svn commit: r513861 - head/security/vuxml

Cy Schubert Cy.Schubert at cschubert.com
Sun Oct 6 05:53:38 UTC 2019 

In message <20191006054201.GA62549 at urd.tobik.me>, Tobias Kortkamp writes:
> 
>
> --8t9RHnE3ZwKMSgU+
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Sun, Oct 06, 2019 at 01:48:50AM +0000, Cy Schubert wrote:
> > Author: cy
> > Date: Sun Oct  6 01:48:49 2019
> > New Revision: 513861
> > URL: https://svnweb.freebsd.org/changeset/ports/513861
> >=20
> > Log:
> >   Document two new Xpdf vulnerabilities: CVE-2019-16927 and CVE-2019-9877.
> >  =20
> >   PR:		241066
> >   Security:	https://nvd.nist.gov/vuln/detail/CVE-2019-16927
> >   Security:	https://nvd.nist.gov/vuln/detail/CVE-2019-9877
> >   Security:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-9877
> >   Security:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-169=
> 27
> >=20
> > Modified:
> >   head/security/vuxml/vuln.xml
> >=20
> > Modified: head/security/vuxml/vuln.xml
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D
> > --- head/security/vuxml/vuln.xml	Sun Oct  6 01:42:14 2019	(r51386
> 0)
> > +++ head/security/vuxml/vuln.xml	Sun Oct  6 01:48:49 2019	(r51386
> 1)
> > @@ -58,6 +58,49 @@ Notes:
> >    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> >  -->
> >  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">
> > +  <vuln vid=3D"791e8f79-e7d1-11e9-8b31-206a8a720317">
> > +    <topic>Xpdf -- Multiple Vulnerabilities</topic>
> > +    <affects>
> > +      <package>
> > +	<name>xpdf</name>
> > +	<range><lt>4.02</lt></range>
> > +      </package>
> > +      <package>
> > +	<name>xpdf4</name>
> > +	<range><lt>4.02</lt></range>
>
> Hi,
>
> the version range for xpdf4 (and maybe xpdf) is wrong.  graphics/xpdf4
> has PORTEPOCH=3D1, so it should be
>
> 	<range><lt>4.02,1</lt></range>
>
> Otherwise nobody will ever see this entry with pkg audit:
>
> $ pkg audit -f vuln.xml xpdf4-4.01_2,1
> 0 problem(s) in 0 installed package(s) found.
>
>

Thanks, fixed.


-- 
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.

More information about the svn-ports-head mailing list