svn commit: r490941 - head/security/vuxml
Kubilay Kocak
koobs at FreeBSD.org
Tue Jan 22 13:35:11 UTC 2019
On 22/01/2019 11:32 pm, Glen Barber wrote:
> Author: gjb
> Date: Tue Jan 22 12:32:18 2019
> New Revision: 490941
> URL: https://svnweb.freebsd.org/changeset/ports/490941
>
> Log:
> Attempt to fix vuxml build.
>
> Sponsored by: The FreeBSD Foundation
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Tue Jan 22 12:30:21 2019 (r490940)
> +++ head/security/vuxml/vuln.xml Tue Jan 22 12:32:18 2019 (r490941)
> @@ -62,7 +62,7 @@ Notes:
> <topic>www/py-requests -- Information disclosure vulnerability</topic>
> <affects>
> <package>
> - <name>py*-requests</name>
> + <name>py-requests</name>
> <range><lt>2.20.0</lt></range>
> </package>
> </affects>
>
Hi Glen,
This now doesn't match PKGNAME's (pyXY-requests).
What is/was the issue exactly?
It passed make validate and passed the pkg audit tests (see below)
mentioned in the file, in order to match any python version of the port,
future or past. This at least means pkg audit understands the globbing
pattern.
```
Additional tests can be done this way:
$ pkg audit -f ./vuln.xml py26-django-1.6
$ pkg audit -f ./vuln.xml py27-django-1.6.1
```
pkg audit -f ./vuln.xml py27-requests-2.19.0
py27-requests-2.19.0 is vulnerable:
www/py-requests -- Information disclosure vulnerability
WWW:
https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html
1 problem(s) in the installed packages found.
pkg audit -f ./vuln.xml py34-requests-2.19.0
py34-requests-2.19.0 is vulnerable:
www/py-requests -- Information disclosure vulnerability
WWW:
https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html
1 problem(s) in the installed packages found.
Note: python34 is now deleted from ports, but should still report
vulnerable if py34-foo is installed.
pkg audit -f ./vuln.xml py37-requests-2.19.0
py37-requests-2.19.0 is vulnerable:
www/py-requests -- Information disclosure vulnerability
WWW:
https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html
1 problem(s) in the installed packages found.
More information about the svn-ports-all
mailing list