
<package>
<name>linux-firefox</name>
@@ -704,7 +704,7 @@
<package>
<name>firefox</name>
<range><ge>10.0,1</ge><lt>10.0.2,1</lt></range>
- <range><ge>3.6.*</ge><lt>3.6.27</lt></range>
+ <range><ge>3.6.*,1</ge><lt>3.6.27</lt></range>
</package>
<package>
<name>linux-firefox</name>
@@ -1336,7 +1336,7 @@
<package>
<name>firefox</name>
<range><gt>4.0,1</gt><lt>10.0,1</lt></range>
- <range><ge>3.6.*</ge><lt>3.6.26</lt></range>
+ <range><ge>3.6.*,1</ge><lt>3.6.26</lt></range>
</package>
<package>
<name>linux-firefox</name>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list