vuxml Vulnerability and eXposure Markup Language DTD
1.1_3 security =31

Maintainer: ports-secteam@FreeBSD.org
Port Added: 12 Feb 2004 14:24:23
Also Listed In: textproc
License: BSD2CLAUSE

VuXML (the Vulnerability and eXposure Markup Language) is an XML
application for documenting security bugs and corrections within
a software package collection such as the FreeBSD Ports Collection.
This port installs the DTDs required for validating VuXML documents.

SVNWeb : PortsMon : pkg-plist

---

To install the port: cd /usr/ports/security/vuxml/ && make install clean
To add the package: pkg install vuxml

PKGNAME: vuxml

distinfo:

SHA256 (vuxml/vuxml-10.dtd) = 6a635ad2cf45f52361c8c2a29a689157fad4d00519045485bc822d34e04a524e
SIZE (vuxml/vuxml-10.dtd) = 2986
SHA256 (vuxml/vuxml-model-10.mod) = 051fed00b52bedde8ee901003fc29f7b95cd904157e31ceef34e6b06f2d1a14a
SIZE (vuxml/vuxml-model-10.mod) = 10599
SHA256 (vuxml/vuxml-11.dtd) = 12b50061d7bb34cecffede2e08d439e4469324376d55aeb7c73eb6aab0f36af1
SIZE (vuxml/vuxml-11.dtd) = 3063
SHA256 (vuxml/vuxml-model-11.mod) = a40777208625a3029c6f416aeeea733f614802a6a5f26035a4e445a09e61a47c
SIZE (vuxml/vuxml-model-11.mod) = 13282
SHA256 (vuxml/xml1.dcl) = 343efa94c4e1302e85e08b2d1791d86e50aac1ecdbc3161daecac100e4726847
SIZE (vuxml/xml1.dcl) = 7372
SHA256 (vuxml/catalog) = 479a69cf02995603443fd1f3b5b33f97811670931f87f53be99a727d664abc66
SIZE (vuxml/catalog) = 549
SHA256 (vuxml/catalog.xml) = 7b2e2850f57264eeba0ccd3d1fc161b9d5ce3071ae0ec51b9da7fa956f2a6509
SIZE (vuxml/catalog.xml) = 2150

---

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Runtime dependencies:

1. xmlcatmgr : textproc/xmlcatmgr
2. xsltproc : textproc/libxslt
3. VERSION : textproc/xhtml-modularization
4. xhtml-basic10.dtd : textproc/xhtml-basic
5. python2.7 : lang/python27

There are no ports dependent upon this port

---

Configuration Options

     No options to configure

---

USES:

python:run

---

Master Sites:

1. http://www.vuxml.org/dtd/vuxml-1/

Add new asterisk ports vulnerability.

security/vuxml: adjust for seamonkey 2.49.1

Document Ruby vulnerability

Document rubygem-geminabox vulnerability

Add new entry for Apache "OptionsBleed"

Reviewed by:	zi

Document GitLab vulnerabilities

Security: CVE-2017-5029
Security: CVE-2016-4738
Security:
https://vuxml.FreeBSD.org/freebsd/6a177c87-9933-11e7-93f7-d43d7e971a1b.html

- Add emacs-devel to the list of affected packages by emacs vulnerability
- Move it to the top, didn't realize this before. Sorry

Document latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb17-28.html

- Correct package name in Emacs vulnerability
- Also add emacs-nox11 to the list

- Document emacs vulnerability

Document cyrus-imapd vulnerability

Security:	CVE-2017-14230

Fix indent

Document Django vulnerability

Correct vulnerability range for atril and atril-lite.

PR:		221867
Submitted by:	rkoberman@gmail.com
Security:	CVE-2017-1000083

Document new vulnerabilities in www/chromium < 61.0.3163.79

Obtained
from:	https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

Cancel CVE-2017-6419 for security/clamav

This only affected clamav-devel / the unreleased code for 0.99.3.

