vuxml 1.1_1 security =19

Vulnerability and eXposure Markup Language DTD
Maintained by: secteam@FreeBSD.org
Port Added: 12 Feb 2004 14:24:23
Also Listed In: textproc

---

---

VuXML (the Vulnerability and eXposure Markup Language) is an XML
application for documenting security bugs and corrections within
a software package collection such as the FreeBSD Ports Collection.
This port installs the DTDs required for validating VuXML documents.

CVSWeb : Sources : Distfiles Availability : PortsMon

---

Required To Run: textproc/xmlcatmgr, textproc/xhtml-modularization, textproc/xhtml-basic

---

To install the port: cd /usr/ports/security/vuxml/ && make install clean
To add the package: pkg_add -r vuxml

---

Configuration Options

     No options to configure

---

Master Sites:

http://www.vuxml.org/dtd/vuxml-1/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/vuxml/

Document django XSS vulnerability.

Document vorbis-tools Speex header processing vulnerability.

Document qemu -- "drive_init()" Disk Format Security Bypass

- Sort previous commit

Add graphics/swfdec entry.

Approved by:    erwin (mentor)

- Thunderbird 2.0.0.14 is safe

- Document mt-daapd -- Integer overflow

PR:             123285 (based on)
Submitted by:   Mark D. Foster <mark@foster.cc>

- Document sdl_image - Buffer Overflow Vulnerabilities

- Mark PHP5 as safe

- Mark graphics/png as safe.

- Fix last gnupg entry.

PR:             123178 [1]
Submitted by:   Nick Barkas (via privat mail)
                bf <bf2006a@yahoo.com> [1]

- Clean up whitespace a bit
- Wrap long lines where appropriate
- Add a vim-friendly modeline

- A new Firefox vulnerability currently affects 10 of our ports, on
  average. A new VuXML entry usually forgets about 8 of them.

Wiki:           http://wiki.freebsd.org/VuXML

- Update last python entry python23 and python24 also affected

PR:             123153
Submitted by:   Nick Barkas <snb@threerings.net>

- Mark gnupg and gnupg1 as secure

- Document gnupg -- memory corruption vulnerability

Document extman password bypass vulnerability.

- Document mailman -- script insertion vulnerability.

Submitted by:   tabthorpe (one a month ago)
Discussed/Reviewed by:  tabthorpe

- now really fix the CVE entry

- Fix CVE entry from the previous commit

- Document mksh -- TTY Attachment Privilege Escalation.

- Document serendipity -- multiple cross site scripting vulnerabilities.

- Document firefox -- javascript harbage collector vulnerability.

- Add missing - in the previous entry

- Remove whitespaces
- Fix spelling

- Document png - unknown chunk processing uninitialized memory access

- Document openfire - unspecified denial of service

PR:             122872 (based on)

- Document php -- Integer Overflow Vulnerability

PR:             based on 122872

- Document python -- Integer Signedness Error in zlib Module

Document postgresql -- multiple vulnerabilities

PR:             120133 (basic on)
Submitted by:   Nick Barkas <snb@threerings.net>

- Document phpMyAdmin - Shared Host Information Disclosure.

- Document phpMyAdmin - Username/Password Session File Information Disclosure.

- Document libxine -- array index vulnerability

Reviewed by:    remko, miwi

Add an entry about clamav < 0.93 vulnerabilities

Reviewed by:    mnag

lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability

Add www/ikiwiki entry.

Approved by:    pav (co-mentor)

- Enrich Firefox 2.0.0.13 entry

- Use <mlist> as the references are mailing posts
- Correct discovery date

Noticed by:     simon

- Add entry for mail/postfix-policyd-weight

PR:             ports/122194
Reviewed by:    ports-security (miwi)

- Add entries for www/suphp and dns/powerdns-recursor

Reviewed by:    ports-security (remko, simon)

- Add entry for www/opera 9.26

PR:             ports/122400
Reviewed by:    remko, delphij

Document mozilla multiple vulnerabilities.

Reviewed by:    miwi, remko (via IRC)

Document buffer overflow in silc-client and silc-server.

