253828 – security/vuxml: Update vulnerabilities in ruby, jruby

Bug 253828 - security/vuxml: Update vulnerabilities in ruby, jruby

Summary: security/vuxml: Update vulnerabilities in ruby, jruby

Status:	Open

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Ports Security Team

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-02-24 21:54 UTC by Thomas Hurst
Modified:	2021-02-25 04:33 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Incomplete patch, modifying 3 entries and adding 1 (3.57 KB, patch) 2021-02-24 21:54 UTC, Thomas Hurst	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Hurst 2021-02-24 21:54:30 UTC

Created attachment 222802 [details]
Incomplete patch, modifying 3 entries and adding 1

Some Ruby-only entries also needed to apply to JRuby.  A Ruby entry was also missing.

The patch is incomplete - in particular the ruby versions likely need tweaking to match the port versions.  Sadly I'm a bit stuck because I can't get pkg to parse it and make validate hangs with:

/usr/local/bin/xmllint --valid --noout /usr/local/poudriere/ports/default/security/vuxml/vuln-flat.xml
/usr/local/share/xml/catalog.ports:1: parser error : Start tag expected, '<' not found
PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-

A plain parse-only xmllint passes fine so I'm not really sure what's going on.

Comment 1 Li-Wen Hsu freebsd_committer

2021-02-25 04:33:33 UTC

Also add maintainers because everyone is welcomed to update vuxml, and more encouraged by the maintainers.