maintainer-feedback requested: [Bug 240227] lang/ruby24: 2.4.7,1 still marked as vulnerable
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 31 08:12:52 UTC 2019
Bugzilla Automation <bugzilla at FreeBSD.org> has asked freebsd-ruby mailing list
<ruby at FreeBSD.org> for maintainer-feedback:
Bug 240227: lang/ruby24: 2.4.7,1 still marked as vulnerable
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240227
--- Description ---
I believe the PORTEPOCH has to go in the entry for RDoc.
$ pkg audit -Fr
vulnxml file up-to-date
ruby-2.4.7,1 is vulnerable:
RDoc -- multiple jQuery vulnerabilities
CVE: CVE-2015-9251
CVE: CVE-2012-6708
WWW:
https://vuxml.FreeBSD.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html
Packages that depend on ruby: ruby24-bdb, dtrace-toolkit, portupgrade
1 problem(s) in 1 installed package(s) found.
I.e.:
<package>
<name>ruby</name>
<range><ge>2.4.0</ge><lt>2.4.7,1</lt></range>
<range><ge>2.5.0</ge><lt>2.5.6,1</lt></range>
<range><ge>2.6.0</ge><lt>2.6.3,1</lt></range>
</package>
should be:
<package>
<name>ruby</name>
<range><ge>2.4.0</ge><lt>2.4.7</lt></range>
<range><ge>2.5.0</ge><lt>2.5.6</lt></range>
<range><ge>2.6.0</ge><lt>2.6.3</lt></range>
</package>
More information about the freebsd-ruby
mailing list