Summary: | security/vuxml: vuxml.org/freebsd entries not up to date / synchronised | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Dani I. <i.dani> |
Component: | Individual Port(s) | Assignee: | Ports Security Team <ports-secteam> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | brnrd, clusteradm, herbert, lwhsu, michael.glaus, mike.walker, riggs |
Priority: | --- | Flags: | riggs:
maintainer-feedback+
|
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Dani I.
2021-06-23 12:55:13 UTC
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=46119dd553f18833b20a76623029a24dd4948c58 commit 46119dd553f18833b20a76623029a24dd4948c58 Author: Li-Wen Hsu <lwhsu@FreeBSD.org> AuthorDate: 2021-06-24 10:30:56 +0000 Commit: Li-Wen Hsu <lwhsu@FreeBSD.org> CommitDate: 2021-06-24 10:30:56 +0000 security/vuxml: Fix CVS name for vid e4cd0b38-c9f9-11eb-87e1-08002750c711 This should fix vuxml.org build. PR: 256789 security/vuxml/vuln-2021.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) https://www.vuxml.org/freebsd/ gets updated again. It would be good if we can check cvename entry format in `make validate` target. Are you sure? -r--r--r-- 1 root wheel 6806644 17 Sep 03:39 /var/db/pkg/vuln.xml # pkg audit -F vulnxml file up-to-date This is a serious issue, isnt't it? Some entries were added during the past few days. Got the same problem. I did see that the CVE-Names for apache vulnerability (882a38f9-17dd-11ec-b335-d4c9ef517024) are formated wrong. The have "CVE-" twice in it. (In reply to michael.glaus from comment #4) Fixed the double CVE- in vuxml in 21298e34e651 Mentioned issues have been fixed. Closing. Please reopen in case something was overlooked. (In reply to Thomas Zander from comment #6) I kept this open as a reminder to improve the `make validate` to prevent the broken vuxml file stops vuxml.org update. Would it be better to create a new ticket for it? (In reply to Li-Wen Hsu from comment #7) I think it would be better to have a dedicated tracking bug for improving make validate. This bug 256789 was quite specific for an instance of the problem which has been resolved. |