|
»
correct versions for lang/ruby18?
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
correct versions for lang/ruby18?
by Dan Langille
::
Rate this Message:
Are the versions for ruby18 specified correctly here?
http://www.vuxml.org/freebsd/76562594-1f19-11db-b7d4- 0008743bf21a.html 1.6.* < ruby < 1.8.* 1.8.* < ruby < 1.8.4_9,1 1.6.* < ruby_static < 1.8.* 1.8.* < ruby_static < 1.8.4_9,1 Is that expected? Doesn't 1.8.* mean 1.8.4_9,1 is also affected? Perhaps 1.8.* should be 1.8 -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php _______________________________________________ freebsd-vuxml@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml To unsubscribe, send any mail to "freebsd-vuxml-unsubscribe@..." |
|
|
Re: correct versions for lang/ruby18?
by Simon L. Nielsen
::
Rate this Message:
On 2006.07.30 23:51:50 -0400, Dan Langille wrote:
> Are the versions for ruby18 specified correctly here? > > http://www.vuxml.org/freebsd/76562594-1f19-11db-b7d4-0008743bf21a.html > > 1.6.* < ruby < 1.8.* > 1.8.* < ruby < 1.8.4_9,1 > 1.6.* < ruby_static < 1.8.* > 1.8.* < ruby_static < 1.8.4_9,1 > > Is that expected? Doesn't 1.8.* mean 1.8.4_9,1 is also affected? > > Perhaps 1.8.* should be 1.8 That seems correct to me (it should better, I suggsted it ;-) ). "*" means basically the smallest possible version and "less than" is used, not "less than equal", so the above entries for 1.6 means any version larger than the smallest 1.6 and less than any 1.8 version. Of cause the above really could be minimized to "ruby < 1.8.4_9,1" and drop the 1.6 entry. The reason that wasn't done was to make it simpler to add fixed version info for 1.6 if that comes... There is also the sidenote that since ruby 1.8.* above does not include epoch 1 (,1 in version) and ruby 1.8 is now at port epoch 1 it could never match, since "lowest_version,1 > higest_version". The reason for using .* is to catch any beta version etc. (frankly I'm not really sure right now if it's really an issue for ruby here but I'm a bit to tired to really double check). You can see the problem here: [simon@zaphod:~] pkg_version -t 1.8.0.p1 '1.8.*' > [simon@zaphod:~] pkg_version -t 1.8.0.p1 1.8 < [simon@zaphod:~] pkg_version -t 1.8.0.p1 1.8.0 < Both portaudit and vxquery seems to agree that the entry is correct: [simon@eddie:vuxml] portaudit -q 'ruby-1.8.4_9,1' [simon@eddie:vuxml] portaudit -q 'ruby-1.8.4_8,1' ruby-1.8.4_8,1 [simon@eddie:vuxml] vxquery vuln.xml 'ruby-1.8.4_9,1' [simon@eddie:vuxml] vxquery vuln.xml 'ruby-1.8.4_8,1' Topic: ruby - multiple vulnerabilities Affects: 1.6.* < ruby < 1.8.* 1.8.* < ruby < 1.8.4_9,1 1.6.* < ruby_static < 1.8.* 1.8.* < ruby_static < 1.8.4_9,1 References: bid:18944 cvename:CVE-2006-3694 url:http://secunia.com/advisories/21009/ url:http://jvn.jp/jp/JVN%2383768862/index.html url:http://jvn.jp/jp/JVN%2313947696/index.html <URL:http://vuxml.freebsd.org/76562594-1f19-11db-b7d4-0008743bf21a.html> -- Simon L. Nielsen _______________________________________________ freebsd-vuxml@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml To unsubscribe, send any mail to "freebsd-vuxml-unsubscribe@..." |
| Free embeddable forum powered by Nabble | Forum Help |
