Site Navigation

Date:      Sun, 6 Oct 2019 07:42:01 +0200
From:      Tobias Kortkamp <tobik@freebsd.org>
To:        Cy Schubert <cy@freebsd.org>
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r513861 - head/security/vuxml
Message-ID:  <20191006054201.GA62549@urd.tobik.me>
In-Reply-To: <201910060148.x961mok1058065@repo.freebsd.org>
References:  <201910060148.x961mok1058065@repo.freebsd.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Oct 06, 2019 at 01:48:50AM +0000, Cy Schubert wrote:
> Author: cy
> Date: Sun Oct  6 01:48:49 2019
> New Revision: 513861
> URL: https://svnweb.freebsd.org/changeset/ports/513861
>=20
> Log:
>   Document two new Xpdf vulnerabilities: CVE-2019-16927 and CVE-2019-9877.
>  =20
>   PR:		241066
>   Security:	https://nvd.nist.gov/vuln/detail/CVE-2019-16927
>   Security:	https://nvd.nist.gov/vuln/detail/CVE-2019-9877
>   Security:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-9877
>   Security:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-169=
27
>=20
> Modified:
>   head/security/vuxml/vuln.xml
>=20
> Modified: head/security/vuxml/vuln.xml
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/security/vuxml/vuln.xml	Sun Oct  6 01:42:14 2019	(r513860)
> +++ head/security/vuxml/vuln.xml	Sun Oct  6 01:48:49 2019	(r513861)
> @@ -58,6 +58,49 @@ Notes:
>    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>  -->
>  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">;
> +  <vuln vid=3D"791e8f79-e7d1-11e9-8b31-206a8a720317">
> +    <topic>Xpdf -- Multiple Vulnerabilities</topic>
> +    <affects>
> +      <package>
> +	<name>xpdf</name>
> +	<range><lt>4.02</lt></range>
> +      </package>
> +      <package>
> +	<name>xpdf4</name>
> +	<range><lt>4.02</lt></range>

Hi,

the version range for xpdf4 (and maybe xpdf) is wrong.  graphics/xpdf4
has PORTEPOCH=3D1, so it should be

	<range><lt>4.02,1</lt></range>

Otherwise nobody will ever see this entry with pkg audit:

$ pkg audit -f vuln.xml xpdf4-4.01_2,1
0 problem(s) in 0 installed package(s) found.


--8t9RHnE3ZwKMSgU+
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGTBAEBCgB9FiEElXvTEJc6ePgdQuobpPCftzzFH2EFAl2ZfqdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk1
N0JEMzEwOTczQTc4RjgxRDQyRUExQkE0RjA5RkI3M0NDNTFGNjEACgkQpPCftzzF
H2Ffagf8Dw9R+G3GrRLXDliYnkPNPlKYYTT0HEJpd16RCXaPKP9T6ahebq7tWCUW
0VhvKCYuBx/ffVwIjIHodti0w5iTmhbDikgpL89fMMcvNY1MiKK+gq4RKUlwkAks
Vti2yEneJu0miNPOD3G4kDFkQgE0sNRsCmERTLaUyyt6ne/6zc+QBbXeqNzCvtMv
gh6/fAb5O0ccOvIE5WODpBQY5TdkQUjIjuwVIwFEH1KtJlRTO+hNA61MTk095f92
mjXvfU6XGvX01m1ElLCBTBq6LNhLFIz0HeeVcxIxCQqTeERrTzp6XbD0rh/SChPv
xPWTw+hl9VPYa2XqWmo36FCXgaTI8w==
=ecsE
-----END PGP SIGNATURE-----

--8t9RHnE3ZwKMSgU+--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191006054201.GA62549>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact