vuxml 1.1_1 security =26

Vulnerability and eXposure Markup Language DTD
Maintained by: secteam@FreeBSD.org
Port Added: 12 Feb 2004 14:24:23
Also Listed In: textproc
License: not specified in port

VuXML (the Vulnerability and eXposure Markup Language) is an XML
application for documenting security bugs and corrections within
a software package collection such as the FreeBSD Ports Collection.
This port installs the DTDs required for validating VuXML documents.

CVSWeb : Sources : Distfiles Availability : PortsMon

---

NOTE: FreshPorts displays only required dependencies information. Optional dependencies are not covered.
Required To Run: textproc/xmlcatmgr, textproc/xhtml-modularization, textproc/xhtml-basic
There are no ports dependent upon this port

---

To install the port: cd /usr/ports/security/vuxml/ && make install clean
To add the package: pkg_add -r vuxml

---

Configuration Options

     No options to configure

---

Master Sites:

http://www.vuxml.org/dtd/vuxml-1/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/vuxml/

Inform users of the XSS issue in the latest version of WebCalendar.

It seems that there has been no response from the vendor
and users may want to switch to an alternate product that fits their needs.

Whitespace fixes.

- Document mozilla -- use after free in nsXBLDocumentInfo::ReadPrototypeBindings

Inform bip users of buffer overflow (CVE-2012-0806)

Inform users of the private information disclosure bug in surf (CVE-2012-0842)

Reviewed by:    dougb

Fix style

Reported by:    flo@ via irc

Document last glpi vulnerabilities

Submitted by:   Mathias Monnerville <mathias@monnerville.com> via email

Document new Chromium < 17.0.963.46 vulnerabilities.

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       fe1976c2-5317-11e1-9e99-00262d5ed8ee

Document Drupal core multiple vulnerabilities.

Fix up 3fd040be-4f0b-11e1-9e32-0025900931f by giving a better description.

Document "bugzilla" - multiple vulnerabilities.

Document PHP remote code vulnerability.

Add vuxml entry for mathopd directory traversal vulnerability.

PR:             164717
Submitted by:   Michiel Boland <michiel at boland dot org>
Security:       6e7ad1d7-4e27-11e1-8e12-90e6ba8a36a2

- adjust ordering for latest apache entry

Spotted by: remko

MITRE is spelled in all capital letters.

document latest Apache vulnerabilities

PR:     ports/164675
Reviewed by: crees, eadler
Approved by: crees (mentor)

document recent mozilla vulnerabilities

Correct versions for sudo format string vulnerability.

Noticed by:     pluknet@

Document sudo format string vulnerability.

Document missing FreeBSD Security Advisories:
- SA-11:01.mountd
- SA-11:04.compress
- SA-11:09.pam_ssh
- SA-11:10.pam

Modify existing entries to document (add/adjust modified tag for all):
- SA-11:06.bind
  - Add FreeBSD package and freebsdsa
- SA-11:07.chroot
  - Add FreeBSD package
- SA-11:08.telnetd
  - Add FreeBSD package, freebsdsa and a relevant URL

- Adjust formatting for 93688f8f-4935-11e1-89b4-001ec9578670

- Document vulnerabilities in mail/postfixadmin (CVE-2012-0811, CVE-2012-0812)

- Cleanup & Formating

- Document vulnerability in converters/mpack

- Document vulnerabilities in print/acroread9 (prior to 9.4.7)

- update entry fixed in chromium-16.0.912.75 (CVE-2011-3925)
- add entry for vulnerabilities fixed in chromium-16.0.912.77

Security:       CVE-2011-[3924-3928]

Fix build while chanting "I will run make validate". :(

Pointyhat to:   wxs@

Add CVE for recent spamdyke buffer overflows.

Document multiple vulnerabilities in wireshark, all of which have
already been fixed in our port.

Whitespace cleanup.

- Document buffer overflows in spamdyke.

Fixup to please "make tidy". No need to wrap this line.

- Add CVE for spamdyke STARTTLS plaintext injection.

- Fix affected rubygem-rack version: add ,3 as PORTEPOCH=3 is restored

- Correct package range in 5c5f19ce-43af-11e1-89b4-001ec9578670
- Add databases/redis to the affected list for
91be81e7-3fea-11e1-afc7-2c4138874f7d

- Fix formatting/topic in 91be81e7-3fea-11e1-afc7-2c4138874f7d

Reviewed by:    wxs

- Document security vulnerability in security/openssl (CVE-2012-0050)

fix uuid on latest tomcat vulnerability

Approved by:    crees, rene (implicit)

 - Fix modified date;
 - Add more ruby variants.

Update 91be81e7-3fea-11e1-afc7-2c4138874f7d to cover ruby+no-pthreads as
well.

Spotted by:     Kevin Oberman <kob6558 gmail.com>

- document asterisk remote crash vulnerability

Document recent vulnerability of Apache Tomcat Server.

Approved by:    rene (mentor)

Sigh, should have used <lt> instead of <gt>.

Pointy hat to:  delphij

php52-exif no longer vulnerable to CVE-2011-4566 as of 5.2.17_6

Fix the version range for ruby.  The stock version is affected.

