From owner-freebsd-vuxml@FreeBSD.ORG Thu Jul 26 09:18:53 2007 Return-Path: Delivered-To: Freebsd-vuxml@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4876716A417 for ; Thu, 26 Jul 2007 09:18:53 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.187.76.162]) by mx1.freebsd.org (Postfix) with ESMTP id 7A27313C442 for ; Thu, 26 Jul 2007 09:18:52 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.1/8.14.1) with ESMTP id l6Q8i2Tr047025; Thu, 26 Jul 2007 09:44:04 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Authentication-Results: smtp.infracaninophile.co.uk from=m.seaman@infracaninophile.co.uk; sender-id=permerror; spf=permerror X-SenderID: Sendmail Sender-ID Filter v0.2.14 smtp.infracaninophile.co.uk l6Q8i2Tr047025 Message-ID: <46A85ED2.7090407@infracaninophile.co.uk> Date: Thu, 26 Jul 2007 09:44:02 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.5 (X11/20070721) MIME-Version: 1.0 To: "Phillip N." References: <1185374634.19856@negro.transtel.cl> In-Reply-To: <1185374634.19856@negro.transtel.cl> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Thu, 26 Jul 2007 09:44:14 +0100 (BST) X-Virus-Scanned: ClamAV 0.91.1/3775/Thu Jul 26 06:56:02 2007 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00, DKIM_POLICY_SIGNSOME,DKIM_POLICY_TESTING,DK_POLICY_SIGNSOME,NO_RELAYS autolearn=ham version=3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on happy-idiot-talk.infracaninophile.co.uk Cc: Freebsd-vuxml@freebsd.org Subject: Re: ports/114906: [PATCH] update net/asterisk to 1.4.9 X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2007 09:18:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Phillip N. wrote: > The motivation of the update is this: > http://ftp.digium.com/pub/asa/ASA-2007-018.pdf > "Exhaustion vulnerability in IAX2 channel driver" > > the vulxml contains two thing i cannot figure out. > These are: > - vid (how is the id generated?) is the VuXML ID -- it's a unique tag per entry that can be used in eg. URLs. See uuidgen(1) for how to generate one. > - bid (what is it?) stands for 'Bugtraq ID' -- it's the reference number used on this site to identify the issue: http://www.securityfocus.com/ There are a number of other security related web sites that the VuXML markup caters for, as well as arbitrary URLs. None of them are compulsory to have in a section, but all relevant references should be provided. See Jaques Vidrine's presentation for more info -- at http://www.vuxml.org/files/VuXML_BSDCan.pdf Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGqF7S8Mjk52CukIwRCGSXAKCLdPGQYx+iCFrs+KfJzGE+PI7/6gCdHKDR Zia7H/D3lnaiDr2D3BbGvUM= =7EqW -----END PGP SIGNATURE-----