vuxml Vulnerability and eXposure Markup Language DTD
1.1_3 security =31

Maintainer: ports-secteam@FreeBSD.org
Port Added: 12 Feb 2004 14:24:23
Also Listed In: textproc
License: BSD2CLAUSE

VuXML (the Vulnerability and eXposure Markup Language) is an XML
application for documenting security bugs and corrections within
a software package collection such as the FreeBSD Ports Collection.
This port installs the DTDs required for validating VuXML documents.

SVNWeb : PortsMon

Pseudo-pkg-plist information, but much better, from make generate-plist
Expand this list (10 items)

1. /usr/local/share/licenses/vuxml-1.1_3/catalog.mk
2. /usr/local/share/licenses/vuxml-1.1_3/LICENSE
3. /usr/local/share/licenses/vuxml-1.1_3/BSD2CLAUSE
4. @xmlcatmgr share/xml/dtd/vuxml/catalog
5. @xmlcatmgr share/xml/dtd/vuxml/catalog.xml
6. share/xml/dtd/vuxml/vuxml-10.dtd
7. share/xml/dtd/vuxml/vuxml-11.dtd
8. share/xml/dtd/vuxml/vuxml-model-10.mod
9. share/xml/dtd/vuxml/vuxml-model-11.mod
10. share/xml/dtd/vuxml/xml1.dcl
Collapse this list.

---

To install the port: cd /usr/ports/security/vuxml/ && make install clean
To add the package: pkg install vuxml

PKGNAME: vuxml

distinfo:

SHA256 (vuxml/vuxml-10.dtd) = 6a635ad2cf45f52361c8c2a29a689157fad4d00519045485bc822d34e04a524e
SIZE (vuxml/vuxml-10.dtd) = 2986
SHA256 (vuxml/vuxml-model-10.mod) = 051fed00b52bedde8ee901003fc29f7b95cd904157e31ceef34e6b06f2d1a14a
SIZE (vuxml/vuxml-model-10.mod) = 10599
SHA256 (vuxml/vuxml-11.dtd) = 12b50061d7bb34cecffede2e08d439e4469324376d55aeb7c73eb6aab0f36af1
SIZE (vuxml/vuxml-11.dtd) = 3063
SHA256 (vuxml/vuxml-model-11.mod) = a40777208625a3029c6f416aeeea733f614802a6a5f26035a4e445a09e61a47c
SIZE (vuxml/vuxml-model-11.mod) = 13282
SHA256 (vuxml/xml1.dcl) = 343efa94c4e1302e85e08b2d1791d86e50aac1ecdbc3161daecac100e4726847
SIZE (vuxml/xml1.dcl) = 7372
SHA256 (vuxml/catalog) = 479a69cf02995603443fd1f3b5b33f97811670931f87f53be99a727d664abc66
SIZE (vuxml/catalog) = 549
SHA256 (vuxml/catalog.xml) = 7b2e2850f57264eeba0ccd3d1fc161b9d5ce3071ae0ec51b9da7fa956f2a6509
SIZE (vuxml/catalog.xml) = 2150

---

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Runtime dependencies:

1. xmlcatmgr : textproc/xmlcatmgr
2. xsltproc : textproc/libxslt
3. VERSION : textproc/xhtml-modularization
4. xhtml-basic10.dtd : textproc/xhtml-basic
5. python2.7 : lang/python27

There are no ports dependent upon this port

---

Configuration Options

     No options to configure

---

USES:

python:run

---

Master Sites:

1. http://www.vuxml.org/dtd/vuxml-1/

Document WPA unauthenticated encrypted EAPOL-Key data vunlerability.

Security:	CVE-2018-14526

Document the latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb18-25.html

Add an entry about multiple Samba vulnerabilities:

* CVE-2018-1139  (Weak authentication protocol allowed.)
* CVE-2018-1140  (Denial of Service Attack on DNS and LDAP server.)
* CVE-2018-10858 (Insufficient input validation on client directory
  listing in libsmbclient.)
* CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
* CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
  server.)

Security:	CVE-2018-1139
		CVE-2018-1140
		CVE-2018-10858
		CVE-2018-10918
		CVE-2018-10919
Sponsored by:	iXsystems Inc.

Document GraphicsMagick vulnerability

Document lang/chicken vulerabilities

Document www/gitea vulnerability, with the scarce details provided by Gitea

PR:		230512

Document mbed TLS Security Advisory 2018-02.

Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02

Add entry about postgresql vulnerabilites

security/vuxml: Document Oracle's Crititcal Patch Update

Add vulnerability information about apache-xml-security-c

Document FreeBSD-SA-18:08.tcp

security/py-cryptography: Add tag forgery vulnerability

PR:	226906

Document CVE-2018-14912 in devel/cgit before version 1.2.1

PR:		230360
Submitted by:	yasu@utahime.org

Documented vulnerability of copied security/rubygem-doorkeeper43.

