https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240227
Bug ID: 240227
Summary: lang/ruby24: 2.4.7,1 still marked as vulnerable
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: r...@freebsd.org
Reporter: trond.endres...@ximalas.info
Flags: maintainer-feedback?(r...@freebsd.org)
Assignee: r...@freebsd.org
I believe the PORTEPOCH has to go in the entry for RDoc.
$ pkg audit -Fr
vulnxml file up-to-date
ruby-2.4.7,1 is vulnerable:
RDoc -- multiple jQuery vulnerabilities
CVE: CVE-2015-9251
CVE: CVE-2012-6708
WWW:
https://vuxml.FreeBSD.org/freebsd/ed8d5535-ca78-11e9-980b-999ff59c22ea.html
Packages that depend on ruby: ruby24-bdb, dtrace-toolkit, portupgrade
1 problem(s) in 1 installed package(s) found.
I.e.:
<package>
<name>ruby</name>
<range><ge>2.4.0</ge><lt>2.4.7,1</lt></range>
<range><ge>2.5.0</ge><lt>2.5.6,1</lt></range>
<range><ge>2.6.0</ge><lt>2.6.3,1</lt></range>
</package>
should be:
<package>
<name>ruby</name>
<range><ge>2.4.0</ge><lt>2.4.7</lt></range>
<range><ge>2.5.0</ge><lt>2.5.6</lt></range>
<range><ge>2.6.0</ge><lt>2.6.3</lt></range>
</package>
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-ruby@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ruby
To unsubscribe, send any mail to "freebsd-ruby-unsubscr...@freebsd.org"
