208522 – security/vuxml: many vuln regarding the base system use bad ranges

Bug 208522 - security/vuxml: many vuln regarding the base system use bad ranges

Summary: security/vuxml: many vuln regarding the base system use bad ranges

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Ports Framework (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Mark Felder

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-04-04 17:09 UTC by Mathieu Arnold
Modified:	2016-08-09 20:38 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mathieu Arnold freebsd_committer

2016-04-04 17:09:34 UTC

I was looking at BIND security issues today, and I noticed many of the vuln that have FreeBSD base system in it have bad ranges.  For example:

  <vuln vid="3c90e093-7c6e-11e2-809b-6c626d99876c">
    <topic>FreeBSD -- glob(3) related resource exhaustion</topic>
    <affects>
      <package>
        <name>FreeBSD</name>
        <range><gt>7.4</gt><lt>7.4_12</lt></range>
        <range><gt>8.3</gt><lt>8.3_6</lt></range>
        <range><gt>9.0</gt><lt>9.0_6</lt></range>
        <range><gt>9.1</gt><lt>9.1_1</lt></range>
      </package>


I think the ranges should be, for instance, <ge>7.4</ge><lt>7.4_12</lt>, with ge, not gt.

Also, there may be missing base SA in there.

Comment 1 Mark Felder freebsd_committer

2016-08-09 17:46:13 UTC

taking this, will fit in nicely with my other work on SAs in vuxml

Comment 2 commit-hook freebsd_committer

2016-08-09 20:36:48 UTC

A commit references this bug:

Author: feld
Date: Tue Aug  9 20:36:35 UTC 2016
New revision: 419966
URL: https://svnweb.freebsd.org/changeset/ports/419966

Log:
  Update many historical vuxml entries for FreeBSD with incorrect ranges

  PR:		208522

Changes:
  head/security/vuxml/vuln.xml