[Bug 203227] vuln.xml incorrectly flagging ruby20 as insecure
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Dec 24 12:12:58 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203227
Matteo Panella <m.panella at level28.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |m.panella at level28.org
--- Comment #21 from Matteo Panella <m.panella at level28.org> ---
(In reply to Terry Kennedy from comment #20)
> This has been broken again in the same manner by r404311. It needs the same fix
> that was developed for this PR.
Yup, just tested locally. Changing
<affects>
<package>
<name>ruby</name>
<range><lt>2.0.0.648,1</lt></range>
<range><lt>2.1.8,1</lt></range>
<range><lt>2.2.4,1</lt></range>
</package>
</affects>
to
<affects>
<package>
<name>ruby</name>
<name>ruby20</name>
<range><ge>2.0,1</ge><lt>2.0.0.648,1</lt></range>
</package>
<package>
<name>ruby</name>
<name>ruby21</name>
<range><ge>2.1,1</ge><lt>2.1.8,1</lt></range>
</package>
<package>
<name>ruby</name>
<name>ruby22</name>
<range><ge>2.2,1</ge><lt>2.2.4,1</lt></range>
</package>
</affects>
clears the false positive (in my case, pkg audit reports ruby-2.1.8,1 as being
affected by 3b50881d-1860-4721-aab1-503290e23f6c).
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-ports-bugs
mailing list