I was looking at BIND security issues today, and I noticed many of the vuln that have FreeBSD base system in it have bad ranges. For example: <vuln vid="3c90e093-7c6e-11e2-809b-6c626d99876c"> <topic>FreeBSD -- glob(3) related resource exhaustion</topic> <affects> <package> <name>FreeBSD</name> <range><gt>7.4</gt><lt>7.4_12</lt></range> <range><gt>8.3</gt><lt>8.3_6</lt></range> <range><gt>9.0</gt><lt>9.0_6</lt></range> <range><gt>9.1</gt><lt>9.1_1</lt></range> </package> I think the ranges should be, for instance, <ge>7.4</ge><lt>7.4_12</lt>, with ge, not gt. Also, there may be missing base SA in there.
taking this, will fit in nicely with my other work on SAs in vuxml
A commit references this bug: Author: feld Date: Tue Aug 9 20:36:35 UTC 2016 New revision: 419966 URL: https://svnweb.freebsd.org/changeset/ports/419966 Log: Update many historical vuxml entries for FreeBSD with incorrect ranges PR: 208522 Changes: head/security/vuxml/vuln.xml