From owner-freebsd-vuxml@FreeBSD.ORG Sun Sep 26 02:13:23 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 345D316A4CF for ; Sun, 26 Sep 2004 02:13:23 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 090D443D46 for ; Sun, 26 Sep 2004 02:13:23 +0000 (GMT) (envelope-from dan@langille.org) Received: from xeon (xeon.unixathome.org [192.168.0.18]) by bast.unixathome.org (Postfix) with ESMTP id 1D1753D37 for ; Sat, 25 Sep 2004 22:13:18 -0400 (EDT) Date: Sat, 25 Sep 2004 22:13:18 -0400 (EDT) From: Dan Langille X-X-Sender: dan@xeon.unixathome.org To: freebsd-vuxml@freebsd.org Message-ID: <20040925221034.T54484@xeon.unixathome.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: vuln refers to apache13 - no such package X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Sep 2004 02:13:23 -0000 Hi folks, Just looking at "ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93" which contains this: apache13 But, from what FreshPorts knows, there is no such package. These are the packages it knows: www/apache13-ssl | apache+ssl www/apache13-modssl+ipv6 | apache+mod_ssl+ipv6 www/apache13-modssl | apache+mod_ssl www/apache13-modperl | apache+mod_perl www/apache13+ipv6 | apache+ipv6 www/apache13 | apache www/apache-jserv | apache-jserv www/apache2 | apache www/apache-forrest | apache-forrest www/apache-contrib | apache-contrib net/apache-soap | apache-soap devel/apache-ant | apache-ant sysutils/apachetop | apachetop Should the vuln be changed? Is FreshPorts wrong? -- Dan Langille - http://www.langille.org/ BSDCan - The Technical BSD Conference: http://www.bsdcan.org/ From owner-freebsd-vuxml@FreeBSD.ORG Sun Sep 26 18:05:04 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6451B16A4CF for ; Sun, 26 Sep 2004 18:05:04 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07D4A43D49 for ; Sun, 26 Sep 2004 18:05:04 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 009B45487E; Sun, 26 Sep 2004 13:05:00 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 01197-10; Sun, 26 Sep 2004 13:04:48 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id ACB7B54861; Sun, 26 Sep 2004 13:04:48 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id D460F6D468; Sun, 26 Sep 2004 13:04:36 -0500 (CDT) Date: Sun, 26 Sep 2004 13:04:36 -0500 From: "Jacques A. Vidrine" To: Dan Langille Message-ID: <20040926180436.GA20112@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Dan Langille , freebsd-vuxml@freebsd.org References: <20040925221034.T54484@xeon.unixathome.org> <4155A7A2.15775.198F30A@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040925221034.T54484@xeon.unixathome.org> <4155A7A2.15775.198F30A@localhost> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-vuxml@freebsd.org Subject: vuxml corrections (was Re: FreshPorts :: VuXML - 6e740881-0cae-11d9-8a8a-000c41e2cdad) X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Sep 2004 18:05:04 -0000 Thanks for catching and reporting these, Dan! On Sat, Sep 25, 2004 at 05:15:14PM -0400, Dan Langille wrote: > Hi folks, > > I'm looking for additional pairs of eyes to verify that FreshPorts > has marked the correct commits for: > > 6e740881-0cae-11d9-8a8a-000c41e2cdad > > The FreshPorts pages to view are: > > > > Nothing affect by this vuln. It seems the affecte versions where > never put into our tree. Ranges are: > > 1.7.a,21.7 > 1.8.a,21.8.a2,2 > > Should that top one be 1.7,2 not 1.7? Yep! Corrected. > There are two packages with the name mozilla. In addition to the URL > listed above, see also: > > > > Nothing affecte there. We have only 1.4b-1.6a in the tree. Looks > good. I think I misunderstood something. We certainly have later versions, and the referenced page lists them, e.g. mozilla-1.8.a3,2. > > > The ranges are: 1.7.a1.7 > > Nothing marked at that URL either. > > Is this looking good or bad? Yep, that looks good! On Sat, Sep 25, 2004 at 10:13:18PM -0400, Dan Langille wrote: > Hi folks, > > Just looking at "ca6c8f35-0a5f-11d9-ad6f-00061bc2ad93" which contains > this: > > apache13 > > But, from what FreshPorts knows, there is no such package. These are the > packages it knows: > > www/apache13-ssl | apache+ssl > www/apache13-modssl+ipv6 | apache+mod_ssl+ipv6 > www/apache13-modssl | apache+mod_ssl > www/apache13-modperl | apache+mod_perl > www/apache13+ipv6 | apache+ipv6 > www/apache13 | apache > www/apache-jserv | apache-jserv > www/apache2 | apache > www/apache-forrest | apache-forrest > www/apache-contrib | apache-contrib > net/apache-soap | apache-soap > devel/apache-ant | apache-ant > sysutils/apachetop | apachetop > > Should the vuln be changed? Is FreshPorts wrong? You are correct, the element is wrong. Corrected. