[Bug 203227] vuln.xml incorrectly flagging ruby20 as insecure

Wed Sep 23 17:44:23 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203227

--- Comment #15 from Mark Felder <feld at FreeBSD.org> ---
(In reply to terry from comment #13)

You're right, it would fail because our <ge> entries don't have ,1 for the
PORTEPOCH

      <package>
        <name>ruby</name>
        <name>ruby20</name>
        <range><ge>2.0,1</ge><lt>2.0.0.645,1</lt></range>
      </package>
      <package>
        <name>ruby</name>
        <range><ge>2.1,1</ge><lt>2.1.6,1</lt></range>
      </package>
      <package>
        <name>ruby</name>
        <name>ruby22</name>
        <range><ge>2.2,1</ge><lt>2.2.2,1</lt></range>
      </package>

Try that. It seems to be working when I pass various ruby versions to pkg
audit.

-- 
You are receiving this mail because:
You are on the CC list for the bug.