Subject: Re: CVS commit: pkgsrc/mk/bulk
To: Lubomir Sedlacik <salo@Xtrmntr.org>
From: Jan Schaumann <jschauma@netmeister.org>
List: pkgsrc-changes
Date: 02/20/2007 16:49:30
--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Lubomir Sedlacik <salo@Xtrmntr.org> wrote:
> On Tue, Feb 20, 2007 at 10:33:51AM -0800, Jan Schaumann wrote:
> > Joerg Sonnenberger <joerg@britannica.bec.de> wrote:
> > > On Tue, Feb 20, 2007 at 06:46:20AM +0000, Jan Schaumann wrote:
> > > > Log Message:
> > > > Only invoke audit-packages if we do find the package-name prefix in
> > > > the vulnerabilities file.
> > >=20
> > > I don't think this is correct due to the way csh-style patterns work.
> >=20
> > I'm not sure I follow.  Could you elaborate?
>=20
> you'll miss patterns like these:
>=20
> {ap-,}php<4.4.0nb1              	local-security-bypass	http://cve.mitre.o=
rg/cgi-bin/cvename.cgi?name=3DCAN-2005-3054

Yes, wiz already pointed that out to me.  I'll fix that tonight.

-Jan

--=20
"The last time anybody made a list of the top hundred character
attributes of New Yorkers, common sense snuck in at number 79."

--/04w6evG8XlLl3ft
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)

iD8DBQFF25cafFtkr68iakwRAtqpAJ0VrlmvBSpk8myZAFYpPKnkPScbNwCdHH7U
qZtYBFXyaGywIPDerc0odWU=
=52y5
-----END PGP SIGNATURE-----

--/04w6evG8XlLl3ft--