Date: Sun, 17 Sep 2006 01:45:10 +0700 From: "Vadim Goncharov" <vadimnuclight@tpu.ru> To: "Greg Lewis" <glewis@freebsd.org> Cc: freebsd-bugs@freebsd.org, bug-followup@freebsd.org, freebsd-java@freebsd.org Subject: Re: ports/103313: portaudit reports bogus java/diablo-jdk15 vulnerabity due to incorrect pkg naming Message-ID: <optfzidkw74fjv08@nuclight.avtf.net> In-Reply-To: <200609161726.k8GHQrRW013690@freefall.freebsd.org> References: <200609161726.k8GHQrRW013690@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
17.09.06 @ 00:26 Greg Lewis wrote: > Synopsis: portaudit reports bogus java/diablo-jdk15 vulnerabity due to > incorrect pkg naming > > State-Changed-From-To: open->closed > State-Changed-By: glewis > State-Changed-When: Sat Sep 16 17:26:05 UTC 2006 > State-Changed-Why: > This was fixed by remko@'s recent commit to vuln.xml (rev. 1.1131). > > http://www.freebsd.org/cgi/query-pr.cgi?pr=103313 That's VERY BAD method of fixing things. Package names should be changed, not vuln.xml! As cause of illness should always be cured, not the symptoms. And, after all, even that fix was partial: it fixed only jdk on fbsd 6 - my fbsd 5 IS STILL "vulnerable". And this is only jdk, but we have the same problem with jre. And not only for i386, but for amd64 also - 6 packages total, not 1. -- WBR, Vadim Goncharov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?optfzidkw74fjv08>