vuxml Vulnerability and eXposure Markup Language DTD
1.1_3 security =31

Maintainer: ports-secteam@FreeBSD.org
Port Added: 12 Feb 2004 14:24:23
Also Listed In: textproc
License: BSD2CLAUSE

VuXML (the Vulnerability and eXposure Markup Language) is an XML
application for documenting security bugs and corrections within
a software package collection such as the FreeBSD Ports Collection.
This port installs the DTDs required for validating VuXML documents.

SVNWeb : PortsMon

Pseudo-pkg-plist information, but much better, from make generate-plist
Expand this list (10 items)

1. /usr/local/share/licenses/vuxml-1.1_3/catalog.mk
2. /usr/local/share/licenses/vuxml-1.1_3/LICENSE
3. /usr/local/share/licenses/vuxml-1.1_3/BSD2CLAUSE
4. @xmlcatmgr share/xml/dtd/vuxml/catalog
5. @xmlcatmgr share/xml/dtd/vuxml/catalog.xml
6. share/xml/dtd/vuxml/vuxml-10.dtd
7. share/xml/dtd/vuxml/vuxml-11.dtd
8. share/xml/dtd/vuxml/vuxml-model-10.mod
9. share/xml/dtd/vuxml/vuxml-model-11.mod
10. share/xml/dtd/vuxml/xml1.dcl
Collapse this list.

---

To install the port: cd /usr/ports/security/vuxml/ && make install clean
To add the package: pkg install vuxml

PKGNAME: vuxml

distinfo:

SHA256 (vuxml/vuxml-10.dtd) = 6a635ad2cf45f52361c8c2a29a689157fad4d00519045485bc822d34e04a524e
SIZE (vuxml/vuxml-10.dtd) = 2986
SHA256 (vuxml/vuxml-model-10.mod) = 051fed00b52bedde8ee901003fc29f7b95cd904157e31ceef34e6b06f2d1a14a
SIZE (vuxml/vuxml-model-10.mod) = 10599
SHA256 (vuxml/vuxml-11.dtd) = 12b50061d7bb34cecffede2e08d439e4469324376d55aeb7c73eb6aab0f36af1
SIZE (vuxml/vuxml-11.dtd) = 3063
SHA256 (vuxml/vuxml-model-11.mod) = a40777208625a3029c6f416aeeea733f614802a6a5f26035a4e445a09e61a47c
SIZE (vuxml/vuxml-model-11.mod) = 13282
SHA256 (vuxml/xml1.dcl) = 343efa94c4e1302e85e08b2d1791d86e50aac1ecdbc3161daecac100e4726847
SIZE (vuxml/xml1.dcl) = 7372
SHA256 (vuxml/catalog) = 479a69cf02995603443fd1f3b5b33f97811670931f87f53be99a727d664abc66
SIZE (vuxml/catalog) = 549
SHA256 (vuxml/catalog.xml) = 7b2e2850f57264eeba0ccd3d1fc161b9d5ce3071ae0ec51b9da7fa956f2a6509
SIZE (vuxml/catalog.xml) = 2150

---

NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.

Runtime dependencies:

1. xmlcatmgr : textproc/xmlcatmgr
2. xsltproc : textproc/libxslt
3. VERSION : textproc/xhtml-modularization
4. xhtml-basic10.dtd : textproc/xhtml-basic
5. python2.7 : lang/python27

There are no ports dependent upon this port

---

Configuration Options

     No options to configure

---

USES:

python:run

---

Master Sites:

1. http://www.vuxml.org/dtd/vuxml-1/

Document security vulnerability with devel/libgit2 < 0.27.5.

Approved by:	mentors (implicit)

Add an entry for a memory leak bug in net-im/tox < v0.2.8.

Add entry for www/gitea

PR:		232123
Reported by:	maintainer
Sponsored by:	Netzkommune GmbH

Document Jenkins Security Advisory 2018-10-10

Sponsored by:	The FreeBSD Foundation

- add entry for tinc and tinc-devel

Document several vulnerabilities for gitlab-ce.

Approved by:	mentors (implicit)

security/vuxml: add multiple vulnerabilities in security/clamav.

PR:		231924
Submitted by:	yasu@utahime.org

- Document django21 vulnerability

security/vuxml: mark firefox < 62.0.3 as vulnerable

Document several vulnerabilities for gitlab-ce.

