Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Oct 2006 11:35:18 +0200
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        Andrew Pantyukhin <sat@FreeBSD.org>
Cc:        cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject:   Re: cvs commit: ports/security/vuxml vuln.xml
Message-ID:  <20061007093518.GF982@zaphod.nitro.dk>
In-Reply-To: <200610051630.k95GUqZ6037048@repoman.freebsd.org>
References:  <200610051630.k95GUqZ6037048@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2006.10.05 16:30:52 +0000, Andrew Pantyukhin wrote:
> sat         2006-10-05 16:30:52 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   - Document buffer overflow vulnerabilities in tin
>   
>   Revision  Changes    Path
>   1.1172    +32 -1     ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1171&r2=1.1172
[...]
> | +  <vuln vid="19a92df1-548d-11db-8f1a-000a48049292">
> | +    <topic>tin -- buffer overflow vulnerabilities</topic>
> | +    <affects>
> | +      <package>
> | +	<name>tin</name>
> | +	<range><lt>1.8.2</lt></range>
> | +      </package>
> | +    </affects>
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">;
> | +	<blockquote cite="ftp://ftp.tin.org/pub/news/clients/tin/stable/CHANGES">;
> | +	  <p>Urs Janssen and Aleksey Salow report possible buffer
> | +	    overflows in tin versions 1.8.0 and 1.8.1.</p>
> | +	</blockquote>
> | +	<blockquote cite="http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.005-tin.html">;
> | +	  <p>OpenPKG project elaborates there is an allocation
> | +	    off-by-one bug in version 1.8.0 which can lead to a buffer
> | +	    overflow.</p>
> | +	</blockquote>

Text should only be inside blockquotes if it is really direct quotes.
If you written the text yourself you should just stick the references
in the references section - you don't need to use explicit references
in the body.

See also earlier entries for how it has been done in the past (in
particular in entries by nectar, remko or me).

-- 
Simon L. Nielsen

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061007093518.GF982>