svn commit: r475438 - head/security/vuxml
Tijl Coosemans
tijl at FreeBSD.org
Tue Aug 7 10:15:16 UTC 2018
On Fri, 27 Jul 2018 13:04:27 +0000 (UTC) Steve Wills <swills at FreeBSD.org> wrote:
> Author: swills
> Date: Fri Jul 27 13:04:27 2018
> New Revision: 475438
> URL: https://svnweb.freebsd.org/changeset/ports/475438
>
> Log:
> security/vuxml: document openjpeg issues
>
> PR: 225805
> Submitted by: VK <vlad-fbsd at acheronmedia.com>
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Fri Jul 27 13:00:45 2018 (r475437)
> +++ head/security/vuxml/vuln.xml Fri Jul 27 13:04:27 2018 (r475438)
> @@ -58,6 +58,42 @@ Notes:
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="11dc3890-0e64-11e8-99b0-d017c2987f9a">
> + <topic>OpenJPEG -- multiple vulnerabilities</topic>
> + <affects>
> + <package>
> + <name>openjpeg</name>
> + <range><le>2.3.0</le></range>
Please never use <le>. If the port gets bumped without fixing the issue
it will not be marked vulnerable. Use <ge>first vulnerable version</ge>
and/or <lt>first fixed version</lt>. AFAICT <gt> and <le> are always
wrong. In this case you could use <ge>*</ge>.
More information about the svn-ports-all
mailing list