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org From owner-freebsd-vuxml@FreeBSD.ORG Sun Sep 26 23:34:55 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC56D16A4CE; Sun, 26 Sep 2004 23:34:55 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC10F43D31; Sun, 26 Sep 2004 23:34:55 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 286A73D37; Sun, 26 Sep 2004 19:34:50 -0400 (EDT) From: "Dan Langille" To: "Jacques A. Vidrine" Date: Sun, 26 Sep 2004 19:34:50 -0400 MIME-Version: 1.0 Message-ID: <415719DA.21902.73F1F41@localhost> Priority: normal In-reply-to: <20040926180436.GA20112@madman.celabo.org> References: <20040925221034.T54484@xeon.unixathome.org> <4155A7A2.15775.198F30A@localhost> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body cc: freebsd-vuxml@freebsd.org Subject: Re: vuxml corrections (was Re: FreshPorts :: VuXML - 6e740881-0cae-11d9-8a8a-000c41e2cdad) X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Sep 2004 23:34:56 -0000 On 26 Sep 2004 at 13:04, Jacques A. Vidrine wrote: > Thanks for catching and reporting these, Dan! I think we might be able to add VuXML sanity checking to FreshPorts if we can come up with some rules, or simple concepts. I'm only catching them because I'm looking closely at the results. > On Sat, Sep 25, 2004 at 05:15:14PM -0400, Dan Langille wrote: > > Hi folks, > > > > I'm looking for additional pairs of eyes to verify that FreshPorts > > has marked the correct commits for: > > > > 6e740881-0cae-11d9-8a8a-000c41e2cdad > > > > The FreshPorts pages to view are: > > > > > > > > Nothing affect by this vuln. It seems the affecte versions where > > never put into our tree. Ranges are: > > > > 1.7.a,21.7 > > 1.8.a,21.8.a2,2 > > > > Should that top one be 1.7,2 not 1.7? > > Yep! Corrected. Good. Then I'm beginning to get a handle on what ranges should be when an EPOCH is involved. > > There are two packages with the name mozilla. In addition to the URL > > listed above, see also: > > > > > > > > Nothing affecte there. We have only 1.4b-1.6a in the tree. Looks > > good. > > I think I misunderstood something. We certainly have later versions, > and the referenced page lists them, e.g. mozilla-1.8.a3,2. I don't know now. Perhaps I should run it again with just the one vuln in question. That's later this week. I have rerun the FreshPorts VuXML with the latest vuln.xml file. I will review the commits later in the week. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 02:59:54 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D34CF16A4CE for ; Tue, 28 Sep 2004 02:59:54 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD70E43D39 for ; Tue, 28 Sep 2004 02:59:54 +0000 (GMT) (envelope-from dan@langille.org) Received: from xeon (xeon.unixathome.org [192.168.0.18]) by bast.unixathome.org (Postfix) with ESMTP id 186BE3D37 for ; Mon, 27 Sep 2004 22:59:53 -0400 (EDT) Date: Mon, 27 Sep 2004 22:59:53 -0400 (EDT) From: Dan Langille X-X-Sender: dan@xeon.unixathome.org To: freebsd-vuxml@freebsd.org Message-ID: <20040927225836.L6886@xeon.unixathome.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: PHPNuke or phpnuke X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 02:59:54 -0000 Hi, In vuln 33ab4a47-bfc1-11d8-b00e-000347a4fa7d, the package name is PHPNuke. I think it should be lower case (as in 75770425-67a2-11d8-80e3-0020ed76ef5a). cheers -- Dan Langille - http://www.langille.org/ BSDCan - The Technical BSD Conference: http://www.bsdcan.org/ From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 03:13:29 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8927E16A4CE for ; Tue, 28 Sep 2004 03:13:29 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 57A0843D4C for ; Tue, 28 Sep 2004 03:13:29 +0000 (GMT) (envelope-from dan@langille.org) Received: from xeon (xeon.unixathome.org [192.168.0.18]) by bast.unixathome.org (Postfix) with ESMTP id D35153D37 for ; Mon, 27 Sep 2004 23:13:28 -0400 (EDT) Date: Mon, 27 Sep 2004 23:13:28 -0400 (EDT) From: Dan Langille X-X-Sender: dan@xeon.unixathome.org To: freebsd-vuxml@freebsd.org Message-ID: <20040927221759.N6886@xeon.unixathome.