svn commit: r437790 - head/security/vuxml

Thu Apr 6 15:49:21 UTC 2017

On Thu, Apr 6, 2017 at 9:38 PM, Jason Unovitch <junovitch at freebsd.org>
wrote:

> On Thu, Apr 06, 2017 at 07:00:01AM -0600, Adam Weinberger wrote:
> > > On 5 Apr, 2017, at 8:34, Bernard Spil <brnrd at freebsd.org> wrote:
> > >
> > > Author: brnrd
> > > Date: Wed Apr  5 14:34:15 2017
> > > New Revision: 437790
> > > URL: https://svnweb.freebsd.org/changeset/ports/437790
> > >
> > > Log:
> > >  security/vuxml: Document curl vulnerability
> > >
> > > Modified:
> > >  head/security/vuxml/vuln.xml
> > >
> > > Modified: head/security/vuxml/vuln.xml
> > > ============================================================
> ==================
> > > --- head/security/vuxml/vuln.xml    Wed Apr  5 14:24:09 2017
> (r437789)
> > > +++ head/security/vuxml/vuln.xml    Wed Apr  5 14:34:15 2017
> (r437790)
> > > @@ -58,6 +58,39 @@ Notes:
> > >   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> > > -->
> > > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> > > +  <vuln vid="04f29189-1a05-11e7-bc6e-b499baebfeaf">
> > > +    <topic> -- </topic>
> > > +    <affects>
> > > +      <package>
> > > +   <name>curl</name>
> > > +   <range><ge>6.5</ge><lt>7.54.0</lt></range>
> >
> > The port wasn't updated to 7.54.0, the CVE patch was added to 7.53.1.
> Shouldn't it be <lt>7.53.1_1</lt>? Currently, our patched port is listed as
> still being vulnerable.
> >
>
> Fixed in r437865.
> _______________________________________________
> svn-ports-all at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-ports-all
> To unsubscribe, send any mail to "svn-ports-all-unsubscribe at freebsd.org"
>

Thanks!