Hello, recently added record for roundcube is specified as <affects> <package> <name>roundcube</name> <range><lt>1.6.11</lt></range> </package> </affects> but no such application (roundcube-1.6.*) is in portstree. Shouldn´t this be changed to something like <affects> <package> <name>roundcube-php81</name> <range><lt>1.6.11</lt></range> </package> </affects> <affects> <package> <name>roundcube-php82</name> <range><lt>1.6.11</lt></range> </package> </affects> <affects> <package> <name>roundcube-php83</name> <range><lt>1.6.11</lt></range> </package> </affects> <affects> <package> <name>roundcube-php84</name> <range><lt>1.6.11</lt></range> </package> </affects> ?
Thanks for reporting. Yes, ports that "USES flavors" should define the names of the flavored packages.
Fixed, Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9601584a5ac74fc289663f36d23b43a3a2944e13 commit 9601584a5ac74fc289663f36d23b43a3a2944e13 Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2025-06-05 16:00:03 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2025-06-05 16:00:03 +0000 security/vuxml: Correct roundcube entry Flavored ports should include all package names in the VuXML entry. PR: 287306 Reported by: Tomáš Čiernik <tomas@ciernik.sk> security/vuxml/vuln/2025.xml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)