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: VuXML entries found in FreshPorts X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 03:13:29 -0000 The following URL lists the VuXML found in FreshPorts: http://beta.freshports.org/vuxml.php?list The first column is the name of the package and a link to the vuln listing at http://www.vuxml.org/. If there is more than one vuln, you get a list of the vulns. The second column is the number of vulns registered against that package. The third column is the link to the FreshPorts entry for this package. The totals at the bottom of the page include only those vulns that affect a package (i.e. OS-specific vulns are not recorded in FreshPorts). The next step in comparing vuln.xml against FreshPorts is to compare the above URL with http://www.vuxml.org/freebsd/index-pkg.html I have compared the two lists visually. I didn't find anything that would make me think FreshPorts isn't displaying everything correctly. A few random checks shows expected results (e.g. opera, netscape7, libxine). The more eyes that can check the results, the better. If you are familiar with a particular vulnerability, I would appreciate feedback regarding the accuracy. thanks. -- Dan Langille - http://www.langille.org/ BSDCan - The Technical BSD Conference: http://www.bsdcan.org/ From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 08:08:30 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1ECE616A4CE for ; Tue, 28 Sep 2004 08:08:30 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EAE443D54 for ; Tue, 28 Sep 2004 08:08:29 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1] (may be forged))i8S88OAA050259 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Sep 2004 09:08:24 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)i8S88OWi050258; Tue, 28 Sep 2004 09:08:24 +0100 (BST) (envelope-from matthew) Date: Tue, 28 Sep 2004 09:08:24 +0100 From: Matthew Seaman To: Dan Langille Message-ID: <20040928080824.GB76460@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Dan Langille , freebsd-vuxml@freebsd.org References: <20040927221759.N6886@xeon.unixathome.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="QTprm0S8XgL7H0Dt" Content-Disposition: inline In-Reply-To: <20040927221759.N6886@xeon.unixathome.org> User-Agent: Mutt/1.4.2.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (smtp.infracaninophile.co.uk [IPv6:::1]); Tue, 28 Sep 2004 09:08:25 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040904, clamav-milter version 0.75l on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-vuxml@freebsd.org Subject: Re: VuXML entries found in FreshPorts X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 08:08:30 -0000 --QTprm0S8XgL7H0Dt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 27, 2004 at 11:13:28PM -0400, Dan Langille wrote: > The following URL lists the VuXML found in FreshPorts: >=20 > http://beta.freshports.org/vuxml.php?list > The more eyes that can check the results, the better. If you are familiar > with a particular vulnerability, I would appreciate feedback regarding the > accuracy. Here's one that I have a particular interest in. Compare 0d4c31ac-cb91-11d8-8898-000d6111a684 cc0fb686-6550-11d8-80e3-0020ed76ef5a The first isn't registered in http://beta.freshports.org/databases/phpmyadmin/ correctly, but the second is. Difference is the capitalisation: phpmyadmin vs. phpMyAdmin: the port may be databases/phpmyadmin, but the LATEST_LINK and the package name use phpMyAdmin. I guess that should be fixed in the vuln.xml for 0d4c31ac-cb91-11d8-8898-000d6111a684. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --QTprm0S8XgL7H0Dt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBWRv4iD657aJF7eIRAqGWAJ4k0hB13jXGXjkGeYTVpwOz6qxb5gCff2hG sMNWtcZAWhiaz0icbqtH/Ig= =h8RB -----END PGP SIGNATURE----- --QTprm0S8XgL7H0Dt-- From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 11:20:41 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41A2216A4CE for ; Tue, 28 Sep 2004 11:20:41 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C9DA43D39 for ; Tue, 28 Sep 2004 11:20:41 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 6A7C13D37; Tue, 28 Sep 2004 07:20:37 -0400 (EDT) From: "Dan Langille" To: Matthew Seaman Date: Tue, 28 Sep 2004 07:20:37 -0400 MIME-Version: 1.0 Message-ID: <415910C5.15935.EEBA400@localhost> Priority: normal In-reply-to: <20040928080824.GB76460@happy-idiot-talk.infracaninophile.co.uk> References: <20040927221759.N6886@xeon.unixathome.org> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body cc: freebsd-vuxml@freebsd.org Subject: Re: VuXML entries found in FreshPorts X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 11:20:41 -0000 On 28 Sep 2004 at 9:08, Matthew Seaman wrote: > Difference is the capitalisation: phpmyadmin vs. phpMyAdmin: the port > may be databases/phpmyadmin, but the LATEST_LINK and the package name > use phpMyAdmin. I guess that should be fixed in the vuln.xml for > 0d4c31ac-cb91-11d8-8898-000d6111a684. Good catch. That is similar to the phpNuke issue I found last night. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 13:37:05 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00A3616A4CE for ; Tue, 28 Sep 2004 13:37:05 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id B1D2B43D3F for ; Tue, 28 Sep 2004 13:37:04 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 3448A5487E; Tue, 28 Sep 2004 08:37:04 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 19378-04; Tue, 28 Sep 2004 08:36:53 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id 7A79C54861; Tue, 28 Sep 2004 08:36:53 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 1F3316D466; Tue, 28 Sep 2004 08:36:40 -0500 (CDT) Date: Tue, 28 Sep 2004 08:36:40 -0500 From: "Jacques A. Vidrine" To: Matthew Seaman , freebsd-vuxml@freebsd.org Message-ID: <20040928133639.GA75508@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Matthew Seaman , freebsd-vuxml@freebsd.org References: <20040927221759.N6886@xeon.unixathome.org> <20040928080824.GB76460@happy-idiot-talk.infracaninophile.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040928080824.GB76460@happy-idiot-talk.infracaninophile.co.uk> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i Subject: Re: VuXML entries found in FreshPorts X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 13:37:05 -0000 On Tue, Sep 28, 2004 at 09:08:24AM +0100, Matthew Seaman wrote: > Difference is the capitalisation: phpmyadmin vs. phpMyAdmin: the port > may be databases/phpmyadmin, but the LATEST_LINK and the package name > use phpMyAdmin. I guess that should be fixed in the vuln.xml for > 0d4c31ac-cb91-11d8-8898-000d6111a684. Yes, you are right. Fixed. Thanks for catching! -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 15:05:59 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0FE6B16A4CE for ; Tue, 28 Sep 2004 15:05:59 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCD1C43D45 for ; Tue, 28 Sep 2004 15:05:58 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 526EC5487E; Tue, 28 Sep 2004 10:05:58 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 20127-05; Tue, 28 Sep 2004 10:05:47 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id CA4D054861; Tue, 28 Sep 2004 10:05:47 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 9DFDF6D46D; Tue, 28 Sep 2004 10:05:34 -0500 (CDT) Date: Tue, 28 Sep 2004 10:05:34 -0500 From: "Jacques A. Vidrine" To: Dan Langille Message-ID: <20040928150534.GC23453@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Dan Langille , freebsd-vuxml@freebsd.org References: <20040927225836.L6886@xeon.unixathome.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040927225836.L6886@xeon.unixathome.