Bug 199037
| Summary: | security/apache-xml-security-c: add CPE information | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | shun <shun.fbsd.pr> | ||||||
| Component: | Individual Port(s) | Assignee: | Palle Girgensohn <girgen> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | CC: | w.schwarzenfeld | ||||||
| Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(girgen) |
||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
|
Description
shun
2015-03-30 17:08:51 UTC
Is the entry 'CPE_PRODUCT= xml_security_for_c%2b%2b' really a valid one? (In reply to Bartek Rutkowski from comment #1) Yes, I am pretty sure. You can check the CPE dictionary here[0]. [0] https://nvd.nist.gov/cpe.cfm (In reply to shun from comment #2) I did and in fact I cant find such string, there's only xml_security_for_c\+\+, like that 'cpe:2.3:a:apache:xml_security_for_c\+\+:0.1.0:*:*:*:*:*:*:*' This is very confusing indeed.: %2b is the URL rewrite for a '+'. NIST changed from %2b to \+ between 2.2 and 2.3: https://web.nvd.nist.gov/view/cpe/detail?keyword=xml_security_for&nonDeprecatedOnly=true&namingFormat=2.3&officialOnly=true&startIndex=0&cpeId=199996 I have no idea how to set it up correctly in the ports tree? How can I verify that the CPE id is correct? Created attachment 161085 [details]
adding CPE 2.3 information to Makefile
updates CPE product string to 2.3
Any advance here? Committed CPE tags for apache-xml-security-c. Thanks! |
