svn commit: r437790 - head/security/vuxml
Adam Weinberger
adamw at adamw.org
Thu Apr 6 13:00:11 UTC 2017
> On 5 Apr, 2017, at 8:34, Bernard Spil <brnrd at freebsd.org> wrote:
>
> Author: brnrd
> Date: Wed Apr 5 14:34:15 2017
> New Revision: 437790
> URL: https://svnweb.freebsd.org/changeset/ports/437790
>
> Log:
> security/vuxml: Document curl vulnerability
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Wed Apr 5 14:24:09 2017 (r437789)
> +++ head/security/vuxml/vuln.xml Wed Apr 5 14:34:15 2017 (r437790)
> @@ -58,6 +58,39 @@ Notes:
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf">
> + <topic> -- </topic>
> + <affects>
> + <package>
> + <name>curl</name>
> + <range><ge>6.5</ge><lt>7.54.0</lt></range>
The port wasn't updated to 7.54.0, the CVE patch was added to 7.53.1. Shouldn't it be <lt>7.53.1_1</lt>? Currently, our patched port is listed as still being vulnerable.
# Adam
--
Adam Weinberger
adamw at adamw.org
https://www.adamw.org
More information about the svn-ports-head
mailing list