svn commit: r538142 - head/security/vuxml
Danilo G. Baio
dbaio at FreeBSD.org
Sun Jun 7 02:20:41 UTC 2020
Author: dbaio
Date: Sun Jun 7 02:20:40 2020
New Revision: 538142
URL: https://svnweb.freebsd.org/changeset/ports/538142
Log:
security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries
CVE-2019-18348: Add missing Python packages range
CVE-2020-8492: Fix Python 3.7 entrie, it's currently affected.
After committing fixes, we'll need to change ranges again.
PR: 246984
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Jun 7 02:03:43 2020 (r538141)
+++ head/security/vuxml/vuln.xml Sun Jun 7 02:20:40 2020 (r538142)
@@ -1549,6 +1549,18 @@ Workaround:
<name>python38</name>
<range><lt>3.8.3</lt></range>
</package>
+ <package>
+ <name>python37</name>
+ <range><lt>3.7.8</lt></range>
+ </package>
+ <package>
+ <name>python36</name>
+ <range><lt>3.6.11</lt></range>
+ </package>
+ <package>
+ <name>python35</name>
+ <range><lt>3.5.10</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -1569,6 +1581,7 @@ Workaround:
<dates>
<discovery>2019-10-24</discovery>
<entry>2020-05-09</entry>
+ <modified>2020-06-07</modified>
</dates>
</vuln>
@@ -2288,7 +2301,7 @@ If successful, a malicious third party could trigger e
</package>
<package>
<name>python37</name>
- <range><lt>3.7.7</lt></range>
+ <range><lt>3.7.8</lt></range>
</package>
<package>
<name>python36</name>
@@ -2324,6 +2337,7 @@ If successful, a malicious third party could trigger e
<dates>
<discovery>2019-11-17</discovery>
<entry>2020-04-23</entry>
+ <modified>2020-06-07</modified>
</dates>
</vuln>
More information about the svn-ports-all
mailing list