Date: Fri, 31 Aug 2018 10:21:40 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 231054] vuln.xml fix for wrong entry for wpa_supplicant (bad version range) Message-ID: <bug-231054-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D231054 Bug ID: 231054 Summary: vuln.xml fix for wrong entry for wpa_supplicant (bad version range) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: 000.fbsd@quip.cz vuln.xml in revision 477201 has entry vid=3D"6bedc863-9fbe-11e8-945f-206a8a720317" for wpa_supplicant -- unauthenticated encrypted EAPOL-Key data It affects base too and there are FreeBSD version range identifiers. Because there is no "ge" specified, pkg audit FreeBSD-10.4_11 says it is vulnerable even if this was fixed in 10.4-p10 --- vuln.xml.orig 2018-08-30 03:02:57.656941000 +0200 +++ vuln.xml 2018-08-31 12:13:53.564345000 +0200 @@ -525,8 +525,8 @@ </package> <package> <name>FreeBSD</name> - <range><le>10.4_10</le></range> - <range><le>11.2_1</le></range> + <range><ge>10.4</ge><le>10.4_10</le></range> + <range><ge>11.2</ge><le>11.2_1</le></range> </package> </affects> <description> credit goes to Dan Lukes who noted this in private discussion --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-231054-7788>