From mandree@FreeBSD.org  Sun Feb 20 19:12:53 2011
Return-Path: <mandree@FreeBSD.org>
Received: from apollo.emma.line.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by hub.freebsd.org (Postfix) with ESMTP id 1881F106564A;
	Sun, 20 Feb 2011 19:12:53 +0000 (UTC)
	(envelope-from mandree@FreeBSD.org)
Received: from mandree by apollo.emma.line.org with local (Exim 4.74 (FreeBSD))
	(envelope-from <mandree@FreeBSD.org>)
	id 1PrEiC-000IHT-6t; Sun, 20 Feb 2011 20:12:52 +0100
Message-Id: <E1PrEiC-000IHT-6t@apollo.emma.line.org>
Date: Sun, 20 Feb 2011 20:12:52 +0100
From: Matthias Andree <mandree@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: secteam@FreeBSD.org
Subject: [PATCH] security/vuxml: fix up b0rked linux-sun-jdk entries
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         154918
>Category:       ports
>Synopsis:       [PATCH] security/vuxml: fix up b0rked linux-sun-jdk entries
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    secteam
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 20 19:20:07 UTC 2011
>Closed-Date:    Fri Feb 25 14:02:27 UTC 2011
>Last-Modified:  Fri Feb 25 14:10:08 UTC 2011
>Originator:     Matthias Andree
>Release:        FreeBSD 8.2-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD apollo.emma.line.org 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #61: Tue Feb 15 23:03:47 CET 2011
>Description:
Fix bogus linux-sun-jdk entries to avoid bogus linux-sun-jdk16 vuln.
Do this by splitting lines to make sure that ranges for 1.5.* do not span
different PORTEPOCH values. Note I've researched the actually issued
portrevisions, so the (eq) tags would be safe.

Port maintainer (secteam@FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:

--- vuxml-1.1_1.patch begins here ---
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.2312
diff -u -u -r1.2312 vuln.xml
--- vuln.xml	20 Feb 2011 05:04:28 -0000	1.2312
+++ vuln.xml	20 Feb 2011 18:16:53 -0000
@@ -22381,8 +22381,10 @@
 	<name>linux-sun-jdk</name>
 	<range><ge>1.3.0</ge><lt>1.3.1.20</lt></range>
 	<range><ge>1.4.0</ge><lt>1.4.2.16</lt></range>
-	<range><ge>1.5.0</ge><lt>1.6.0.03</lt></range>
-	<range><ge>1.5.0.b1,1</ge><lt>1.5.0.13,2</lt></range>
+	<range><eq>1.5.0.b1</eq></range>
+	<range><eq>1.5.0.b1,1</eq></range>
+	<range><ge>1.5.0,2</ge><lt>1.5.0.13,2</lt></range>
+	<range><ge>1.6.0</ge><lt>1.6.0.03</lt></range>
       </package>
     </affects>
     <description>
@@ -43380,7 +43382,9 @@
       <package>
 	<name>linux-sun-jdk</name>
 	<range><le>1.4.2.08_1</le></range>
-	<range><ge>1.5.*</ge><le>1.5.2.02,2</le></range>
+	<range><eq>1.5.0b1</eq></range>
+	<range><eq>1.5.0b1,1</eq></range>
+	<range><ge>1.5.0,2</ge><le>1.5.0.02,2</le></range>
       </package>
       <package>
 	<name>linux-blackdown-jdk</name>
--- vuxml-1.1_1.patch ends here ---

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->secteam 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sun Feb 20 19:20:13 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154918 
State-Changed-From-To: open->feedback 
State-Changed-By: mandree 
State-Changed-When: Fri Feb 25 12:19:45 UTC 2011 
State-Changed-Why:  
awaiting maintainer approval 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154918 
State-Changed-From-To: feedback->closed 
State-Changed-By: mandree 
State-Changed-When: Fri Feb 25 14:02:26 UTC 2011 
State-Changed-Why:  
commit myself without secteam approval per porter's handbook 11.3.1, 
<http://www.freebsd.org/doc/en/books/porters-handbook/book.html#SECURITY-NOTIFY-VUXML-DB> 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154918 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/154918: commit references a PR
Date: Fri, 25 Feb 2011 14:01:20 +0000 (UTC)

 mandree     2011-02-25 14:01:15 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/vuxml       vuln.xml 
   Log:
   Fix broken linux-sun-jdk vulndb entries.
   
   VuXML:          18e5428f-ae7c-11d9-837d-000e0c2e438a
   VuXML:          c93e4d41-75c5-11dc-b903-0016179b2dd5
   PR:             ports/154918
   
   Revision  Changes    Path
   1.2315    +8 -4      ports/security/vuxml/vuln.xml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
