ports/116516: [patch] security/vuxml update for buzilla createemailregexp bug
Nick Barkas
snb at threerings.net
Fri Sep 21 16:20:07 UTC 2007
>Number: 116516
>Category: ports
>Synopsis: [patch] security/vuxml update for buzilla createemailregexp bug
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 21 16:20:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Nick Barkas
>Release: FreeBSD 6.2-RELEASE-p4 i386
>Organization:
Three Rings Design
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
http://www.vuxml.org/freebsd/f8d3689e-6770-11dc-8be8-02e0185f8d72.html currently
lists all versions of bugzilla as vulnerable to this bug, but a new release has
been made which reportedly fixes it. This is just a patch to this vuxml entry
modifying the package version range, and the modified date.
>How-To-Repeat:
>Fix:
--- vuxml.patch begins here ---
--- vuln.xml.orig Fri Sep 21 06:14:29 2007
+++ vuln.xml Fri Sep 21 09:05:02 2007
@@ -289,7 +289,7 @@
<affects>
<package>
<name>bugzilla</name>
- <range><gt>0</gt></range>
+ <range><lt>3.0.2</lt></range>
</package>
</affects>
<description>
@@ -313,6 +313,7 @@
<dates>
<discovery>2007-09-18</discovery>
<entry>2007-09-20</entry>
+ <modified>2007-09-21</modified>
</dates>
</vuln>
--- vuxml.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list