From owner-freebsd-security@FreeBSD.ORG Thu Feb 14 09:04:51 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 81AC916A417; Thu, 14 Feb 2008 09:04:51 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from falcon.cybervisiontech.com (falcon.cybervisiontech.com [217.20.163.9]) by mx1.freebsd.org (Postfix) with ESMTP id 249FD13C468; Thu, 14 Feb 2008 09:04:51 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from localhost (localhost [127.0.0.1]) by falcon.cybervisiontech.com (Postfix) with ESMTP id 1839143F401; Thu, 14 Feb 2008 11:04:49 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at falcon.cybervisiontech.com Received: from falcon.cybervisiontech.com ([127.0.0.1]) by localhost (falcon.cybervisiontech.com [127.0.0.1]) (amavisd-new, port 10027) with ESMTP id ykY150GrdnG7; Thu, 14 Feb 2008 11:04:49 +0200 (EET) Received: from [10.74.70.239] (unknown [193.138.145.53]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by falcon.cybervisiontech.com (Postfix) with ESMTP id A35C743CF29; Thu, 14 Feb 2008 11:04:32 +0200 (EET) Message-ID: <47B403FF.3060508@icyb.net.ua> Date: Thu, 14 Feb 2008 11:03:59 +0200 From: Andriy Gapon User-Agent: Thunderbird 2.0.0.9 (X11/20071208) MIME-Version: 1.0 To: remko@elvandar.org References: <47B2F3E0.1080806@icyb.net.ua> <44255.194.74.82.3.1202971755.squirrel@galain.elvandar.org> In-Reply-To: <44255.194.74.82.3.1202971755.squirrel@galain.elvandar.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Thu, 14 Feb 2008 12:31:54 +0000 Cc: freebsd-security@freebsd.org, Martin Wilke Subject: Re: portaudit: xfce vulnerabilities X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Feb 2008 09:04:51 -0000 on 14/02/2008 08:49 Remko Lodder said the following: > On Wed, February 13, 2008 2:42 pm, Andriy Gapon wrote: >> It seems that there is a mistake on this page: >> http://www.freebsd.org/ports/portaudit/024edd06-c933-11dc-810c-0016179b2dd5.html >> >> All reference URLs say that the vulnerability existed before version >> 4.4.2 and it is fixed in version 4.4.2. >> But affected version are described as: >> xfce4-panel >4.4.1_1 >> libxfce4gui >4.4.1_1 >> >> Shouldn't there be "equal or less" instead of "greater"? >> >> -- >> Andriy Gapon >> _______________________________________________ > > Hey Andriy, > > Thanks for the report, from what I know miwi was going to look at this to > match 4.4.2 so that nothing else is affected.. Remko, thanks, this makes more sense. Though, could this process be sped up a tiny bit? I am sure this is confusing users trying to upgrade from the vulnerable version. -- Andriy Gapon