From owner-freebsd-security@FreeBSD.ORG  Wed Feb 13 14:10:59 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1159916A469;
	Wed, 13 Feb 2008 14:10:59 +0000 (UTC) (envelope-from avg@icyb.net.ua)
Received: from falcon.cybervisiontech.com (falcon.cybervisiontech.com
	[217.20.163.9])
	by mx1.freebsd.org (Postfix) with ESMTP id C176E13C508;
	Wed, 13 Feb 2008 14:10:58 +0000 (UTC) (envelope-from avg@icyb.net.ua)
Received: from localhost (localhost [127.0.0.1])
	by falcon.cybervisiontech.com (Postfix) with ESMTP id 9244843E46E;
	Wed, 13 Feb 2008 15:43:00 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at falcon.cybervisiontech.com
Received: from falcon.cybervisiontech.com ([127.0.0.1])
	by localhost (falcon.cybervisiontech.com [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id CrkFAdVDK9hE; Wed, 13 Feb 2008 15:43:00 +0200 (EET)
Received: from [10.2.1.87] (gateway.cybervisiontech.com.ua [88.81.251.18])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by falcon.cybervisiontech.com (Postfix) with ESMTP id 3710143DBE9;
	Wed, 13 Feb 2008 15:43:00 +0200 (EET)
Message-ID: <47B2F3E0.1080806@icyb.net.ua>
Date: Wed, 13 Feb 2008 15:42:56 +0200
From: Andriy Gapon <avg@icyb.net.ua>
User-Agent: Thunderbird 2.0.0.9 (X11/20080123)
MIME-Version: 1.0
To: freebsd-security@freebsd.org, Martin Wilke <miwi@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Wed, 13 Feb 2008 14:48:00 +0000
Cc: 
Subject: portaudit: xfce vulnerabilities
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2008 14:10:59 -0000


It seems that there is a mistake on this page:
http://www.freebsd.org/ports/portaudit/024edd06-c933-11dc-810c-0016179b2dd5.html

All reference URLs say that the vulnerability existed before version
4.4.2 and it is fixed in version 4.4.2.
But affected version are described as:
xfce4-panel >4.4.1_1
libxfce4gui >4.4.1_1

Shouldn't there be "equal or less" instead of "greater"?

-- 
Andriy Gapon