Approved by:	mentors (implicit)

Fix a common grammar error: "can not" means the opposite of "cannot."

"Can not" means "it is possible not to," and "cannot" means "it is impossible
to."

Document rubygem-doorkeeper vulnerability

Document rubygem-sinatra vulnerability

Add new Mailman < 2.1.28 security issue.

https://bugs.launchpad.net/mailman/+bug/1780874
https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html

Security:	b4f0ad36-94a5-11e8-9007-080027ac955c
Security:	CVE-2018-13796

- Fix range for ja-mailman in CVE-2018-0618

document mantis issues

PR:		229880
Submitted by:	Nathan <ndowens.fbsd@yandex.com>

Fix version range of curl vulnerability

security/vuxml: document py-bleach issue

PR:		226851

security/vuxml: document lshell issues

PR:		215988
Submitted by:	Damien Fleuriot <dam@my.gd>

security/vuxml: document openjpeg issues

PR:		225805
Submitted by:	VK <vlad-fbsd@acheronmedia.com>

security/vuxml: Document ffmpeg issues

PR:		223626
Submitted by:	VK <vlad-fbsd@acheronmedia.com>

security/vuxml: document gimp issue

While here, fix entry date on curl entry

PR:		225636
Submitted by:	D. Ebdrup <debdrup@gmail.com>

Document new vulnerabilites in www/chromium < 68.0.3440.75

Obtained
from:	https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html

security/vuxml: Document curl issue

PR:		229752
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>

Documented vulnerabilities for gitlab-ce.

Approved by:	mentors (implicit)

- Document a graphics/vips buffer overflow.

https://github.com/jcupitt/libvips/releases/tag/v8.6.5

Document vulnerabilities for graphics/sixel 1.8.1

* CVE-2018-14072
* CVE-2018-14073

PR:	229975
Reported by:	sue@iwmt.org (maintainer)
Approved by:	tcberner (mentor)

- Exclude LibreSSL 2.6.5 from CVE-2018-0732 entry

PR:		229037
Sponsored by:	iXsystems Inc.

Remove linux expat packages from latest expat entry.  Red Hat has marked
these "will not fix" because of the low impact so there's no point in
nagging users about this.

https://access.redhat.com/security/cve/cve-2016-9063
https://access.redhat.com/security/cve/cve-2017-9233

security/vuxml: Add CVE details for VLC vulnerability

security/vuxml: document VLC vulnerability

security/vuxml: add mutt vulnerabilities

Include mutt vulnerabilities for mutt < 1.10.1

PR:	229810
Submitted by:	dereks@lifeofadishwasher.com
Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D16321

security/vuxml: fix typo

security/vuxml: document NeoMutt and Mutt vulnerabilities

Document gitlab < 11.0.4 vulnerability.

Reviewed by:	swills (mentor)
Approved by:	swills (mentor)
Differential Revision:	https://reviews.freebsd.org/D16317

Update CVE number of 20a1881e-8a9e-11e8-bddf-d017c2ca229d

Sponsored by:	The FreeBSD Foundation

Fix range of 20a1881e-8a9e-11e8-bddf-d017c2ca229d

Sponsored by:	The FreeBSD Foundation

Document Jenkins Security Advisory 2018-07-18

Sponsored by:	The FreeBSD Foundation

security/vuxml: Document irc/znc vulnerabilities

Reported by:	gordon
Security:	CVE-2018-14055
Security:	CVE-2018-14056

security/vuxml: Document Apache httpd vulns

Remove vendor-specific CVE numbers, following r474804.  This tag
is reserved for Mitre CVE numbers, otherwise it does not pass
validation.

Sponsored by:	The FreeBSD Foundation

security/vuxml: update version range for latest qutebrowser vuln

Update version for www/qutebrowser CVE-2018-10895 to reflect 2018Q3 fix.

Comment a project-specific CVE reference in attempt to fix the build.

Sponsored by:	The FreeBSD Foundation

Document vulberability for typo3-7 and typo3-8

security/vuxml: add entry for devel/upp

Affected by CVE-2018-874

PR:	227414
Reported by:	lightside@gmx.com
Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D16017

Document several security defects in the Bouncy Castle Crypto APIs
before version 1.60

Obtained from:	https://www.bouncycastle.org/latest_releases.html
Security:	https://vuxml.FreeBSD.org/freebsd/fe93803c-883f-11e8-9f0c-001b216d295b

Document www/qutebrowser CSRF vulnerability

Reviewed by:	miwi
Security:	CVE-2018-10895

Fix typos.

Reported by:	N.J. Mann (njm at njm dot me dot uk)

Document the latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb18-24.html

Document vulnerability for libgit2 < 0.27.3.

Reviewed by:	swills (mentor)
Approved by:	swills (mentor)
Differential Revision:	https://reviews.freebsd.org/D16220

Fix build.

Sponsored by:	The FreeBSD Foundation

security/vuxml: add CVE for Apache CouchDB 1.7.2 (databases/couchdb)

Approved by:	jrm
Differential Revision:	https://reviews.freebsd.org/D16212

security/vuxml: document vulnerabilities in security/clamav.

- Document devel/zziplib - multible vulnerabilities

PR:		226491
Sponsored by:	iXsystems Inc.

Document wordpress issues

security/vuxml: seamonkey-2.49.4 contains firefox-52.9.0

Document vulnerability in www/mybb

security/vuxml: Document expat vulnerabilities

libwww is also vulnerable because it has expat in its source tree.

Security:	CVE-2016-9063
Security:	CVE-2017-9233

security/vuxml: add CVE-2018-0608 for www/h2o

PR:		228762
Approved by:	jrm
Security:	CVE-2018-0608
Differential Revision:	https://reviews.freebsd.org/D16110

security/vuxml: mark firefox < 61 as vulnerable

Vulnerability entry for www/gitlab.

Reviewed by:	tz (mentor)
Approved by:	tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D16010

Fixup

Link release announcement to mail/mailman < 2.1.27 vuln/CVE 2018-0618

Add mailman vulnerabilities/hardening.

Obtained from:	Mark Sapiro
Security:	739948e3-78bf-11e8-b23c-080027ac955c
Security:	CVE-2018-0618
Security:	JVN#00846677
Security:	JPCERT#97432283

Docuement the latest phpMyAdmin vulnerabilities

Document SA-18:07.lazyfpu

Document GraphicsMagick vulnerability

PR:		223629
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

Document vulnerability for libgit2 and py-pygit2.

Reviewed by:	tz (mentor)
Approved by:	tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D15668

security/vuxml: document Slurm vulnerability

https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html

While here, silence validation warnings caused by node.js 2018-06-15 entry.

security/vuxml: document Node.js vulnerabilities

https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

List GPG parsing vulnerabilities in sysutils/password-store < 1.7.2

security/vuxml: Document LibreSSL vuln

Document libgcrypt side-channel attack vulnerability

Security:	CVE-2018-0495

Update gnupg entry now that gnupg1-1.4.23 has landed

security/vuxml: Bump PORTREV for openssl

 - Chase missing svn add for openssl

security/vuxml: Document today's OpenSSL vuln (low)

Document new asterisk vulnerabilities.

Fix error in old asterisk entry.

Document new vulnerability in www/chromium < 67.0.3396.79

Obtained
from:	https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html

Fix vuxml build.

Sponsored by:	The FreeBSD Foundation

Add entry for gnupg CVE

security/vuxml: mark firefox < 60.0.2 as vulnerable

Document the latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb18-19.html

Mark bro < 2.5.4 as vulnerable as per:

    https://www.bro.org/download/NEWS.bro.html

Reviewed by:	ler (mentor)
Approved by:	ler (mentor)
Differential Revision:	https://reviews.freebsd.org/D15677

security/vuxml/vuln.xml: Fix indentation (silences make validate)

Reported by:	mfechner

Document new vulnerabilities in www/gitlab < 10.8.2 or < 10.7.5 or < 10.6.6.

Reviewed by:	tz (mentor)
Approved by:	tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D15635

security/vuxml: Fix version ranges for latest Git vulnerabilities

Reported by:	jbeich

security/vuxml: Document devel/git CVEs (2018-11233 and 2018-11235)

Document security/strongswan multiple vulnerabilities
((CVE-2018-10811, CVE-2018-5388)

PR:		228631
Submitted by:	strongswan@Nanoteq.com

Document new vulnerabilities in www/chromium < 67.0.3396.62

Obtained
from:	https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html

Document BIND multiple vulnerabilities.

Update VuXML entry for xorg-server issues

Update VuXML entry for xorg-server issues related to CVE-2017-10971 and
CVE-2017-10972.  The version check was wrong missing the portepoch which
meant that the entry never matched anything.  It was also only added for
xorg-server 1.19, while we have 1.18 in base.

Fix formatting and edit the overly long lines.

Document curl vulnerability

Document vulnerabilities in wavpack 5.1.0 and earlier

PR:		228146
Submitted by:	yasu@utahime.org

Bump maximum description length to 5000

Details:
Thanks to www/chromium, we now have a valid entry with 4933 characters.
Entries this long will probably remain exceptions, but there should
not be a warning for the currently valid entries.

Bump copyright to 2018

14 vulnerabilities affecting 116 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2018-06-16 15:43:50