Can somebody commit this easy fix, please?
It is annoying to get false alarms every day in daily security reports.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231054
Kind Regards
Miroslav Lachman
Miroslav Lachman wrote on 2018/08/31 12:24:
Miroslav Lachman wrote on 2018/08/28 00:20:
Running pkg audit FreeBSD-10.4_11 gives me one vulnerability:
# pkg audit FreeBSD-10.4_11
FreeBSD-10.4_11 is vulnerable:
wpa_supplicant -- unauthenticated encrypted EAPOL-Key data
CVE: CVE-2018-14526
WWW:
https://vuxml.FreeBSD.org/freebsd/6bedc863-9fbe-11e8-945f-206a8a720317.html
1 problem(s) in the installed packages found.
But information on the page shows it was fixed in 10.4-p10:
Affected packages
wpa_supplicant < 2.6_2
FreeBSD <= 10.4_10
FreeBSD <= 11.2_1
So... was it really fixed? Is there incorrect info in VuXML database
file or on the web page?
As noted privately by Dan Lukes, there is wrong entry in vuln.xml -
missing < 10.4 and < 11.2 (start of the range)
--- vuln.xml.orig 2018-08-30 03:02:57.656941000 +0200
+++ vuln.xml 2018-08-31 12:13:53.564345000 +0200
@@ -525,8 +525,8 @@
</package>
<package>
<name>FreeBSD</name>
- <range><le>10.4_10</le></range>
- <range><le>11.2_1</le></range>
+ <range><ge>10.4</ge><le>10.4_10</le></range>
+ <range><ge>11.2</ge><le>11.2_1</le></range>
</package>
</affects>
<description>
See PR 231054.
Miroslav Lachman
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