Reviewed by:    remko
Approved by:    garga (mentor)

Document bzip2 crash with certain malformed archive files

- Ups remove duplicate url

- Fix previos commit
   * sort
   * more reference

Document qemu -- unchecked block read/write vulnerability

Reviewed by:    stas

- Fix previous commit
  * sort
  * more reference

- Add entry for dovecot

- Fix 2 typos form the previous commit

Submitted by:   simon/gahr

- Document mplayer - multiple vulnerabilities

- Entry for ghostscrip-gpl 8.61

Reviewed by:    ports-security@ (simon, remko)

- Document phpmyadmin -- SQL injection vulnerability

Reviewed by:    simon

- Document pcre -- buffer overflow vulnerability

PR:             ports/121224
Submitted by:   Nick Barkas <snb threerings.net>

- Document libxine -- buffer overflow vulnerability

Reviewed by:    miwi

- Mark mail/up-imapproxy as safe

Submitted by:   Abdullah Ibn Hamad Al-Marri <wearabnet@yahoo.ca>

- Document coppermine -- multiple vulnerabilities.

Reviewed by:    miwi

- Fix previous commit (use now <bid>)

- Document moinmoin -- multiple vulnerabilities.

Reviewed by:    remko

Document opera -- multiple vulnerabilities.

Document mozilla -- multiple vulnerabilities.

Document openldap modrdn DoS vulnerability

Document clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability

Submitted by:   "Eygene Ryabinkin" <rea-fbsd at codelabs dot ru>

- Fix previous commit

Discussed with: remko

Bump modification date for latest change.

xfce4-panel, libxfce4gui - mark the security problem which existed in 4.4.1 "<
4.4.2"

Noted by:       Carl Johan Gustavsson <carl.gustavsson@bahnhofbredband.se>

- mark claws-mail as safe

- Document a cacti vulnerability

Add entry for www/ikiwiki.

Approved by:    erwin (mentor)

- Fix grammar for www/zenphoto description

- Document www/zenphoto

Reviewed by:    remko

- Fix a typo

Submitted by:   antoine@

- Document jetty -- multiple vulnerability

PR:             120171
Submitted by:   Nick Barkas <snb@threerings.net>

- Bump modified from previous commit

Fix name of irc/dircproxy package.

Hat:            portmgr

Document libxine -- buffer overflow vulnerability.

Document xorg -- multiple vulnerabilities.

Reviewed by:    miwi

- Fix discovery line from the previous commit :(

- Document xfce -- multiple vulnerabilities

- Document claws-mail -- insecure temporary file creation

- Add modified date for previous commit

- Fix freeradius-devel entry, narrow down range to prevent affect later versions

PR:             ports/119582
Submitted by:   David Wood <david AT wood2.org.uk>
Reviewed by:    pav

- Fix previous commit (whitespaces, sorting)

- Add entry for ircservices

PR:             ports/119769
Approved by:    linimon (mentor)

Document libxine -- buffer overflow vulnerability.

Update the "firebird" entry to properly match corrected versions.

- Fix <name> sections from both previous committs

- Fix previous commit
  - Mark geeklog as safe
  - add cve

Reviewed by:    remko

- Document XSS vulnerability in geeklog 1.4.0

Reviewed by:    remko

- This vulnerability exists in PHP versions prior to 4.4.8, not
  after. Fix the entry.

Reported by:    Vadim Goncharov <vadimnuclight@tpu.ru>

Document multiple drupal issues.

Submitted by:   Nick Hilliard <nick@foobar.org>

- Document maradns -- CNAME record resource rotation denial of service

PR:             ports/119471 (based on)
Submitted by:   Mark D. Foster <mark@foster.cc>
Reviewed by:    simon

- Mark security/lsh as safe

Update php multiple vulnerability entry: revalent bugs were fixed in PHP 4.4.8.

- Fix linux-realplayer new version

- Fix range for linux-flahsplugin

- linux-realplayer -- multiple vulnerabilities

- linux-flashplugin -- multiple vulnerabilities

- Fix the last tcl/tk entry for portaudit.

Submitted by:   mm@
Reviewed by:    simon

Document dovecot specific LDAP + auth cache configuration may mix up user logins
vulnerability

8 vulnerabilities affecting 22 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities