From owner-cvs-ports@FreeBSD.ORG  Thu Dec 14 13:57:49 2006
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
X-Original-To: cvs-ports@freebsd.org
Delivered-To: cvs-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6006F16A415;
	Thu, 14 Dec 2006 13:57:49 +0000 (UTC)
	(envelope-from remko@redqueen.evilcoder-services.org)
Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7E9B743CE7;
	Thu, 14 Dec 2006 13:54:17 +0000 (GMT)
	(envelope-from remko@redqueen.evilcoder-services.org)
Received: from localhost (caelis.elvandar.org [217.148.169.59])
	by caelis.elvandar.org (Postfix) with ESMTP id 6DC4C92FE52;
	Thu, 14 Dec 2006 13:25:35 +0100 (CET)
Received: from caelis.elvandar.org ([217.148.169.59])
	by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new,
	port 10024)
	with ESMTP id 63983-01; Thu, 14 Dec 2006 13:25:24 +0100 (CET)
Received: from redqueen.evilcoder-services.org (caelis.elvandar.org
	[217.148.169.59])
	by caelis.elvandar.org (Postfix) with ESMTP id A7CC992FE21;
	Thu, 14 Dec 2006 13:25:24 +0100 (CET)
Received: by redqueen.evilcoder-services.org (Postfix, from userid 1001)
	id BFCA1658C; Thu, 14 Dec 2006 08:14:39 +0100 (CET)
Date: Thu, 14 Dec 2006 08:14:39 +0100
From: Remko Lodder <remko@elvandar.org>
To: Martin Wilke <miwi@FreeBSD.org>
Message-ID: <20061214071439.GC27554@elvandar.org>
References: <200612132256.kBDMuVVf084024@repoman.freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200612132256.kBDMuVVf084024@repoman.freebsd.org>
User-Agent: Mutt/1.5.13 (2006-08-11)
X-Virus-Scanned: Maia Mailguard 1.0.1 at elvandar.org
Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2006 13:57:49 -0000

On Wed, Dec 13, 2006 at 10:56:31PM +0000, Martin Wilke wrote:
> miwi        2006-12-13 22:56:31 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   tDiary - Injection Vulnerability
>   
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">
> | +	  <p>A eRuby injection vulnerability has been discovered in tDiary.</p>
> | +      </body>
> | +    </description>

Hello Martin,

      Just being the bad secteam member ;-) Can you tell me what the injection
      vulnerability is? If people read this, they dont have any clue whatsoever
      whether thies applies to their situation or not and what the risk actually
      is.

      This is one of the biggest problems since adding VuXML entries will take
      up more time when people need to investigate the issue prior to adding
      them to the vuln.xml db, but I think (my personal opinion) that this is
      required since the above text tells us nothing.

      Apart from that: Thank you very much for working on the VuXML entries!
      We (secteam) really appriciate it!

      Cheers,
      remko

-- 
Kind regards,

     Remko Lodder               ** remko@elvandar.org
     FreeBSD                    ** remko@FreeBSD.org

     /* Quis custodiet ipsos custodes */