Bugzilla Automation <bugzi...@freebsd.org> has asked freebsd-ruby mailing list <r...@freebsd.org> for maintainer-feedback: Bug 240227: lang/ruby24: 2.4.7,1 still marked as vulnerable https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240227
--- Description --- I believe the PORTEPOCH has to go in the entry for RDoc. $ pkg audit -Fr vulnxml file up-to-date ruby-2.4.7,1 is vulnerable: RDoc -- multiple jQuery vulnerabilities CVE: CVE-2015-9251 CVE: CVE-2012-6708 WWW: https://vuxml.FreeBSD.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html Packages that depend on ruby: ruby24-bdb, dtrace-toolkit, portupgrade 1 problem(s) in 1 installed package(s) found. I.e.: <package> <name>ruby</name> <range><ge>2.4.0</ge><lt>2.4.7,1</lt></range> <range><ge>2.5.0</ge><lt>2.5.6,1</lt></range> <range><ge>2.6.0</ge><lt>2.6.3,1</lt></range> </package> should be: <package> <name>ruby</name> <range><ge>2.4.0</ge><lt>2.4.7</lt></range> <range><ge>2.5.0</ge><lt>2.5.6</lt></range> <range><ge>2.6.0</ge><lt>2.6.3</lt></range> </package> _______________________________________________ freebsd-ruby@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ruby To unsubscribe, send any mail to "freebsd-ruby-unsubscr...@freebsd.org"
