svn commit: r425491 - head/security/vuxml
Tijl Coosemans
tijl at FreeBSD.org
Sun Nov 6 13:34:18 UTC 2016
Author: tijl
Date: Sun Nov 6 13:34:17 2016
New Revision: 425491
URL: https://svnweb.freebsd.org/changeset/ports/425491
Log:
Undocument linux-*-expat vulnerabilities.
linux-*-expat is only used by linux-*-fontconfig to read configuration
files written in XML and by dbus-binding-tool(1) from linux-*-dbus-glib, a
development tool that generates C code from an Introspection XML file to
expose a GObject via D-Bus.
These vulnerabilities are therefore not believed to be exploitable on
FreeBSD and only cause annoying warnings and prevent installation of
linux-*-expat. It also does not look like Red Hat will provide fixes for
these any time soon.
PR: 210155
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Nov 6 13:27:16 2016 (r425490)
+++ head/security/vuxml/vuln.xml Sun Nov 6 13:34:17 2016 (r425491)
@@ -8688,11 +8688,6 @@ and CVE-2013-0155.</p>
<name>expat</name>
<range><lt>2.1.1_1</lt></range>
</package>
- <package>
- <name>linux-c6-expat</name>
- <name>linux-f10-expat</name>
- <range><ge>0</ge></range>
- </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -8716,6 +8711,7 @@ and CVE-2013-0155.</p>
<dates>
<discovery>2016-03-18</discovery>
<entry>2016-06-09</entry>
+ <modified>2016-11-06</modified>
</dates>
</vuln>
@@ -9579,14 +9575,6 @@ and CVE-2013-0155.</p>
<name>expat</name>
<range><lt>2.1.1</lt></range>
</package>
- <package>
- <name>linux-c6-expat</name>
- <range><lt>2.1.1</lt></range>
- </package>
- <package>
- <name>linux-f10-expat</name>
- <range><lt>2.1.1</lt></range>
- </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -9609,7 +9597,7 @@ and CVE-2013-0155.</p>
<dates>
<discovery>2016-05-17</discovery>
<entry>2016-05-20</entry>
- <modified>2016-06-05</modified>
+ <modified>2016-11-06</modified>
</dates>
</vuln>
More information about the svn-ports-head
mailing list