svn commit: r513861 - head/security/vuxml
Cy Schubert
Cy.Schubert at cschubert.com
Sun Oct 6 05:53:38 UTC 2019
In message <20191006054201.GA62549 at urd.tobik.me>, Tobias Kortkamp writes:
>
>
> --8t9RHnE3ZwKMSgU+
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Sun, Oct 06, 2019 at 01:48:50AM +0000, Cy Schubert wrote:
> > Author: cy
> > Date: Sun Oct 6 01:48:49 2019
> > New Revision: 513861
> > URL: https://svnweb.freebsd.org/changeset/ports/513861
> >=20
> > Log:
> > Document two new Xpdf vulnerabilities: CVE-2019-16927 and CVE-2019-9877.
> > =20
> > PR: 241066
> > Security: https://nvd.nist.gov/vuln/detail/CVE-2019-16927
> > Security: https://nvd.nist.gov/vuln/detail/CVE-2019-9877
> > Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-9877
> > Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-169=
> 27
> >=20
> > Modified:
> > head/security/vuxml/vuln.xml
> >=20
> > Modified: head/security/vuxml/vuln.xml
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D
> > --- head/security/vuxml/vuln.xml Sun Oct 6 01:42:14 2019 (r51386
> 0)
> > +++ head/security/vuxml/vuln.xml Sun Oct 6 01:48:49 2019 (r51386
> 1)
> > @@ -58,6 +58,49 @@ Notes:
> > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> > -->
> > <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">
> > + <vuln vid=3D"791e8f79-e7d1-11e9-8b31-206a8a720317">
> > + <topic>Xpdf -- Multiple Vulnerabilities</topic>
> > + <affects>
> > + <package>
> > + <name>xpdf</name>
> > + <range><lt>4.02</lt></range>
> > + </package>
> > + <package>
> > + <name>xpdf4</name>
> > + <range><lt>4.02</lt></range>
>
> Hi,
>
> the version range for xpdf4 (and maybe xpdf) is wrong. graphics/xpdf4
> has PORTEPOCH=3D1, so it should be
>
> <range><lt>4.02,1</lt></range>
>
> Otherwise nobody will ever see this entry with pkg audit:
>
> $ pkg audit -f vuln.xml xpdf4-4.01_2,1
> 0 problem(s) in 0 installed package(s) found.
>
>
Thanks, fixed.
--
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
More information about the svn-ports-head
mailing list