Date: Sat, 31 Aug 2019 08:12:51 +0000 From: bugzilla-noreply@freebsd.org To: ruby@FreeBSD.org Subject: maintainer-feedback requested: [Bug 240227] lang/ruby24: 2.4.7,1 still marked as vulnerable Message-ID: <bug-240227-21402-LYxcK3sYH5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-240227-21402@https.bugs.freebsd.org/bugzilla/> References: <bug-240227-21402@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-ruby mailing l= ist <ruby@FreeBSD.org> for maintainer-feedback: Bug 240227: lang/ruby24: 2.4.7,1 still marked as vulnerable https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240227 --- Description --- I believe the PORTEPOCH has to go in the entry for RDoc. $ pkg audit -Fr vulnxml file up-to-date ruby-2.4.7,1 is vulnerable: RDoc -- multiple jQuery vulnerabilities CVE: CVE-2015-9251 CVE: CVE-2012-6708 WWW: https://vuxml.FreeBSD.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html Packages that depend on ruby: ruby24-bdb, dtrace-toolkit, portupgrade 1 problem(s) in 1 installed package(s) found. I.e.: <package> <name>ruby</name> <range><ge>2.4.0</ge><lt>2.4.7,1</lt></range> <range><ge>2.5.0</ge><lt>2.5.6,1</lt></range> <range><ge>2.6.0</ge><lt>2.6.3,1</lt></range> </package> should be: <package> <name>ruby</name> <range><ge>2.4.0</ge><lt>2.4.7</lt></range> <range><ge>2.5.0</ge><lt>2.5.6</lt></range> <range><ge>2.6.0</ge><lt>2.6.3</lt></range> </package>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240227-21402-LYxcK3sYH5>