FreeBSD Mail Archives

Date:      Sun, 20 Feb 2011 20:12:52 +0100
From:      Matthias Andree <mandree@FreeBSD.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        secteam@FreeBSD.org
Subject:   ports/154918: [PATCH] security/vuxml: fix up b0rked linux-sun-jdk entries
Message-ID:  <E1PrEiC-000IHT-6t@apollo.emma.line.org>
Resent-Message-ID: <201102201920.p1KJK7QQ026132@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         154918
>Category:       ports
>Synopsis:       [PATCH] security/vuxml: fix up b0rked linux-sun-jdk entries
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 20 19:20:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 8.2-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD apollo.emma.line.org 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #61: Tue Feb 15 23:03:47 CET 2011
>Description:
Fix bogus linux-sun-jdk entries to avoid bogus linux-sun-jdk16 vuln.
Do this by splitting lines to make sure that ranges for 1.5.* do not span
different PORTEPOCH values. Note I've researched the actually issued
portrevisions, so the (eq) tags would be safe.

Port maintainer (secteam@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:

--- vuxml-1.1_1.patch begins here ---
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.2312
diff -u -u -r1.2312 vuln.xml
--- vuln.xml	20 Feb 2011 05:04:28 -0000	1.2312
+++ vuln.xml	20 Feb 2011 18:16:53 -0000
@@ -22381,8 +22381,10 @@
 	<name>linux-sun-jdk</name>
 	<range><ge>1.3.0</ge><lt>1.3.1.20</lt></range>
 	<range><ge>1.4.0</ge><lt>1.4.2.16</lt></range>
-	<range><ge>1.5.0</ge><lt>1.6.0.03</lt></range>
-	<range><ge>1.5.0.b1,1</ge><lt>1.5.0.13,2</lt></range>
+	<range><eq>1.5.0.b1</eq></range>
+	<range><eq>1.5.0.b1,1</eq></range>
+	<range><ge>1.5.0,2</ge><lt>1.5.0.13,2</lt></range>
+	<range><ge>1.6.0</ge><lt>1.6.0.03</lt></range>
       </package>
     </affects>
     <description>
@@ -43380,7 +43382,9 @@
       <package>
 	<name>linux-sun-jdk</name>
 	<range><le>1.4.2.08_1</le></range>
-	<range><ge>1.5.*</ge><le>1.5.2.02,2</le></range>
+	<range><eq>1.5.0b1</eq></range>
+	<range><eq>1.5.0b1,1</eq></range>
+	<range><ge>1.5.0,2</ge><le>1.5.0.02,2</le></range>
       </package>
       <package>
 	<name>linux-blackdown-jdk</name>
--- vuxml-1.1_1.patch ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1PrEiC-000IHT-6t>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation