Date: Mon, 25 Jan 2021 17:16:21 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r562587 - in head/security/vuxml: . files Message-ID: <202101251716.10PHGLXn022084@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bapt Date: Mon Jan 25 17:16:21 2021 New Revision: 562587 URL: https://svnweb.freebsd.org/changeset/ports/562587 Log: Rework vuxml a bit to make them validable again modify tidy.xsl to make it generates manually the xml declaration xsl is not able to generate a list of entity otherwise. Remove copyright form included files, they are redudundant anyway and in the end only the vuln.xml file is distribued with entities expanded Rework a bit the entity declaration in order for the document to look great after expansion (as it did before we introduced the expansion mechanism) All validation are now processed direcly on the flattened file. This is based on a patch from mfechner here Submitted by: mfechner Differential Revision: https://reviews.freebsd.org/D28299 Modified: head/security/vuxml/Makefile head/security/vuxml/files/tidy.xsl head/security/vuxml/vuln-2003.xml (contents, props changed) head/security/vuxml/vuln-2004.xml (contents, props changed) head/security/vuxml/vuln-2005.xml (contents, props changed) head/security/vuxml/vuln-2006.xml (contents, props changed) head/security/vuxml/vuln-2007.xml (contents, props changed) head/security/vuxml/vuln-2008.xml (contents, props changed) head/security/vuxml/vuln-2009.xml (contents, props changed) head/security/vuxml/vuln-2010.xml (contents, props changed) head/security/vuxml/vuln-2011.xml (contents, props changed) head/security/vuxml/vuln-2012.xml (contents, props changed) head/security/vuxml/vuln-2013.xml (contents, props changed) head/security/vuxml/vuln-2014.xml (contents, props changed) head/security/vuxml/vuln-2015.xml (contents, props changed) head/security/vuxml/vuln-2016.xml (contents, props changed) head/security/vuxml/vuln-2017.xml (contents, props changed) head/security/vuxml/vuln-2018.xml (contents, props changed) head/security/vuxml/vuln-2019.xml (contents, props changed) Modified: head/security/vuxml/Makefile ============================================================================== --- head/security/vuxml/Makefile Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/Makefile Mon Jan 25 17:16:21 2021 (r562587) @@ -31,7 +31,12 @@ WRKSRC= ${WRKDIR} dir_DTD= share/xml/dtd/vuxml VUXML_FILE?= ${PKGDIR}/vuln.xml +VUXML_FLAT_FILE?= ${PKGDIR}/vuln-flat.xml +post-clean: + @${RM} "${VUXML_FILE}.tidy" + @${RM} "${VUXML_FLAT_FILE}" + do-extract: @${RM} -r ${WRKDIR} @${MKDIR} ${WRKDIR} @@ -54,9 +59,9 @@ vuln-flat.xml: vuln.xml xmllint -noent ${.ALLSRC} > ${.TARGET} validate: tidy - @${SH} ${FILESDIR}/validate.sh "${VUXML_FILE}" + @${SH} ${FILESDIR}/validate.sh "${VUXML_FLAT_FILE}" @${ECHO_MSG} Checking if tidy differs... - @if ${DIFF} -u "${VUXML_FILE}" "${VUXML_FILE}.tidy"; \ + @if ${DIFF} -u "${VUXML_FLAT_FILE}" "${VUXML_FILE}.tidy"; \ then \ ${ECHO_MSG} ... seems okay; \ ${RM} "${VUXML_FILE}.tidy"; \ @@ -64,8 +69,8 @@ validate: tidy return 1; \ fi @${ECHO_MSG} Checking for space/tab... - @unexpand "${VUXML_FILE}" | ${SED} -E 's,[[:space:]]*$$,,g' > "${VUXML_FILE}.unexpanded" - @if ${DIFF} -u "${VUXML_FILE}" "${VUXML_FILE}.unexpanded"; \ + @unexpand "${VUXML_FLAT_FILE}" | ${SED} -E 's,[[:space:]]*$$,,g' > "${VUXML_FILE}.unexpanded" + @if ${DIFF} -u "${VUXML_FLAT_FILE}" "${VUXML_FILE}.unexpanded"; \ then \ ${ECHO_MSG} ... seems okay; \ ${RM} "${VUXML_FILE}.unexpanded"; \ @@ -74,15 +79,15 @@ validate: tidy ${ECHO_CMD} Consider using ${VUXML_FILE}.unexpanded for final commit; \ return 1; \ fi - ${PYTHON_CMD} ${FILESDIR}/extra-validation.py ${VUXML_FILE} + ${PYTHON_CMD} ${FILESDIR}/extra-validation.py ${VUXML_FLAT_FILE} -tidy: vuln.xml +tidy: vuln-flat.xml @if [ ! -e ${LOCALBASE}/share/xml/dtd/vuxml/catalog.xml ]; \ then \ echo "Please install the VuXML port prior to running make validate/tidy."; \ exit 1; \ fi - ${SH} ${FILESDIR}/tidy.sh "${FILESDIR}/tidy.xsl" "${VUXML_FILE}" > "${VUXML_FILE}.tidy" + ${SH} ${FILESDIR}/tidy.sh "${FILESDIR}/tidy.xsl" "${VUXML_FLAT_FILE}" > "${VUXML_FILE}.tidy" newentry: @${SH} ${FILESDIR}/newentry.sh "${VUXML_FILE}" Modified: head/security/vuxml/files/tidy.xsl ============================================================================== --- head/security/vuxml/files/tidy.xsl Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/files/tidy.xsl Mon Jan 25 17:16:21 2021 (r562587) @@ -12,8 +12,7 @@ <xsl:output method="xml" encoding="utf-8" - doctype-system="http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd" - doctype-public="-//vuxml.org//DTD VuXML 1.1//EN" + omit-xml-declaration="yes" indent="yes" /> @@ -24,6 +23,27 @@ result in more namespace declarations than we wish. --> <xsl:template match="/"> + <xsl:text disable-output-escaping="yes"><![CDATA[<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd" [ +<!ENTITY vuln-2003 SYSTEM "vuln-2003.xml"> +<!ENTITY vuln-2004 SYSTEM "vuln-2004.xml"> +<!ENTITY vuln-2005 SYSTEM "vuln-2005.xml"> +<!ENTITY vuln-2006 SYSTEM "vuln-2006.xml"> +<!ENTITY vuln-2007 SYSTEM "vuln-2007.xml"> +<!ENTITY vuln-2008 SYSTEM "vuln-2008.xml"> +<!ENTITY vuln-2009 SYSTEM "vuln-2009.xml"> +<!ENTITY vuln-2010 SYSTEM "vuln-2010.xml"> +<!ENTITY vuln-2011 SYSTEM "vuln-2011.xml"> +<!ENTITY vuln-2012 SYSTEM "vuln-2012.xml"> +<!ENTITY vuln-2013 SYSTEM "vuln-2013.xml"> +<!ENTITY vuln-2014 SYSTEM "vuln-2014.xml"> +<!ENTITY vuln-2015 SYSTEM "vuln-2015.xml"> +<!ENTITY vuln-2016 SYSTEM "vuln-2016.xml"> +<!ENTITY vuln-2017 SYSTEM "vuln-2017.xml"> +<!ENTITY vuln-2018 SYSTEM "vuln-2018.xml"> +<!ENTITY vuln-2019 SYSTEM "vuln-2019.xml"> +]> +]]></xsl:text> <xsl:apply-templates /> </xsl:template> @@ -54,6 +74,7 @@ don't have <modified>). Insert an empty line between <xsl:text disable-output-escaping="yes"> </xsl:text> </xsl:for-each> </xsl:element> +<xsl:text> </xsl:text> </xsl:template> <!-- Modified: head/security/vuxml/vuln-2003.xml ============================================================================== --- head/security/vuxml/vuln-2003.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2003.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="81313647-2d03-11d8-9355-0020ed76ef5a"> <topic>ElGamal sign+encrypt keys created by GnuPG can be compromised</topic> <affects> Modified: head/security/vuxml/vuln-2004.xml ============================================================================== --- head/security/vuxml/vuln-2004.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2004.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="9168253c-5a6d-11d9-a9e7-0001020eed82"> <topic>a2ps -- insecure temporary file creation</topic> <affects> Modified: head/security/vuxml/vuln-2005.xml ============================================================================== --- head/security/vuxml/vuln-2005.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2005.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="8db2f8b2-9e12-11ea-9e83-0cc47ac16c9d"> <topic>qmail -- 64 bit integer overflows with possible remote code execution on large SMTP requests</topic> <affects> Modified: head/security/vuxml/vuln-2006.xml ============================================================================== --- head/security/vuxml/vuln-2006.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2006.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="f4ff7434-9505-11db-9ddc-0011098b2f36"> <topic>plone -- user can masquerade as a group</topic> <affects> Modified: head/security/vuxml/vuln-2007.xml ============================================================================== --- head/security/vuxml/vuln-2007.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2007.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="cf484358-b5d6-11dc-8de0-001c2514716c"> <topic>dovecot -- Specific LDAP + auth cache configuration may mix up user logins</topic> <affects> Modified: head/security/vuxml/vuln-2008.xml ============================================================================== --- head/security/vuxml/vuln-2008.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2008.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="214e8e07-d369-11dd-b800-001b77d09812"> <topic>vinagre -- format string vulnerability</topic> <affects> Modified: head/security/vuxml/vuln-2009.xml ============================================================================== --- head/security/vuxml/vuln-2009.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2009.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="751823d4-f189-11de-9344-00248c9b4be7"> <topic>drupal -- multiple cross-site scripting</topic> <affects> Modified: head/security/vuxml/vuln-2010.xml ============================================================================== --- head/security/vuxml/vuln-2010.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2010.