svn commit: r437790 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Thu Apr 6 13:38:48 UTC 2017
On Thu, Apr 06, 2017 at 07:00:01AM -0600, Adam Weinberger wrote:
> > On 5 Apr, 2017, at 8:34, Bernard Spil <brnrd at freebsd.org> wrote:
> >
> > Author: brnrd
> > Date: Wed Apr 5 14:34:15 2017
> > New Revision: 437790
> > URL: https://svnweb.freebsd.org/changeset/ports/437790
> >
> > Log:
> > security/vuxml: Document curl vulnerability
> >
> > Modified:
> > head/security/vuxml/vuln.xml
> >
> > Modified: head/security/vuxml/vuln.xml
> > ==============================================================================
> > --- head/security/vuxml/vuln.xml Wed Apr 5 14:24:09 2017 (r437789)
> > +++ head/security/vuxml/vuln.xml Wed Apr 5 14:34:15 2017 (r437790)
> > @@ -58,6 +58,39 @@ Notes:
> > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> > -->
> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> > + <vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf">
> > + <topic> -- </topic>
> > + <affects>
> > + <package>
> > + <name>curl</name>
> > + <range><ge>6.5</ge><lt>7.54.0</lt></range>
>
> The port wasn't updated to 7.54.0, the CVE patch was added to 7.53.1. Shouldn't it be <lt>7.53.1_1</lt>? Currently, our patched port is listed as still being vulnerable.
>
Fixed in r437865.
More information about the svn-ports-head
mailing list