Date: Tue, 22 Feb 2005 13:54:41 -0600 From: Jacques Vidrine <nectar@FreeBSD.org> To: freebsd-vuxml@FreeBSD.org Subject: [Fwd: cvs commit: ports/security/vuxml vuln.xml] Message-ID: <421B8E01.6060006@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
> -------- Original Message -------- > Subject: cvs commit: ports/security/vuxml vuln.xml > Date: Tue, 22 Feb 2005 19:27:32 +0000 (UTC) > From: Jacques Vidrine <nectar@FreeBSD.org> > To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org > > nectar 2005-02-22 19:27:32 UTC [...] > Corrections: > - An invalid UUID was assigned to a FreeRADIUS vulnerability, and went > undetected since last October. (>_<) Correct it. Hi, This is an interesting, if unfortunate, situation. If you are the author of a web site or application that processes VuXML, you should probably be aware of this specific issue. An entry was created with an invalid `vid' attribute. The vid is supposed to be a UUID (see [1] [2]). Unfortunately, this entry apparently suffered mutilation during cut-n-paste: the last character was dropped. I corrected the error by restoring the last character. I know what that character was "supposed to be" by looking at other entries made by the same committer. (^_^) But since the vid is used as a "key" for entries, VuXML parsing applications may need to take special action to purge the old identifier (20dfd134-1d39-11d9-9be9-000c6e8f12e) from their files/databases. Normally when an entry is in error, we can just "cancel" it, but in this case that isn't possible: even a cancellation refers to the vid. If you have any questions about this, please let me know! Oh, I don't expect a repeat in the future. I'm checking for this kind of mistake now, and fairly frequently. I will likely later add a port to "lint" VuXML files, also. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org [1] http://www.opengroup.org/onlinepubs/9629399/apdxa.htm [2] http://www.freebsd.org/cgi/man.cgi?query=uuidgen&sektion=2
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?421B8E01.6060006>