Approved by:	mentors (implicit)

Document pango DoS

Add entry for www/serendipity

Sponsored by:	Netzkommune GmbH

security/vuxml: Add entry for net-p2p/bitcoin CVE-2018-17144

Add VuXML for r480928

Approved by:	timur (mentor)
Differential Revision:	https://reviews.freebsd.org/D17360

Document spamassassin - multiple vulnerabilities

Document spamassassin vulnerabilities, as found in this announcement:
https://seclists.org/oss-sec/2018/q3/242

security/vuxml:

Document wesnoth vulnerability

security/vuxml: Add Apache 2.4 vulnerability

Update OpenJPEG vulnerability

CVE-2018-5785 was fixed in r480624.

Document mantis vulnerability

Document rubygem-smart_proxy_dynflow vulnerability

- Document mediawiki's multiple vulnerabilities

security/vuxml: mark firefox < 62.0.2 as vulnerable

Document new asterisk vulnerability.

- Document moodle multiple vulnerabilities

security/vuxml: add Joomla3 Vulnerabilities

security/vuxml: mark waterfox < 56.2.3 as vulnerable

Update OpenJPEG vulnerability

Only CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.

Notified by:	tijl

Document vulnerability in www/mybb

Sponsored by:	Netzkommune GmbH

Document FreeBSD-SA-18:12.elf

Add VuXML vulnerability CVE-2018-15598 for traefik.

Port update is already MFHed.

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-31.html

Improve formatting
Also add plexmediaserver-plexpass package as vulnerable

Document Plex vulnerability

Security:	CVE-2018-13415

The 0.18 release of x11/sddm contains a fix for a security error
that allows unlocking a session without a password, if the
ReuseSession configuration option is set to true. The default
configuration sets it to false.

I'm setting the version to < 0.17.0_1 here, because I'm going
to update 0.17 with backports rather than pull in 0.18 (there's
a lot more work in that update, because of reorganisation upstream
and none of our patches apply anymore).

PR:		230029
Reported by:	doctorwhoguy@gmail.com

Document vulnerability in www/mybb

Sponsored by:	Netzkommune GmbH

Document gitea vulnerability.

PR:		231180
Submitted by:	stb@lassitu.de
Security:	7c750960-b129-11e8-9fcd-080027f43a02

Remove duplicate entry for WPA EAPOL vulnerability. Use r477829 instead
as its version range is more complete.

PR:		231054
Reported by:	000.fbsd@quip.cz

Add VuXML entry for the fixed CVE-2017-11114 in www/links

PR:		230849
Submitted by:	Dmitri Goutnik <dg@syrec.org>

Document curl vulnerability

security/vuxml: mark firefox < 62 as vulnerable

Document Ghostscript -dSAFER sandbox bypass vulnerabilities.

PR:		231148
Security:	https://www.kb.cert.org/vuls/id/332928

Document grafana issues

PR:		 231019
PR:		 231020
PR:		 231021
PR:		 231022

Document several vulnerabilities for gitlab-ce.

Approved by:	mentors (implicit)

- Fix range for ja-mailman in CVE-2018-13796

Mark bro < 2.5.5 as vulnerable as per:

    https://www.bro.org/download/NEWS.bro.html

Reviewed by:	ler (mentor)
Approved by:	ler (mentor)
Differential Revision:	https://reviews.freebsd.org/D16948

security/vuxml: document Node.js vulnerabilities

https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/

Sponsored by:	Miles AS

Fix databases/mantis entry after r477954

Apparently you can have more than on <name></name> item inside a
<package></packge> group.  Also, re-add plain 'phpMyAdmin' without a
flavour suffix as a possible package name -- it's only been a few
months since flavourization, and there may well be some older installs
still out there.  (Although those should already be flagging for the
previous PMASA)

Reported by:	mat

Third time's the charm.  Now capitalize the package names correctly.

phpMyAdmin is flavoured now: use the correct package names.

Document FreeBSD-SA-18:11.hostapd

Document FreeBSD-SA-18:10.ip

Document FreeBSD-SA-18:09.l1tf

Document gogs open redirect issue

PR:		230800
Submitted by:	Dmitri Goutnik <dg@syrec.org>

Document the latest phpMyAdmin security advisory PMASA-2018-5

Document libX11 vulnerabilities.

CVE-2018-14598
CVE-2018-14599
CVE-2018-14600

https://lists.x.org/archives/xorg-announce/2018-August/002915.html

security/vuxml: add CVE-2018-11769 for databases/couchdb versions < 2.2.0

Reported by:	Apache CouchDB PMC
Approved by:	jrm
Security:	CVE-2018-11769
Security:	https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E
Differential Revision:	https://reviews.freebsd.org/D16820

Document issue in security/botan2

PR:		230666

Document Jenkins Security Advisory 2018-08-15

Sponsored by:	The FreeBSD Foundation

Document WPA unauthenticated encrypted EAPOL-Key data vunlerability.

Security:	CVE-2018-14526

Document the latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb18-25.html

Add an entry about multiple Samba vulnerabilities:

* CVE-2018-1139  (Weak authentication protocol allowed.)
* CVE-2018-1140  (Denial of Service Attack on DNS and LDAP server.)
* CVE-2018-10858 (Insufficient input validation on client directory
  listing in libsmbclient.)
* CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
* CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
  server.)

Security:	CVE-2018-1139
		CVE-2018-1140
		CVE-2018-10858
		CVE-2018-10918
		CVE-2018-10919
Sponsored by:	iXsystems Inc.

Document GraphicsMagick vulnerability

Document lang/chicken vulerabilities

Document www/gitea vulnerability, with the scarce details provided by Gitea

PR:		230512

Document mbed TLS Security Advisory 2018-02.

Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02

Add entry about postgresql vulnerabilites

security/vuxml: Document Oracle's Crititcal Patch Update

Add vulnerability information about apache-xml-security-c

Document FreeBSD-SA-18:08.tcp

security/py-cryptography: Add tag forgery vulnerability

PR:	226906

Document CVE-2018-14912 in devel/cgit before version 1.2.1

PR:		230360
Submitted by:	yasu@utahime.org

Documented vulnerability of copied security/rubygem-doorkeeper43.

Approved by:	mentors (implicit)

Fix a common grammar error: "can not" means the opposite of "cannot."

"Can not" means "it is possible not to," and "cannot" means "it is impossible
to."

Document rubygem-doorkeeper vulnerability

Document rubygem-sinatra vulnerability

Add new Mailman < 2.1.28 security issue.

https://bugs.launchpad.net/mailman/+bug/1780874
https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html

Security:	b4f0ad36-94a5-11e8-9007-080027ac955c
Security:	CVE-2018-13796

- Fix range for ja-mailman in CVE-2018-0618

document mantis issues

PR:		229880
Submitted by:	Nathan <ndowens.fbsd@yandex.com>

Fix version range of curl vulnerability

security/vuxml: document py-bleach issue

PR:		226851

security/vuxml: document lshell issues

PR:		215988
Submitted by:	Damien Fleuriot <dam@my.gd>

security/vuxml: document openjpeg issues

PR:		225805
Submitted by:	VK <vlad-fbsd@acheronmedia.com>

security/vuxml: Document ffmpeg issues

PR:		223626
Submitted by:	VK <vlad-fbsd@acheronmedia.com>

security/vuxml: document gimp issue

While here, fix entry date on curl entry

PR:		225636
Submitted by:	D. Ebdrup <debdrup@gmail.com>

Document new vulnerabilites in www/chromium < 68.0.3440.75

Obtained
from:	https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html

security/vuxml: Document curl issue

PR:		229752
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>

Documented vulnerabilities for gitlab-ce.

Approved by:	mentors (implicit)

- Document a graphics/vips buffer overflow.

https://github.com/jcupitt/libvips/releases/tag/v8.6.5

Document vulnerabilities for graphics/sixel 1.8.1

* CVE-2018-14072
* CVE-2018-14073

PR:	229975
Reported by:	sue@iwmt.org (maintainer)
Approved by:	tcberner (mentor)

- Exclude LibreSSL 2.6.5 from CVE-2018-0732 entry

PR:		229037
Sponsored by:	iXsystems Inc.

Remove linux expat packages from latest expat entry.  Red Hat has marked
these "will not fix" because of the low impact so there's no point in
nagging users about this.

https://access.redhat.com/security/cve/cve-2016-9063
https://access.redhat.com/security/cve/cve-2017-9233

security/vuxml: Add CVE details for VLC vulnerability

security/vuxml: document VLC vulnerability

security/vuxml: add mutt vulnerabilities

Include mutt vulnerabilities for mutt < 1.10.1

PR:	229810
Submitted by:	dereks@lifeofadishwasher.com
Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D16321

security/vuxml: fix typo

security/vuxml: document NeoMutt and Mutt vulnerabilities

Document gitlab < 11.0.4 vulnerability.

Reviewed by:	swills (mentor)
Approved by:	swills (mentor)
Differential Revision:	https://reviews.freebsd.org/D16317

Update CVE number of 20a1881e-8a9e-11e8-bddf-d017c2ca229d

Sponsored by:	The FreeBSD Foundation

Fix range of 20a1881e-8a9e-11e8-bddf-d017c2ca229d

Sponsored by:	The FreeBSD Foundation

Document Jenkins Security Advisory 2018-07-18

Sponsored by:	The FreeBSD Foundation

11 vulnerabilities affecting 107 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2018-10-15 12:29:44