Bug 270795
| Summary: | security/vuxml: taking port flavours into account in recent new entries | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Hubert Tournier <hubert.tournier> | ||||||
| Component: | Individual Port(s) | Assignee: | Philip Paeps <philip> | ||||||
| Status: | In Progress --- | ||||||||
| Severity: | Affects Many People | CC: | joneum, philip | ||||||
| Priority: | --- | Keywords: | security | ||||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(ports-secteam) |
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://github.com/HubTou/pysec2vuxml | ||||||||
| See Also: |
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270723 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270739 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744 |
||||||||
| Attachments: |
|
||||||||
Created attachment 241443 [details]
Corrections to /usr/ports/security/vuxml/vuln/2021.xml
Second patch
Note that in the 2021 patch I did not mark py-pysaml26 versions as vulnerable as the currently available version is corrected, but versions between 6.0.0 and 6.4.* were vulnerable. Is this PR still relevant or can it be closed? I believe it is still relevant. It corrects errors in the VuXML database, some on which were introduced by me (sorry for that!) |
Created attachment 241442 [details] Corrections to /usr/ports/security/vuxml/vuln/2023.xml Add Python flavours support for recent new VuXML entries, plus entries factorisation, plus 1 correction for a wrongly named port (pyXX-redis instead of pyXX-redis2 and pyXX-redis3). And in a second patch an update for a 2021 entry (for pyXX-pysaml2 extended to py-pysaml24) which was not spotted due to different package names.