[Bug 251790] security/base-audit: incorrectly reports that 12.2p2 is vuln
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Dec 15 04:53:09 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251790
Philip Paeps <philip at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |philip at FreeBSD.org
--- Comment #6 from Philip Paeps <philip at FreeBSD.org> ---
Until this morning, the entry was:
<package>
<name>FreeBSD</name>
<range><ge>12.2</ge><lt>12.2_2</lt></range>
<range><ge>12.1</ge><lt>12.1_12</lt></range>
<range><ge>11.4</ge></range>
</package>
Did pkg audit interpret that as "everything above 11.4 is vulnerable" without
taking into account the narrower ranges for 12.1 and 12.2?
This morning I updated the entry to account for the recently released patch
against 11.4:
<package>
<name>FreeBSD</name>
<range><ge>12.2</ge><lt>12.2_2</lt></range>
<range><ge>12.1</ge><lt>12.1_12</lt></range>
<range><ge>11.4</ge><lt>11.4_6</lt></range>
</package>
Has this fixed pkg audit claiming that 12.2p2 is vulnerable?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list