svn commit: r532463 - head/security/vuxml
Craig Leres
leres at freebsd.org
Wed Apr 22 18:02:09 UTC 2020
On 2020-04-22 03:44, Glen Barber wrote:
> Author: gjb
> Date: Wed Apr 22 10:44:59 2020
> New Revision: 532463
> URL: https://svnweb.freebsd.org/changeset/ports/532463
>
> Log:
> Attempt number 2 to fix the vuxml build.
>
> Sponsored by: Rubicon Communications, LLC (netgate.com)
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Wed Apr 22 10:36:57 2020 (r532462)
> +++ head/security/vuxml/vuln.xml Wed Apr 22 10:44:59 2020 (r532463)
> @@ -96,7 +96,6 @@ Notes:
> <name>FreeBSD</name>
> <range><ge>12.1</ge><lt>12.1_4</lt></range>
> <range><ge>11.3</ge><lt>11.3_8</lt></range>
> - </package>
> <name>openssl</name>
> <range><ge>1.1.1,1</ge><lt>1.1.1g,1</lt></range>
> </package>
I think the right fix here would have been to change </package> to
<package> (instead of removing it). r532468 removes the openssl versions
block completely.
What I saw this morning is that my systems were briefly reporting
openssl-1.1.1f,1 as vulnerable (1:46am PDT) and then later not
vulnerable (4:46am).
I believe the attached patch fixes this.
Craig
-------------- next part --------------
Index: security/vuxml/vuln.xml
===================================================================
--- security/vuxml/vuln.xml (revision 532491)
+++ security/vuxml/vuln.xml (working copy)
@@ -97,6 +97,10 @@
<range><ge>12.1</ge><lt>12.1_4</lt></range>
<range><ge>11.3</ge><lt>11.3_8</lt></range>
</package>
+ <package>
+ <name>openssl</name>
+ <range><ge>1.1.1,1</ge><lt>1.1.1g,1</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
More information about the svn-ports-head
mailing list