svn commit: r530364 - head/security/vuxml
Sunpoet Po-Chuan Hsieh
sunpoet at FreeBSD.org
Thu Apr 2 12:22:08 UTC 2020
Author: sunpoet
Date: Thu Apr 2 12:21:59 2020
New Revision: 530364
URL: https://svnweb.freebsd.org/changeset/ports/530364
Log:
Fix rubygem-json entry (40194e1c-6d89-11ea-8082-80ee73419af3)
rubygem-json 2.3.0 was erroneously marked as vulnerable.
% cd /usr/ports/devel/rubygem-json
% make fetch
===> rubygem-json-2.3.0 has known vulnerabilities:
rubygem-json-2.3.0 is vulnerable:
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
CVE: CVE-2020-10663
WWW: https://vuxml.FreeBSD.org/freebsd/40194e1c-6d89-11ea-8082-80ee73419af3.html
1 problem(s) in 1 installed package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make: stopped in /usr/ports/devel/rubygem-json
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Apr 2 12:20:36 2020 (r530363)
+++ head/security/vuxml/vuln.xml Thu Apr 2 12:21:59 2020 (r530364)
@@ -293,7 +293,7 @@ Notes:
<affects>
<package>
<name>rubygem-json</name>
- <range><le>2.3.0</le></range>
+ <range><lt>2.3.0</lt></range>
</package>
</affects>
<description>
@@ -325,6 +325,7 @@ Notes:
<dates>
<discovery>2020-03-19</discovery>
<entry>2020-03-26</entry>
+ <modified>2020-04-02</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list