vuxml Vulnerability and eXposure Markup Language DTD
1.1_3 security =31

Maintainer: ports-secteam@FreeBSD.org
Port Added: 12 Feb 2004 14:24:23
Also Listed In: textproc
License: BSD2CLAUSE

VuXML (the Vulnerability and eXposure Markup Language) is an XML
application for documenting security bugs and corrections within
a software package collection such as the FreeBSD Ports Collection.
This port installs the DTDs required for validating VuXML documents.

SVNWeb : PortsMon

Pseudo-pkg-plist information, but much better, from make generate-plist
Expand this list (10 items)

1. /usr/local/share/licenses/vuxml-1.1_3/catalog.mk
2. /usr/local/share/licenses/vuxml-1.1_3/LICENSE
3. /usr/local/share/licenses/vuxml-1.1_3/BSD2CLAUSE
4. @xmlcatmgr share/xml/dtd/vuxml/catalog
5. @xmlcatmgr share/xml/dtd/vuxml/catalog.xml
6. share/xml/dtd/vuxml/vuxml-10.dtd
7. share/xml/dtd/vuxml/vuxml-11.dtd
8. share/xml/dtd/vuxml/vuxml-model-10.mod
9. share/xml/dtd/vuxml/vuxml-model-11.mod
10. share/xml/dtd/vuxml/xml1.dcl
Collapse this list.

---

To install the port: cd /usr/ports/security/vuxml/ && make install clean
To add the package: pkg install vuxml

PKGNAME: vuxml

distinfo:

SHA256 (vuxml/vuxml-10.dtd) = 6a635ad2cf45f52361c8c2a29a689157fad4d00519045485bc822d34e04a524e
SIZE (vuxml/vuxml-10.dtd) = 2986
SHA256 (vuxml/vuxml-model-10.mod) = 051fed00b52bedde8ee901003fc29f7b95cd904157e31ceef34e6b06f2d1a14a
SIZE (vuxml/vuxml-model-10.mod) = 10599
SHA256 (vuxml/vuxml-11.dtd) = 12b50061d7bb34cecffede2e08d439e4469324376d55aeb7c73eb6aab0f36af1
SIZE (vuxml/vuxml-11.dtd) = 3063
SHA256 (vuxml/vuxml-model-11.mod) = a40777208625a3029c6f416aeeea733f614802a6a5f26035a4e445a09e61a47c
SIZE (vuxml/vuxml-model-11.mod) = 13282
SHA256 (vuxml/xml1.dcl) = 343efa94c4e1302e85e08b2d1791d86e50aac1ecdbc3161daecac100e4726847
SIZE (vuxml/xml1.dcl) = 7372
SHA256 (vuxml/catalog) = 479a69cf02995603443fd1f3b5b33f97811670931f87f53be99a727d664abc66
SIZE (vuxml/catalog) = 549
SHA256 (vuxml/catalog.xml) = 7b2e2850f57264eeba0ccd3d1fc161b9d5ce3071ae0ec51b9da7fa956f2a6509
SIZE (vuxml/catalog.xml) = 2150

---

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Runtime dependencies:

1. xmlcatmgr : textproc/xmlcatmgr
2. xsltproc : textproc/libxslt
3. VERSION : textproc/xhtml-modularization
4. xhtml-basic10.dtd : textproc/xhtml-basic
5. python2.7 : lang/python27

There are no ports dependent upon this port

---

Configuration Options

     No options to configure

---

USES:

python:run

---

Master Sites:

1. http://www.vuxml.org/dtd/vuxml-1/

Document vulnerability for libgit2 and py-pygit2.

Reviewed by:	tz (mentor)
Approved by:	tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D15668

security/vuxml: document Slurm vulnerability

https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html

While here, silence validation warnings caused by node.js 2018-06-15 entry.

security/vuxml: document Node.js vulnerabilities

https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/

List GPG parsing vulnerabilities in sysutils/password-store < 1.7.2

security/vuxml: Document LibreSSL vuln

Document libgcrypt side-channel attack vulnerability

Security:	CVE-2018-0495

Update gnupg entry now that gnupg1-1.4.23 has landed

security/vuxml: Bump PORTREV for openssl

 - Chase missing svn add for openssl

security/vuxml: Document today's OpenSSL vuln (low)

Document new asterisk vulnerabilities.

Fix error in old asterisk entry.

Document new vulnerability in www/chromium < 67.0.3396.79

Obtained
from:	https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html

Fix vuxml build.

Sponsored by:	The FreeBSD Foundation

Add entry for gnupg CVE

security/vuxml: mark firefox < 60.0.2 as vulnerable

Document the latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb18-19.html

Mark bro < 2.5.4 as vulnerable as per:

    https://www.bro.org/download/NEWS.bro.html

Reviewed by:	ler (mentor)
Approved by:	ler (mentor)
Differential Revision:	https://reviews.freebsd.org/D15677

security/vuxml/vuln.xml: Fix indentation (silences make validate)

Reported by:	mfechner

Document new vulnerabilities in www/gitlab < 10.8.2 or < 10.7.5 or < 10.6.6.

Reviewed by:	tz (mentor)
Approved by:	tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D15635

security/vuxml: Fix version ranges for latest Git vulnerabilities

Reported by:	jbeich

security/vuxml: Document devel/git CVEs (2018-11233 and 2018-11235)

Document security/strongswan multiple vulnerabilities
((CVE-2018-10811, CVE-2018-5388)

PR:		228631
Submitted by:	strongswan@Nanoteq.com

Document new vulnerabilities in www/chromium < 67.0.3396.62

Obtained
from:	https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html

Document BIND multiple vulnerabilities.

Update VuXML entry for xorg-server issues

Update VuXML entry for xorg-server issues related to CVE-2017-10971 and
CVE-2017-10972.  The version check was wrong missing the portepoch which
meant that the entry never matched anything.  It was also only added for
xorg-server 1.19, while we have 1.18 in base.

Fix formatting and edit the overly long lines.

Document curl vulnerability

Document vulnerabilities in wavpack 5.1.0 and earlier

PR:		228146
Submitted by:	yasu@utahime.org

Bump maximum description length to 5000

Details:
Thanks to www/chromium, we now have a valid entry with 4933 characters.
Entries this long will probably remain exceptions, but there should
not be a warning for the currently valid entries.

Bump copyright to 2018

Document vulnerabilities in chromium before 66.0.3359.170

Reported by:	Tommi Pernila <tommi.pernila@iki.fi> via e-mail

Document jenkins security issues

security/vuxml: mark firefox < 60 as vulnerable

PR:		226476

security/vuxml: document kamailio CVE-2018-8828

PR:		227677
Submitted by:	Ben Hood <ben@relops.com>

Document ftp/wget's cookie injection vulnerability

Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
MFH:		2018Q2
Security:	CVE-2018-0494

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-16.html

Document FreeBSD-SA-18:06.debugreg

Document python vulnerability

Security notice regarding kwallet-pam (KDE Plasma5).

  https://www.kde.org/info/security/advisory-20180503-1.txt

The port is not built by default through the regular KDE packages,
and has been in the ports tree only a week; the impact is expected
to be low.

Approved by:	tcberner (mentor, implicit)

Document multiple vulnerabilities in www/drupal7 and www/drupal8

Document vulnerabilities in gitlab for several versions.

Reviewed by:	eugen_grosbein.net, tz (mentor)
Approved by:	eugen_grosbein.net, tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D15248

Document free-after-use issue in chromium before 66.0.3359.139

Submitted by:	Tommi Pernila <tommi.pernila@iki.fi> via e-mail
Security:	CVE-2018-6118

Document vulnerabilities in quassel before 0.12.5

Security:	https://vuxml.freebsd.org/freebsd/499f6b41-58db-4f98-b8e7-da8c18985eda.html

Document vulnerabilities in chromium before 66.0.3359.117

Submitted by:	tommi.pernila@iki.fi (via mail to ports-secteam)
Reviewed by:	riggs

Document mbed TLS vulnerabilities

Security:	https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released

security/vuxml: Document MySQL vulns from quarterly Oracle CPU

Document wordpress issues

Document the latest phpMyAdmin vulnerabilities

- Document drupal8 vulnerability

security/vuxml: Bump portrev for latest OpenSSL vuln

security/vuxml: Add OpenSSL vulnerability

Add Blockquote

pointy hat to joneum

Document multiple vulnerabilities in www/drupal7

Security:	CVE-2018-7600

Document Perl vulnerability

Update freeimage vulnerability

ipsec-tools: document remotely exploitable computational-complexity attack.

PR:		225066
Security:	CVE-2016-10396

Document nghttp2 vulnerability

Document roundcube IMAP command injection vulnerability.

Document Jenkins vulnerabilities

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

Fixed a wrong version definition for gitlab that report 10.4.6 as affected.

PR:		227293
Reported by:	majo-bugs.freebsd.org@cerny.sk
Reviewed by:	dbaio, swills (mentor)
Approved by:	swills (mentor)
Differential Revision:	https://reviews.freebsd.org/D14999

Added information about security problems with port www/gitlab.

Reviewed by:	swills (mentor)
Approved by:	swills (mentor)
Differential Revision:	https://reviews.freebsd.org/D14974

Document FreeBSD-SA-18:05.ipsec

Document FreeBSD-SA-18:04.vt

security/vuxml: adjust thunderbird version for CVE-2018-5148 backport

security/vuxml: delist palemoon from CVE-2018-514[67]

Let upstream to decide if the browser is affected.
https://github.com/MoonchildProductions/Pale-Moon/commits/master/media/libvorbis/lib/vorbis_codebook.c
https://github.com/MoonchildProductions/Pale-Moon/commits/master/media/libtremor/lib/tremor_codebook.c

security/vuxml: libxul didn't share release branch with thunderbird

- Document Moodle vulnerability

Fix space/tab to pet "make validate"

Document Ruby vulnerability

security/vuxml: Document Node.js vulnerabilities

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

Document gitlab vulnerability.

Reviewed by:	tz (mentor)
Approved by:	tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D14870

Fix typos

Document www/webkit2-gtk3 vulnerabilities

Document new vulnerability in www/chromium < 65.0.3325.181

Obtained
from:	https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop_20.html

security/vuxml: Document OpenSSL vulnerabilities

Attempt to fix vuxml build.

Sponsored by:	The FreeBSD Foundation

security/vuxml: Mark Apache 2.2 vulnerable

 - Upstream has removed all patches for 2.2.34

With hat:	apache

Fix build after r465658.

Sponsored by:	The FreeBSD Foundation

security/vuxml: mark firefox < 59.0.2 as vulnerable

thunderbird: fix affected versions for CVE-2018-5146

according to https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/ ,
CVE-2018-5146 has been fixed in thunderbird 52.7.0 (and CVE-2018-5147
affects Android platforms as per it's description).
Add link to the thunderbird security advisory MFSA 2018-09, as this has
the info for thunderbird.

Fix mythtv ranges. Forgot to factor in PORTEPOCH.

Update entries for mythtv and mythtv-frontend

PR:		225652

Document rubygem-rails-html-sanitizer vulnerability

security/vuxml: Document recent Apache httpd vulnerabilities

Document vulnerability in www/mybb

VulnXML record: CVE-2018-8740: SQLite -- Corrupt DB can cause a NULL pointer
dereference

Patched in r465275.

Document rubygem-sanitize vulnerability

Document rubygem-loofah vulnerability

Document py-notebook vulnerability

Document zero-day remote vulnerability in mail/squirrelmail

Reported by:	Roger Marquis <marquis@roble.com> via e-mail
Security:	CVE-2018-8741

security/vuxml: mark slurm-wlm < 17.02.10 as vulnerable

Security:	CVE-2018-7033

security/vuxml: mark libvorbis < 1.3.6 as vulnerable

security/vuxml: bump waterfox version after r464679

Mark e2fsprogs < 1.44.0 vulnerable.

Initial entry for the speculative execution vulnerability
(FreeBSD-SA-18:03.speculative_execution)

Update NTP entry to add the FreeBSD SA information (FreeBSD-SA-18:02.ntp)

Document FreeBSD-SA-18:01.ipsec

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-05.html

security/vuxml: mark firefox < 59 as vulnerable

Add an entry for Samba vulnerabilities CVE-2018-1050 and CVE-2018-1057

Security:	CVE-2018-1050
		CVE-2018-1057

14 vulnerabilities affecting 116 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2018-06-16 15:43:50