[Bug 240227] lang/ruby24: 2.4.7,1 still marked as vulnerable
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Aug 31 08:12:52 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240227
Bug ID: 240227
Summary: lang/ruby24: 2.4.7,1 still marked as vulnerable
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ruby at FreeBSD.org
Reporter: Trond.Endrestol at ximalas.info
Flags: maintainer-feedback?(ruby at FreeBSD.org)
Assignee: ruby at FreeBSD.org
I believe the PORTEPOCH has to go in the entry for RDoc.
$ pkg audit -Fr
vulnxml file up-to-date
ruby-2.4.7,1 is vulnerable:
RDoc -- multiple jQuery vulnerabilities
CVE: CVE-2015-9251
CVE: CVE-2012-6708
WWW:
https://vuxml.FreeBSD.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html
Packages that depend on ruby: ruby24-bdb, dtrace-toolkit, portupgrade
1 problem(s) in 1 installed package(s) found.
I.e.:
<package>
<name>ruby</name>
<range><ge>2.4.0</ge><lt>2.4.7,1</lt></range>
<range><ge>2.5.0</ge><lt>2.5.6,1</lt></range>
<range><ge>2.6.0</ge><lt>2.6.3,1</lt></range>
</package>
should be:
<package>
<name>ruby</name>
<range><ge>2.4.0</ge><lt>2.4.7</lt></range>
<range><ge>2.5.0</ge><lt>2.5.6</lt></range>
<range><ge>2.6.0</ge><lt>2.6.3</lt></range>
</package>
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ruby
mailing list