From owner-freebsd-vuxml@FreeBSD.ORG  Sun Sep 26 23:34:55 2004
Return-Path: <owner-freebsd-vuxml@FreeBSD.ORG>
Delivered-To: freebsd-vuxml@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id EC56D16A4CE; Sun, 26 Sep 2004 23:34:55 +0000 (GMT)
Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id AC10F43D31; Sun, 26 Sep 2004 23:34:55 +0000 (GMT)
	(envelope-from dan@langille.org)
Received: from wocker (wocker.unixathome.org [192.168.0.99])
	by bast.unixathome.org (Postfix) with ESMTP id 286A73D37;
	Sun, 26 Sep 2004 19:34:50 -0400 (EDT)
From: "Dan Langille" <dan@langille.org>
To: "Jacques A. Vidrine" <nectar@FreeBSD.org>
Date: Sun, 26 Sep 2004 19:34:50 -0400
MIME-Version: 1.0
Message-ID: <415719DA.21902.73F1F41@localhost>
Priority: normal
In-reply-to: <20040926180436.GA20112@madman.celabo.org>
References: <20040925221034.T54484@xeon.unixathome.org>
	<4155A7A2.15775.198F30A@localhost>
X-mailer: Pegasus Mail for Windows (v4.12a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
cc: freebsd-vuxml@freebsd.org
Subject: Re: vuxml corrections (was Re: FreshPorts :: VuXML -
	6e740881-0cae-11d9-8a8a-000c41e2cdad)
X-BeenThere: freebsd-vuxml@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Documenting security issues in VuXML <freebsd-vuxml.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-vuxml>
List-Post: <mailto:freebsd-vuxml@freebsd.org>
List-Help: <mailto:freebsd-vuxml-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Sep 2004 23:34:56 -0000

On 26 Sep 2004 at 13:04, Jacques A. Vidrine wrote:

> Thanks for catching and reporting these, Dan!

I think we might be able to add VuXML sanity checking to FreshPorts 
if we can come up with some rules, or simple concepts.

I'm only catching them because I'm looking closely at the results.

> On Sat, Sep 25, 2004 at 05:15:14PM -0400, Dan Langille wrote:
> > Hi folks,
> >
> > I'm looking for additional pairs of eyes to verify that FreshPorts
> > has marked the correct commits for:
> >
> >     6e740881-0cae-11d9-8a8a-000c41e2cdad
> >
> > The FreshPorts pages to view are:
> >
> > <http://beta.freshports.org/www/mozilla/>
> >
> > Nothing affect by this vuln.  It seems the affecte versions where
> > never put into our tree.  Ranges are:
> >
> >   <range><ge>1.7.a,2</ge><lt>1.7</lt></range>
> >   <range><ge>1.8.a,2</ge><lt>1.8.a2,2</lt></range>
> >
> > Should that top one be 1.7,2 not 1.7?
> 
> Yep!  Corrected.

Good.  Then I'm beginning to get a handle on what ranges should be 
when an EPOCH is involved.

> > There are two packages with the name mozilla.  In addition to the URL
> > listed above, see also:
> >
> > <http://beta.freshports.org/www/mozilla-devel/>
> >
> > Nothing affecte there.  We have only 1.4b-1.6a in the tree.  Looks
> > good.
> 
> I think I misunderstood something.  We certainly have later versions,
> and the referenced page lists them, e.g. mozilla-1.8.a3,2.

I don't know now.  Perhaps I should run it again with just the one 
vuln in question.  That's later this week.

I have rerun the FreshPorts VuXML with the latest vuln.xml file.  I 
will review the commits later in the week.



-- 
Dan Langille : http://www.langille.org/
BSDCan - The Technical BSD Conference - http://www.bsdcan.org/