Bug 270795 - security/vuxml: taking port flavours into account in recent new entries
Summary: security/vuxml: taking port flavours into account in recent new entries
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Philip Paeps
URL: https://github.com/HubTou/pysec2vuxml
Keywords: security
Depends on:
Blocks:
 
Reported: 2023-04-12 17:25 UTC by Hubert Tournier
Modified: 2024-02-15 10:05 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Corrections to /usr/ports/security/vuxml/vuln/2023.xml (17.07 KB, patch)
2023-04-12 17:25 UTC, Hubert Tournier 		no flags Details | Diff
Corrections to /usr/ports/security/vuxml/vuln/2021.xml (1.16 KB, patch)
2023-04-12 17:26 UTC, Hubert Tournier 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hubert Tournier 2023-04-12 17:25:43 UTC 
Created attachment 241442 [details]
Corrections to /usr/ports/security/vuxml/vuln/2023.xml

Add Python flavours support for recent new VuXML entries,
plus entries factorisation,
plus 1 correction for a wrongly named port (pyXX-redis instead of pyXX-redis2 and pyXX-redis3).

And in a second patch an update for a 2021 entry (for pyXX-pysaml2 extended to py-pysaml24) which was not spotted due to different package names.
Comment 1 Hubert Tournier 2023-04-12 17:26:32 UTC 
Created attachment 241443 [details]
Corrections to /usr/ports/security/vuxml/vuln/2021.xml

Second patch
Comment 2 Hubert Tournier 2023-04-12 17:32:02 UTC 
Note that in the 2021 patch I did not mark py-pysaml26 versions as vulnerable as the currently available version is corrected, but versions between 6.0.0 and  6.4.* were vulnerable.
Comment 3 Jochen Neumeister freebsd_committer freebsd_triage 2024-02-12 12:59:24 UTC 
Is this PR still relevant or can it be closed?
Comment 4 Hubert Tournier 2024-02-15 10:05:29 UTC 
I believe it is still relevant.
It corrects errors in the VuXML database, some on which were introduced by me (sorry for that!)