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-vuxml@freebsd.org Subject: Re: PHPNuke or phpnuke X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 15:05:59 -0000 On Mon, Sep 27, 2004 at 10:59:53PM -0400, Dan Langille wrote: > Hi, > > In vuln 33ab4a47-bfc1-11d8-b00e-000347a4fa7d, the package name is PHPNuke. > I think it should be lower case (as in > 75770425-67a2-11d8-80e3-0020ed76ef5a). Right-o, fixed! This is great, we need this kind of double-checking. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 21:59:43 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBAFE16A4CE; Tue, 28 Sep 2004 21:59:43 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4E4943D2F; Tue, 28 Sep 2004 21:59:43 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 0AC863D37; Tue, 28 Sep 2004 17:59:39 -0400 (EDT) From: "Dan Langille" To: "Jacques A. Vidrine" Date: Tue, 28 Sep 2004 17:59:39 -0400 MIME-Version: 1.0 Message-ID: <4159A68B.265.1134B3B2@localhost> Priority: normal In-reply-to: <20040928150534.GC23453@madman.celabo.org> References: <20040927225836.L6886@xeon.unixathome.org> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body cc: freebsd-vuxml@freebsd.org Subject: Re: PHPNuke or phpnuke X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 21:59:44 -0000 On 28 Sep 2004 at 10:05, Jacques A. Vidrine wrote: > On Mon, Sep 27, 2004 at 10:59:53PM -0400, Dan Langille wrote: > > Hi, > > > > In vuln 33ab4a47-bfc1-11d8-b00e-000347a4fa7d, the package name is PHPNuke. > > I think it should be lower case (as in > > 75770425-67a2-11d8-80e3-0020ed76ef5a). > > Right-o, fixed! > > This is great, we need this kind of double-checking. I'm not sure what type of sanity checking FreshProts can do here. Ideas are welcome. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 22:23:46 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C24CC16A4CE for ; Tue, 28 Sep 2004 22:23:46 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96BB543D1D for ; Tue, 28 Sep 2004 22:23:46 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 890633D37 for ; Tue, 28 Sep 2004 18:23:42 -0400 (EDT) From: "Dan Langille" To: freebsd-vuxml@freebsd.org Date: Tue, 28 Sep 2004 18:23:42 -0400 MIME-Version: 1.0 Message-ID: <4159AC2E.27531.114AB696@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: (Fwd) cvs commit: ports/security/vuxml vuln.xml X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 22:23:46 -0000 FWIW, between the other fixes and this one, the number of affected packages went from up by 40 to 395, and the number of vulns went up by 3 to 174. http://beta.freshports.org/vuxml.php?list and the rest of FreshPorts has been updated with the recent changes. The next step is to automate what I've been doing manually so that FreshPorts VuXML data is updated automagically with each vuxml.xml commit. ------- Forwarded message follows ------- From: Jacques Vidrine Date sent: Tue, 28 Sep 2004 18:02:03 +0000 (UTC) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/security/vuxml vuln.xml [ Double-click this line for list subscription options ] nectar 2004-09-28 18:02:03 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Make an initial attempt at covering all Mozilla/Firefox/Thunderbird package names that we've had. Similar changes need to be made to many other entries, but let's use this one as a test subject first. Approved by: portmgr Revision Changes Path 1.258 +37 -10 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" ------- End of forwarded message ------- -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 22:27:16 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D8ECD16A4CE for ; Tue, 28 Sep 2004 22:27:16 +0000 (GMT) Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6320C43D45 for ; Tue, 28 Sep 2004 22:27:16 +0000 (GMT) (envelope-from trhodes@FreeBSD.org) Received: from localhost (acs-24-154-239-170.zoominternet.net [24.154.239.170]) (authenticated bits=0) by pittgoth.com (8.12.10/8.12.10) with ESMTP id i8SMREex098818 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 28 Sep 2004 18:27:15 -0400 (EDT) (envelope-from trhodes@FreeBSD.org) Date: Tue, 28 Sep 2004 18:27:56 -0400 From: Tom Rhodes To: "Dan Langille" Message-Id: <20040928182756.5be693ef@localhost> In-Reply-To: <4159AC2E.27531.114AB696@localhost> References: <4159AC2E.27531.114AB696@localhost> X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-vuxml@FreeBSD.org Subject: Re: (Fwd) cvs commit: ports/security/vuxml vuln.xml X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 22:27:17 -0000 On Tue, 28 Sep 2004 18:23:42 -0400 "Dan Langille" wrote: > FWIW, between the other fixes and this one, the number of affected > packages went from up by 40 to 395, and the number of vulns went up > by 3 to 174. > > http://beta.freshports.org/vuxml.php?list and the rest of FreshPorts > has been updated with the recent changes. > > The next step is to automate what I've been doing manually so that > FreshPorts VuXML data is updated automagically with each vuxml.xml > commit. Is it just a script that updates when run or? -- Tom Rhodes From owner-freebsd-vuxml@FreeBSD.ORG Tue Sep 28 22:40:43 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A81716A4CF for ; Tue, 28 Sep 2004 22:40:43 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 084F043D39 for ; Tue, 28 Sep 2004 22:40:39 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id BB485548A1; Tue, 28 Sep 2004 17:40:20 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 24643-04; Tue, 28 Sep 2004 17:40:07 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id D9FDD54887; Tue, 28 Sep 2004 17:40:07 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id EC9F36D45F; Tue, 28 Sep 2004 17:39:54 -0500 (CDT) Date: Tue, 28 Sep 2004 17:39:54 -0500 From: "Jacques A. Vidrine" To: Dan Langille Message-ID: <20040928223954.GB18530@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Dan Langille , freebsd-vuxml@freebsd.org References: <4159AC2E.27531.114AB696@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4159AC2E.27531.114AB696@localhost> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-vuxml@freebsd.org Subject: Re: (Fwd) cvs commit: ports/security/vuxml vuln.xml X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 22:40:43 -0000 On Tue, Sep 28, 2004 at 06:23:42PM -0400, Dan Langille wrote: > FWIW, between the other fixes and this one, the number of affected > packages went from up by 40 to 395, and the number of vulns went up > by 3 to 174. OK good, that sounds like it had the desired affect, then! Based on some feedback from other folks, I suspect that there will be some other non-obvious packages that need to be marked as affected also (e.g. openoffice). I'll try to get to those tomorrow. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org From owner-freebsd-vuxml@FreeBSD.ORG Wed Sep 29 10:28:51 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C9C716A4CE; Wed, 29 Sep 2004 10:28:51 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53EF743D46; Wed, 29 Sep 2004 10:28:51 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 843143D39; Wed, 29 Sep 2004 06:28:50 -0400 (EDT) From: "Dan Langille" To: Tom Rhodes Date: Wed, 29 Sep 2004 06:28:50 -0400 MIME-Version: 1.0 Message-ID: <415A5622.28007.13E297A6@localhost> Priority: normal In-reply-to: <20040928182756.5be693ef@localhost> References: <4159AC2E.27531.114AB696@localhost> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body cc: freebsd-vuxml@FreeBSD.org Subject: Re: (Fwd) cvs commit: ports/security/vuxml vuln.xml X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2004 10:28:51 -0000 On 28 Sep 2004 at 18:27, Tom Rhodes wrote: > On Tue, 28 Sep 2004 18:23:42 -0400 > "Dan Langille" wrote: > > > FWIW, between the other fixes and this one, the number of affected > > packages went from up by 40 to 395, and the number of vulns went up > > by 3 to 174. > > > > http://beta.freshports.org/vuxml.php?list and the rest of FreshPorts > > has been updated with the recent changes. > > > > The next step is to automate what I've been doing manually so that > > FreshPorts VuXML data is updated automagically with each vuxml.xml > > commit. > > Is it just a script that updates when run or? Yes. It is a two stage process: # import the vulnerabilities perl process_vuxml.pl < ~/ports/security/vuxml/vuln.xml # mark the commits perl vuxml_mark_commits.pl -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/ From owner-freebsd-vuxml@FreeBSD.ORG