Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05

Reply: Dan Langille: "Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05"
Reply: Felix Palmen : "Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05"
In reply to: Dan Langille: "Re: git: a580d36be4c7 - main - security/vuxml: add FreeBSD SA released on 2023-12-05"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Philip Paeps <philip_at_freebsd.org>
Date: Thu, 07 Dec 2023 04:55:43 UTC

On 2023-12-07 09:10:31 (+0800), Dan Langille wrote:
> On Wed, Dec 6, 2023, at 7:52 PM, Philip Paeps wrote:
>> On 2023-12-07 08:43:21 (+0800), Dan Langille wrote:
>>> Why don't we check them and record them separately?
>>
>> I already record them separately in vuxml.  If a vulnerability only
>> affects userland, I record 
>> <package><name>FreeBSD</name>[...]</package>.
>> If the kernel is affected I record
>> <package><name>FreeBSD-kernel</name>[...]</package>.
>>
>> Hmm ... is that the problem?  Should I set the versions to the 
>> *kernel*
>> patch level for FreeBSD-kernel vulnerabilities?
>
> First, let's test if that fixes it.
>
> This fixes it for me:
>
>         <range><ge>13.2</ge><lt>13.2_4</lt></range>
>
> [...]
>
>> Is something going to get upset if I change the most recent entry to 
>> <lt>12.2_4</lt>?
>
> That I don't know.
>
> VUXML entries have AMENDED values don't they?

Thanks for testing this out.  I've pushed a <modified/> vuxml entry in 
4826396e5d15.

Philip

-- 
Philip Paeps
Senior Reality Engineer
Alternative Enterprises