Bug 206759 - [patch update] security/vuxml: fix ftp/curl version range bug for CVE-2016-0755
Summary: [patch update] security/vuxml: fix ftp/curl version range bug for CVE-2016-0755
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ports Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-30 14:55 UTC by Kurt Jaeger
Modified: 2016-01-31 11:58 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)

Attachments
patch (17.29 KB, patch)
2016-01-30 14:55 UTC, Kurt Jaeger 		no flags Details | Diff
patch (465 bytes, patch)
2016-01-30 15:21 UTC, Kurt Jaeger 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kurt Jaeger freebsd_committer freebsd_triage 2016-01-30 14:55:32 UTC 
Created attachment 166302 [details]
patch

Testbuilds 11a, 10.2a+i, 9.3a are OK.

vuln.xml file has a bug, too.

--- vuln.xml.orig       2016-01-30 15:53:03.521228000 +0100
+++ vuln.xml    2016-01-30 15:53:07.036119000 +0100
@@ -608,8 +608,7 @@
     <affects>
       <package>
        <name>curl</name>
-       <range><ge>7.10.0</ge></range>
-       <range><lt>7.47.0</lt></range>
+       <range><ge>7.10.0</ge><lt>7.47.0</lt></range>
       </package>
     </affects>
     <description>
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2016-01-30 15:08:51 UTC 
@Kurt, can you attach this at bug 206756 please

*** This bug has been marked as a duplicate of bug 206756 ***
Comment 2 Kurt Jaeger freebsd_committer freebsd_triage 2016-01-30 15:21:23 UTC 
Created attachment 166305 [details]
patch

This fixes the vuxml range error for ftp/curl
Comment 3 Kurt Jaeger freebsd_committer freebsd_triage 2016-01-30 15:24:38 UTC 
Reuse the PR for the vuxml bug.
Comment 4 Kurt Jaeger freebsd_committer freebsd_triage 2016-01-31 11:58:35 UTC 
Fixed in r407535.