Document clamav vulnerability

PR:		221608
Security:	CVE-2017-6419

Document gdk-pixbuf2 vulnerabilities

Security:	CVE-2017-2862 CVE-2017-2870

Document vulnerabilities in asterisk ports.

Document libgcrypt side-channel attack vulnerability

Security:	CVE-2017-0379

Update pspp version range to 1.0.1

security/vuxml: Add entry for multiple rubygems vulnerabilities reported
2017-08-29 at
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Approved by:	swills

Document vulnerabilities of www/kanboard

PR:		221826

Document issues in poppler

PR:		220608

Document vulnerabilities of mail/phpmailer

Document salt security vulnerability

Obtained
from:	https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html

Document dnsdist vulnerabilities

Obtained from:	https://dnsdist.org/security-advisories/index.html

Document security vulnerability in evince and atril

PR:		220713
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Document SquirrelMail vulnerability

Document vulnerabilities in math/pspp < 1.0.0

Obtained
from:	https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html

Update the latest libsoup entry with the fixed version.

- Add entry about drupal8 vulnerabilities

security/vuxml: Document devel/libsoup vulnerability

security/vuxml: Document Zabbix vulnerability

Security:	CVE-2017-2824

security/vuxml: Document vulnerability in sysutils/py-supervisor

PR:		221539
Submitted by:	Franz Glasner <f.glasner@feldmann-mg.com>
Security:	CVE-2017-11610

Fix typo in affected versions of GitLab vulnerabilities

Document freeradius vulnerabilities

Document Mercurial vulnerability

security/vuxml: Update recent MySQL entry

 - Changelog reveals MariaDB 10.0.31 and 10.1.25 vulnerable

Match both dovecot and dovecot2.

Submitted by:	mat

Chase dovecot2's rename to dovecot.

Reported by:	remko

 Add CVE-2017-9800 for subversion ports.

Security:	http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

Document GitLab vulnerabilities

Security: CVE-2017-12426
Security:
https://vuxml.FreeBSD.org/freebsd/abcc5ad3-7e6a-11e7-93f7-d43d7e971a1b.html

security/vuxml: Consolidate duplicate Apache Commons FileUpload entries

This also remove a wrong entry that marks tomcat 6 as vulnerable

Approved by:	ports-secteam (zi)
Differential Revision:	https://reviews.freebsd.org/D11941

Add CVE:s fixed in latest PostgreSQL release

Document latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb17-23.html

security/vuxml: Document today's cURL vulnerabilities

security/vuxml: Document axis2 vulnerability

Security:	CVE-2016-1000031

security/vuxml: mark firefox < 55 as vulnerable

Update sqlite3 vuxml entry

The lower bound was incorrect. It has existed much longer than 3.17.0.

Document sqlite3 vulnerability

Security:	CVE-2017-10989

Fix Strongswan entries

PR:		220874

Document varnish vulnerability

Security:	https://varnish-cache.org/security/VSV00001.html

Document new vulnerabilities in www/chromium < 60.0.3112.78

Obtained
from:	https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html

security/vuxml: Document vulnerability in cacti v1.1.13

Security:	CVE-2017-11691

security/vuxml: fix indent in last entry

security/vuxml: Add proftpd chroot secape vulnerability

Security:	CVE-2017-7418

security/vuxml: Add jabberd vulnerability

PR:		221014
Security:	CVE-2017-10807

Document webkit2-gtk3 CVE's

Document gsoap vulnerability

security/vuxml: Add Percona to recent MySQL vulns

Security:	cda2f3c2-6c8b-11e7-867f-b499baebfeaf

security/vuxml: Correct MySQL versions

Security:	cda2f3c2-6c8b-11e7-867f-b499baebfeaf

Fix collectd5's range version

Reported by:	romain

Document GitLab vulnerabilities

security/vuxml: Document MySQL vulnerabilities

Fix vuxmlbuild by replacing lower case by upper case in cvename

Reported by:	bz

Document vulnerability in collectd5

PR:		220797
Reported by:	luca.pizzamiglio@gmail.com
Security:	CVE-2017-7401

Document vulnerability in strongswan

PR:		220823
Reported by:	i.dani@outlook.com
Security:	CVE-2017-9022
Security:	CVE-2017-9023

security/vuxml: Document vulnerability in cacti

Security:	CVE-2017-10970

Approved by:	garga (mentor)
Differential Revision:	https://reviews.freebsd.org/D11611

security/vuxml: Document vulnerability in apache24

Document latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb17-21.html

Add an entry for the CVE-2017-11103 in Samba.

Security:	CVE-2017-11103

ecurity/vuxml: add node.js vulnerabilities announced 2017-07-11

The vulnerability in the bundled c-ares dependency is not included,
since the Node.js ports use dns/c-ares as a dependency instead.

Approved by:	mat (co-mentor)
MFH:		2017Q3
Security:	http://www.vuxml.org/freebsd/3eff66c5-66c9-11e7-aa1d-3d2e663cef42.html
Differential Revision:	https://reviews.freebsd.org/D11561

Document nginx security advisory (CVE-2017-7529).

Document security issue fixed in CodeIgniter 3.1.5

Security:	https://vuxml.FreeBSD.org/freebsd/aaedf196-6436-11e7-8b49-002590263bf5.html

Document irssi vulnerabilities

PR:		220544
Security:	CVE-2017-10965
Security:	CVE-2017-10966

security/vuxml: Fix <url> for latest PHP entry

security/vuxml: Register oniguruma/php-mbstring vulns

- Add drupal7 to vuxml entry

- Document new vulnerabilities in www/drupal8 < 8.3.4

Another round of spelling fixes, covering entries of the year 2015.

Fix a bunch of noticed typos and spelling mistakes, covering years
2016-2017.  Some of those are so common that I've taken liberty to
fix them all over the file.

Added vxvml entry for security/dropbear

PR:		220158
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
Reviewed by:	lifanov (mentor)
Approved by:	lifanov (mentor)
MFH:		2017Q3
Security:	http://www.vuxml.org/freebsd/60931f98-55a7-11e7-8514-589cfc0654e1.html
Differential Revision:	https://reviews.freebsd.org/D11400

security/vuxml: Document smarty3 shell injection vuln

- Document libgcrypt side-channel attack on RSA secret keys

Security:	CVE-2017-7526

Document GitLab vulnerabilities

- Document tor security regression

Security:	CVE-2017-0377

security/vuxml: Correct apache22 version

 - vulns fixed in unreleased 2.2.33

Reported by:		filis (irc)

Document Stack Clash vulnerability related to Exim

Document pear-Horde_Image vulnerabilities.

Security:	CVE-2017-9773
Security:	CVE-2017-9774

Document OpenVPN vulnerabilities.

Security:	9f65d382-56a4-11e7-83e3-080027ef73ec
Security:	CVE-2017-7508
Security:	CVE-2017-7512
Security:	CVE-2017-7520
Security:	CVE-2017-7521
Security:	CVE-2017-7522

security/vuxml: Fix entry uppercasing

 - Introduced in 443943

security/vuxml: Document Apache httpd vulnerabilities

Document new vulnerabilities in www/chromium < 59.0.3071.104

Obtained
from:	https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html

Document cURL vulnerability

Fix the range of vulnerable versions for p5-RT-Authen-ExternalAuth --
BestPractical have released a tarball of patches, but they've also
pushed 0.27 up to CPAN and that has the fixes incorporated.

Document multiple vulnerabilities in www/rt42, www/rt44 and
www/p5-RT-Authen-ExternalAuth

Document latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb17-17.html

security/vuxml: mark firefox < 54 as vulnerable

Correct vulnerable versions of security/heimdal after the security fix
was backported in 7.1.0_3

PR:		219657
Security:	CVE-2017-6594

12 vulnerabilities affecting 85 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities