[Bug 227293] www/gitlab: 10.4.6 incorrectly marked as vulnerable
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Apr 5 09:39:20 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=227293
Bug ID: 227293
Summary: www/gitlab: 10.4.6 incorrectly marked as vulnerable
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: majo-bugs.freebsd.org at cerny.sk
CC: idefix at fechner.net
Flags: maintainer-feedback?(idefix at fechner.net)
CC: idefix at fechner.net
When trying to install gitlab from ports I get the following error:
****> Going to install :: www/gitlab ::
===> gitlab-10.4.6 has known vulnerabilities:
gitlab-10.4.6 is vulnerable:
Gitlab -- multiple vulnerabilities
CVE: CVE-2018-8801
WWW:
https://vuxml.FreeBSD.org/freebsd/dc0c201c-31da-11e8-ac53-d8cb8abf62dd.html
1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make: stopped in /usr/ports/www/gitlab
However the last commit into the port mentions that CVE-2018-8801, so I guess
it should be fixed.
When I check website related to the vulnerability
(https://vuxml.FreeBSD.org/freebsd/dc0c201c-31da-11e8-ac53-d8cb8abf62dd.html) I
can see the following version affected:
Affected packages
8.3 <= gitlab < 10.5.6
8.3 <= gitlab < 10.4.6
8.3 <= gitlab < 10.3.9
Isn't the problem, that 10.4.6 is marked as vulnerable caused by the first
expression 8.3 <= gitlab < 10.5.6? Shouldn't be the affected version specified
as follows?:
Affected packages
10.5.0 <= gitlab < 10.5.6
10.4.0 <= gitlab < 10.4.6
8.3 <= gitlab < 10.3.9
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list