Bug 270795
| Summary: | security/vuxml: taking port flavours into account in recent new entries | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Hubert Tournier <hubert.tournier> | ||||||
| Component: | Individual Port(s) | Assignee: | Philip Paeps <philip> | ||||||
| Status: | In Progress --- | ||||||||
| Severity: | Affects Many People | CC: | fernape, joneum, philip, trasz | ||||||
| Priority: | --- | Keywords: | security | ||||||
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(ports-secteam) |
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://github.com/HubTou/pysec2vuxml | ||||||||
| See Also: |
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270723 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270739 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270744 |
||||||||
| Attachments: |
|
||||||||
Created attachment 241443 [details]
Corrections to /usr/ports/security/vuxml/vuln/2021.xml
Second patch
Note that in the 2021 patch I did not mark py-pysaml26 versions as vulnerable as the currently available version is corrected, but versions between 6.0.0 and 6.4.* were vulnerable. Is this PR still relevant or can it be closed? I believe it is still relevant. It corrects errors in the VuXML database, some on which were introduced by me (sorry for that!) Hi Hubert, I appreciate the effort. We should aim to have the best VuXML database that we possibly can. In this case, I think it might cause unnecessary churn. Most (I didn't check all) of the ports affected by this change will not have effect in the users. The ports have move forward and are many versions ahead of these changes. Cc:ing trasz@. Edward has been working on updates to the vuxml format. If we're making changes - flavours are something to keep in mind too. |
Created attachment 241442 [details] Corrections to /usr/ports/security/vuxml/vuln/2023.xml Add Python flavours support for recent new VuXML entries, plus entries factorisation, plus 1 correction for a wrongly named port (pyXX-redis instead of pyXX-redis2 and pyXX-redis3). And in a second patch an update for a 2021 entry (for pyXX-pysaml2 extended to py-pysaml24) which was not spotted due to different package names.