Wed Sep 29 21:05:22 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A43016A4D0; Wed, 29 Sep 2004 21:05:22 +0000 (GMT) Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02F1A43D46; Wed, 29 Sep 2004 21:05:22 +0000 (GMT) (envelope-from trhodes@FreeBSD.org) Received: from localhost (acs-24-154-239-170.zoominternet.net [24.154.239.170]) (authenticated bits=0) by pittgoth.com (8.12.10/8.12.10) with ESMTP id i8TL5Kex005588 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 29 Sep 2004 17:05:21 -0400 (EDT) (envelope-from trhodes@FreeBSD.org) Date: Wed, 29 Sep 2004 17:06:02 -0400 From: Tom Rhodes To: "Dan Langille" Message-Id: <20040929170602.43a2738a@localhost> In-Reply-To: <415A5622.28007.13E297A6@localhost> References: <4159AC2E.27531.114AB696@localhost> <415A5622.28007.13E297A6@localhost> X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-vuxml@FreeBSD.org cc: Tom Rhodes Subject: Re: (Fwd) cvs commit: ports/security/vuxml vuln.xml X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2004 21:05:22 -0000 On Wed, 29 Sep 2004 06:28:50 -0400 "Dan Langille" wrote: > On 28 Sep 2004 at 18:27, Tom Rhodes wrote: > > > On Tue, 28 Sep 2004 18:23:42 -0400 > > "Dan Langille" wrote: > > > > > FWIW, between the other fixes and this one, the number of affected > > > packages went from up by 40 to 395, and the number of vulns went up > > > by 3 to 174. > > > > > > http://beta.freshports.org/vuxml.php?list and the rest of FreshPorts > > > has been updated with the recent changes. > > > > > > The next step is to automate what I've been doing manually so that > > > FreshPorts VuXML data is updated automagically with each vuxml.xml > > > commit. > > > > Is it just a script that updates when run or? > > Yes. It is a two stage process: > > # import the vulnerabilities > perl process_vuxml.pl < ~/ports/security/vuxml/vuln.xml > > # mark the commits > perl vuxml_mark_commits.pl Oh, then just drop it into cron(8). :) -- Tom Rhodes From owner-freebsd-vuxml@FreeBSD.ORG Thu Sep 30 10:35:41 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68AE316A4CE; Thu, 30 Sep 2004 10:35:41 +0000 (GMT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39CC343D45; Thu, 30 Sep 2004 10:35:41 +0000 (GMT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 618873D37; Thu, 30 Sep 2004 06:35:40 -0400 (EDT) From: "Dan Langille" To: Tom Rhodes Date: Thu, 30 Sep 2004 06:35:40 -0400 MIME-Version: 1.0 Message-ID: <415BA93C.28930.190F364F@localhost> Priority: normal In-reply-to: <20040929170602.43a2738a@localhost> References: <415A5622.28007.13E297A6@localhost> X-mailer: Pegasus Mail for Windows (v4.12a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body cc: freebsd-vuxml@FreeBSD.org cc: Tom Rhodes Subject: Re: (Fwd) cvs commit: ports/security/vuxml vuln.xml X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Sep 2004 10:35:41 -0000 On 29 Sep 2004 at 17:06, Tom Rhodes wrote: > On Wed, 29 Sep 2004 06:28:50 -0400 > "Dan Langille" wrote: > > > On 28 Sep 2004 at 18:27, Tom Rhodes wrote: > > > > > On Tue, 28 Sep 2004 18:23:42 -0400 > > > "Dan Langille" wrote: > > > > > > > FWIW, between the other fixes and this one, the number of affected > > > > packages went from up by 40 to 395, and the number of vulns went up > > > > by 3 to 174. > > > > > > > > http://beta.freshports.org/vuxml.php?list and the rest of FreshPorts > > > > has been updated with the recent changes. > > > > > > > > The next step is to automate what I've been doing manually so that > > > > FreshPorts VuXML data is updated automagically with each vuxml.xml > > > > commit. > > > > > > Is it just a script that updates when run or? > > > > Yes. It is a two stage process: > > > > # import the vulnerabilities > > perl process_vuxml.pl < ~/ports/security/vuxml/vuln.xml > > > > # mark the commits > > perl vuxml_mark_commits.pl > > Oh, then just drop it into cron(8). :) Close! I need to conver both into packages, and call them from a single script with transaction control. Then invoke that script when a commit against vuxml.xml is found. -- Dan Langille : http://www.langille.org/ BSDCan - The Technical BSD Conference - http://www.bsdcan.org/