1 | This is the top-level tag of a VuXML entry. It has a mandatory attribute, vid , specifying a universally unique identifier (UUID) for this entry (in quotes). Generate a UUID for each new VuXML entry (and do not forget to substitute it for the template UUID unless writing the entry from scratch). use uuidgen(1) to generate a VuXML UUID. |
2 | This is a one-line description of the issue found. |
3 | The names of packages affected are listed there. Multiple names can be given since several packages may be based on a single master port or software product. This may include stable and development branches, localized versions, and slave ports featuring different choices of important build-time configuration options. |
4 | Affected versions of the package(s) are specified there as one or more ranges using a combination of <lt> , <le> , <eq> , <ge> , and <gt> elements. Check that the version ranges given do not overlap. In a range specification, * (asterisk) denotes the smallest version number. In particular, 2.* is less than 2.a . Therefore an asterisk may be used for a range to match all possible alpha , beta , and RC versions. For instance, <ge>2.</ge><lt>3.</lt> will selectively match every 2.x version while <ge>2.0</ge><lt>3.0</lt> will not since the latter misses 2.r3 and matches 3.b . The above example specifies that affected are versions 1.6 and up to but not including 1.9 , versions 2.x before 2.4_1 , and version 3.0b1 . |
5 | Several related package groups (essentially, ports) can be listed in the <affected> section. This can be used if several software products (say FooBar, FreeBar and OpenBar) grow from the same code base and still share its bugs and vulnerabilities. Note the difference from listing multiple names within a single <package> section. |
6 | The version ranges have to allow for PORTEPOCH and PORTREVISION if applicable. Please remember that according to the collation rules, a version with a non-zero PORTEPOCH is greater than any version without PORTEPOCH , for example, 3.0,1 is greater than 3.1 or even than 8.9 . |
7 | This is a summary of the issue. XHTML is used in this field. At least enclosing <p> and </p> has to appear. More complex mark-up may be used, but only for the sake of accuracy and clarity: No eye candy please. |
8 | This section contains references to relevant documents. As many references as apply are encouraged. |
9 | This is a FreeBSD security advisory. |
10 | This is a FreeBSD problem report. |
11 | This is a MITRE CVE identifier. |
12 | This is a SecurityFocus Bug ID. |
13 | This is a US-CERT security advisory. |
14 | This is a US-CERT vulnerability note. |
15 | This is a US-CERT Cyber Security Alert. |
16 | This is a US-CERT Technical Cyber Security Alert. |
17 | This is a URL to an archived posting in a mailing list. The attribute msgid is optional and may specify the message ID of the posting. |
18 | This is a generic URL. Only it if none of the other reference categories apply. |
19 | This is the date when the issue was disclosed (YYYY-MM-DD). |
20 | This is the date when the entry was added (YYYY-MM-DD). |
21 | This is the date when any information in the entry was last modified (YYYY-MM-DD). New entries must not include this field. Add it when editing an existing entry. |