From owner-cvs-all@FreeBSD.ORG Tue Jul 24 22:30:36 2007 Return-Path: Delivered-To: cvs-all@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 70C6D16A419; Tue, 24 Jul 2007 22:30:36 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.freebsd.org (Postfix) with ESMTP id E389F13C467; Tue, 24 Jul 2007 22:30:35 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id 1F978EB2544; Wed, 25 Jul 2007 06:30:35 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id X6nYS2uP9p6U; Wed, 25 Jul 2007 06:30:32 +0800 (CST) Received: from charlie.delphij.net (unknown [61.49.186.182]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 48F15EB1D61; Wed, 25 Jul 2007 06:30:32 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:user-agent:mime-version:to:cc:subject: references:in-reply-to:content-type:content-transfer-encoding; b=G/i/2cM/Dm9DBFUtibTQZErLmv8sqlfohAntGIM3otp5xD8poYPg16qCyDe79Rxfg 9Wen2YR+QvhSk+D1Izg9A== Message-ID: <46A67D87.7090108@delphij.net> Date: Wed, 25 Jul 2007 06:30:31 +0800 From: Xin LI User-Agent: Thunderbird 2.0.0.5 (X11/20070721) MIME-Version: 1.0 To: "Simon L. Nielsen" References: <200707241417.l6OEH7oG049577@repoman.freebsd.org> <20070724222656.GD1003@zaphod.nitro.dk> In-Reply-To: <20070724222656.GD1003@zaphod.nitro.dk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: cvs-ports@FreeBSD.ORG, Xin LI , cvs-all@FreeBSD.ORG, ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jul 2007 22:30:36 -0000 Simon L. Nielsen wrote: > On 2007.07.24 14:17:07 +0000, Xin LI wrote: >> delphij 2007-07-24 14:17:07 UTC >> >> FreeBSD ports repository >> >> Modified files: >> security/vuxml vuln.xml >> Log: >> The previous vuxml entry applies to jakarta-tomcat 4.0.x as well, so mark >> it as affected as well. Since there is no newer release I have used 4.1.0 >> as the "fixed" version. > > Has it actually been fixed in 4.1.0? If not you should just not set a > top version to avoid a new release which actually doesn't fix the > issue being marked secure. No. The version is chosen because that 4.1.0 is greater than the possible version (the port itself is 4.0.x). Should there be a better way to represent it, please feel free to commit a fix, thanks! Cheers,