There was no patch release in rubygem-rack 1.3.5_*, so just say < 1.3.6.

- Fix affected rubygem-rack version: it should be _3 for PORTREVISION=3

Fix CVE URL in recent OpenTTD entry.

Unexpand (convert leading spaces to tabs when possible).

Document recent vulnerability of OpenTTD game server.

Reported by:    Ilya Arkhipov

PHP5 had its own entry for this vulnerability, so remove this.

Pointed out by: ohauer

Add node < 0.6.7 (for V8).

Add v8 < 3.8.5 (CVE-2011-5037).

Add PHP < 5.3.9 (CVE-2011-4885).

Add Multiple implementations denial-of-service via hash algorithm collision.

Currently only JRuby, Ruby, and Rack are mentioned.  More to follow.

Add missing URL reference to last commit

Add relevant FFmpeg vulnerabilities from Ubuntu USN-1320-1

- clean up

- Document vulnerabilities in security/openssl
-- CVE-2011-4108, CVE-2011-4109, CVE-2011-4576
-- CVE-2011-4577, CVE-2011-4619, CVE-2012-0027

- Document vulnerability in net/isc-dhcp42-server (CVE-2011-4868)

Document PowerDNS DoS vulnerability.

PR:             ports/164066
Submitted by:   Ralf van der Enden <tremere cainites.net>

Document PHP multiple vulnerabilities.

Document a untrusted local library exploit in games/torcs.

Security:       CVE-2010-3384

Document spamdyke STARTTLS plaintext injection vulnerability.

Remove HTML entity from a VuXML entry as they are not allowed in
VuXML, only Unicode charecter entities are allowed.

This should fix the portaudit build.

If anyone care enough to insert the correct umlaut, feel free to fix.

Add new vulnerabilities for www/chromium.

Security:       CVE-2011-[3919,3921-3922]

Fix build.

- document bugzilla and bugzilla3 security issues

Document wordpress xss vulnerability.

Feature safe:   yes

Add additional MITKRB5 reference.

Security:       MITKRB5-SA-2011-008
Feature safe:   yes

Fix build by adding a reference to the original URL.

Document XSS vulnerability in net-mgmt/zabbix-frontend

PR:             ports/163691
Obtained from:  https://support.zabbix.com/browse/ZBX-4015
Security:       ZBX-4015

Document remote DoS vulnerability in lighttpd HTTP authentication

Security:       CVS-2011-4362

- Fix most of the duplicate words in vuxml, a few affect 'blockquotes' but that
should be okay as no information is lost.

Don't wrap a couple of lines. No other entries wrap these lines, so when
in Rome...

Whitespace cleanup in a BIND topic.

Fix the build. Missing a quote on the blockquote citation and a missing </p>.

Document CVE-2011-4862 (FreeBSD-SA-11:08.telnetd) as it affects krb5-appl too.

Security:       CVE-2011-4862, FreeBSD-SA-11:08.telnetd
Feature safe:   yes

Add vuxml entry for proftpd chroot vulnerability.

Feature safe:   yes

- Document recent vulnerabilities in databases/phpmyadmin (PMASA-2011-19 and
PMASA-2011-20)

- Also fix SeaMonkey version range

- Fix cvename in latest mozilla vulnerability

- Document mozilla -- multiple vulnerabilities

unbound DoS vulnerability

- Cleanup
        * correct line limit
        * sort cvename

- Correct package name in previous commit

Reported by:    crees@

- Document vulnerabilities in www/typo3 and www/typo345

- Document security/krb5 vulnerability as described in MITKRB5-SA-2011-007

- Add CVE for recent asterisk vulnerabilities

Feature safe:   yes

Document Opera multiple vulnerabilities.

Requested by:   tabthorpe
Feature safe:   yes

Document vulnerabilities fixed in Chromium 16.0.912.63

Security:       CVE-2011-[3903-3917]

Add cvename tag with content CVE-2011-4607 for PuTTY password 'vulnerability'.

Feature safe: yes
Submitted by: eadler

- Correct package name for asterisk18

Feature safe:   yes

Update PuTTY to new upstream security and bug fix release 0.62,
and add a new VuXML entry.

Changelog:     
http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html
Security:       bbd5f486-24f1-11e1-95bc-080027ef73ec
Feature safe:   yes

- Document asterisk vulnerabilities

Feature safe:   yes

- Document vulnerabilities in isc-dhcp: CVE-2011-4539

Feature safe:   yes

Update to version 3.4.8

This is the formal release of the fix to CVE-2011-4634, but there are
no code differences from the preliminary fixes released in 3.4.8-rc1
except for the updated version number.

PMSA-2011-18 has now been published; vuxml entry attached.

PR:             ports/163001
Submitted by:   Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)

Feature safe:   yes

- Add a link to a nice documentation in PH

Suggested by:   dougb
Feature safe:   yes

- Add a quick guide to adding a new entry to this unfriendly file

Feature safe:   yes

- mark 1.3.41+2.8.31_4 as not vulnerable
Feature safe:   yes

15 vulnerabilities affecting 34 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities