From owner-cvs-all@FreeBSD.ORG  Mon Sep  5 00:01:41 2011
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id 31ACC106566B;
	Mon,  5 Sep 2011 00:01:41 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from 172-17-198-245.globalsuite.net (hub.freebsd.org
	[IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id CF6BE15124C;
	Mon,  5 Sep 2011 00:01:39 +0000 (UTC)
Message-ID: <4E641162.2000602@FreeBSD.org>
Date: Sun, 04 Sep 2011 17:01:38 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:6.0.1) Gecko/20110901 Thunderbird/6.0.1
MIME-Version: 1.0
To: Chris Rees <crees@freebsd.org>
References: <201109042015.p84KFqOR005039@repoman.freebsd.org>
	<CADLo83_poDk0J2Sfk3dE8WvU8e3J47fewVhTtzLp2DznqEYxeA@mail.gmail.com>
In-Reply-To: <CADLo83_poDk0J2Sfk3dE8WvU8e3J47fewVhTtzLp2DznqEYxeA@mail.gmail.com>
X-Enigmail-Version: undefined
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: cvs-ports@freebsd.org, secteam@freebsd.org, cvs-all@freebsd.org,
	ports-committers@freebsd.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Sep 2011 00:01:41 -0000

On 09/04/2011 13:44, Chris Rees wrote:
> On 4 September 2011 21:15, Chris Rees <crees@freebsd.org> wrote:
>> crees       2011-09-04 20:15:52 UTC
>>
>>  FreeBSD ports repository
>>
>>  Modified files:
>>    security/vuxml       vuln.xml
>>  Log:
>>  - Document cfs buffer overflow vulnerability.
>>  - While here, unbreak packaudit -- it doesn't like newlines in the
>>    middle of tags.  Perhaps a comment should say something?
> 
> Actually, that's a bad long-term solution. The real solution would be
> to fix portaudit's XML parser.
> 
> secteam, would you like me to have a go at it, or shall I let you
> investigate since you know the code?

Please just go for it. secteam@ hasn't been very responsive of late.

Will this fix the problem of new auditfile generation? The current one
is from the 1st and there have been several changes since then.

While you're at it, a feature request (although this is probably in a
different part of the code). It would be nice if the individual HTML
pages, such as
http://portaudit.freebsd.org/b7b03bab-c296-11d8-bfb2-000bdb1444a4.html
had a link back to the main page, http://portaudit.freebsd.org/.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/