From owner-freebsd-vuxml@FreeBSD.ORG  Tue Sep 28 03:13:29 2004
Return-Path: <owner-freebsd-vuxml@FreeBSD.ORG>
Delivered-To: freebsd-vuxml@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8927E16A4CE
	for <freebsd-vuxml@freebsd.org>; Tue, 28 Sep 2004 03:13:29 +0000 (GMT)
Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 57A0843D4C
	for <freebsd-vuxml@freebsd.org>; Tue, 28 Sep 2004 03:13:29 +0000 (GMT)
	(envelope-from dan@langille.org)
Received: from xeon (xeon.unixathome.org [192.168.0.18])
	by bast.unixathome.org (Postfix) with ESMTP id D35153D37
	for <freebsd-vuxml@freebsd.org>; Mon, 27 Sep 2004 23:13:28 -0400 (EDT)
Date: Mon, 27 Sep 2004 23:13:28 -0400 (EDT)
From: Dan Langille <dan@langille.org>
X-X-Sender: dan@xeon.unixathome.org
To: freebsd-vuxml@freebsd.org
Message-ID: <20040927221759.N6886@xeon.unixathome.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: VuXML entries found in FreshPorts
X-BeenThere: freebsd-vuxml@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Documenting security issues in VuXML <freebsd-vuxml.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-vuxml>
List-Post: <mailto:freebsd-vuxml@freebsd.org>
List-Help: <mailto:freebsd-vuxml-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml>,
	<mailto:freebsd-vuxml-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Sep 2004 03:13:29 -0000

The following URL lists the VuXML found in FreshPorts:

   http://beta.freshports.org/vuxml.php?list

The first column is the name of the package and a link to the
vuln listing at http://www.vuxml.org/.  If there is more than one
vuln, you get a list of the vulns.

The second column is the number of vulns registered against that
package.

The third column is the link to the FreshPorts entry for this package.

The totals at the bottom of the page include only those vulns that affect
a package (i.e. OS-specific vulns are not recorded in FreshPorts).

The next step in comparing vuln.xml against FreshPorts is to compare the
above URL with http://www.vuxml.org/freebsd/index-pkg.html

I have compared the two lists visually.  I didn't find anything that would
make me think FreshPorts isn't displaying everything correctly.

A few random checks shows expected results (e.g. opera, netscape7,
libxine).

The more eyes that can check the results, the better.  If you are familiar
with a particular vulnerability, I would appreciate feedback regarding the
accuracy.

thanks.

-- 
Dan Langille - http://www.langille.org/
BSDCan - The Technical BSD Conference: http://www.bsdcan.org/