Date: Thu, 2 Apr 2020 12:21:59 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r530364 - head/security/vuxml Message-ID: <202004021221.032CLxq2058381@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Thu Apr 2 12:21:59 2020 New Revision: 530364 URL: https://svnweb.freebsd.org/changeset/ports/530364 Log: Fix rubygem-json entry (40194e1c-6d89-11ea-8082-80ee73419af3) rubygem-json 2.3.0 was erroneously marked as vulnerable. % cd /usr/ports/devel/rubygem-json % make fetch ===> rubygem-json-2.3.0 has known vulnerabilities: rubygem-json-2.3.0 is vulnerable: rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) CVE: CVE-2020-10663 WWW: https://vuxml.FreeBSD.org/freebsd/40194e1c-6d89-11ea-8082-80ee73419af3.html 1 problem(s) in 1 installed package(s) found. => Please update your ports tree and try again. => Note: Vulnerable ports are marked as such even if there is no update available. => If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes' *** Error code 1 Stop. make: stopped in /usr/ports/devel/rubygem-json Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Apr 2 12:20:36 2020 (r530363) +++ head/security/vuxml/vuln.xml Thu Apr 2 12:21:59 2020 (r530364) @@ -293,7 +293,7 @@ Notes: <affects> <package> <name>rubygem-json</name> - <range><le>2.3.0</le></range> + <range><lt>2.3.0</lt></range> </package> </affects> <description> @@ -325,6 +325,7 @@ Notes: <dates> <discovery>2020-03-19</discovery> <entry>2020-03-26</entry> + <modified>2020-04-02</modified> </dates> </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004021221.032CLxq2058381>