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="06a12e26-142e-11e0-bea2-0015f2db7bde"> <topic>webkit-gtk2 -- Multiple vulnerabilities</topic> <affects> Modified: head/security/vuxml/vuln-2011.xml ============================================================================== --- head/security/vuxml/vuln-2011.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2011.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="810df820-3664-11e1-8fe3-00215c6a37bb"> <topic>WordPress -- cross site scripting vulnerability</topic> <affects> Modified: head/security/vuxml/vuln-2012.xml ============================================================================== --- head/security/vuxml/vuln-2012.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2012.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="101f0aae-52d1-11e2-87fe-f4ce46b9ace8"> <topic>puppet -- multiple vulnerabilities</topic> <affects> Modified: head/security/vuxml/vuln-2013.xml ============================================================================== --- head/security/vuxml/vuln-2013.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2013.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="3e33a0bb-6b2f-11e3-b042-20cf30e32f6d"> <topic>OpenX -- SQL injection vulnerability</topic> <affects> Modified: head/security/vuxml/vuln-2014.xml ============================================================================== --- head/security/vuxml/vuln-2014.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2014.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="c3d43001-8064-11e4-801f-0022156e8794"> <topic>mutt -- denial of service via crafted mail message</topic> <affects> Modified: head/security/vuxml/vuln-2015.xml ============================================================================== --- head/security/vuxml/vuln-2015.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2015.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="4b3a7e70-afce-11e5-b864-14dae9d210b8"> <topic>mono -- DoS and code execution</topic> <affects> Modified: head/security/vuxml/vuln-2016.xml ============================================================================== --- head/security/vuxml/vuln-2016.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2016.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="d0b12952-cb86-11e6-906f-0cc47a065786"> <topic>h2o -- Use-after-free vulnerability</topic> <affects> Modified: head/security/vuxml/vuln-2017.xml ============================================================================== --- head/security/vuxml/vuln-2017.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2017.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="cebd05d6-ed7b-11e7-95f2-005056925db4"> <topic>OTRS -- Multiple vulnerabilities</topic> <affects> Modified: head/security/vuxml/vuln-2018.xml ============================================================================== --- head/security/vuxml/vuln-2018.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2018.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="29d34524-0542-11e9-a444-080027fee39c"> <topic>gitea -- privilege escalation, XSS</topic> <affects> Modified: head/security/vuxml/vuln-2019.xml ============================================================================== --- head/security/vuxml/vuln-2019.xml Mon Jan 25 17:16:14 2021 (r562586) +++ head/security/vuxml/vuln-2019.xml Mon Jan 25 17:16:21 2021 (r562587) @@ -1,34 +1,3 @@ -<!-- -Copyright 2003-2021 Jacques Vidrine and contributors - -Redistribution and use in source (VuXML) and 'compiled' forms (SGML, -HTML, PDF, PostScript, RTF and so forth) with or without modification, -are permitted provided that the following conditions are met: -1. Redistributions of source code (VuXML) must retain the above - copyright notice, this list of conditions and the following - disclaimer as the first lines of this file unmodified. -2. Redistributions in compiled form (transformed to other DTDs, - published online in any format, converted to PDF, PostScript, - RTF and other formats) must reproduce the above copyright - notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - -THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, -OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT -OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - $FreeBSD$ ---> - <vuln vid="66e4dc99-28b3-11ea-8dde-08002728f74c"> <topic>rack -- information leak / session hijack vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202101251716.10PHGLXn022084>