svn commit: r475048 - head/security/vuxml
Tijl Coosemans
tijl at FreeBSD.org
Tue Aug 7 10:34:45 UTC 2018
On Sat, 21 Jul 2018 06:50:36 +0000 (UTC) Ben Woods <woodsb02 at FreeBSD.org> wrote:
> Author: woodsb02
> Date: Sat Jul 21 06:50:36 2018
> New Revision: 475048
> URL: https://svnweb.freebsd.org/changeset/ports/475048
>
> Log:
> security/vuxml: document VLC vulnerability
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Sat Jul 21 02:13:28 2018 (r475047)
> +++ head/security/vuxml/vuln.xml Sat Jul 21 06:50:36 2018 (r475048)
> @@ -58,6 +58,42 @@ Notes:
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="dc57ad48-ecbb-439b-a4d0-5869be47684e">
> + <topic>vlc -- Use after free vulnerability</topic>
> + <affects>
> + <package>
> + <name>vlc</name>
> + <range><le>2.2.8_6,4</le></range>
> + </package>
> + <package>
> + <name>vlc-qt4</name>
> + <range><le>2.2.8_6,4</le></range>
Please never use <le>. The port has been bumped without fixing the issue
and is no longer marked vulnerable. Use <ge>first vulnerable version</ge>
and/or <lt>first fixed version</lt>. AFAICT <gt> and <le> are always
wrong. In this case you could use <ge>*</ge>.
More information about the svn-ports-head
mailing list