From owner-cvs-ports@FreeBSD.ORG Sun Aug 15 14:37:38 2004 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0B1916A4CE; Sun, 15 Aug 2004 14:37:38 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9C32743D3F; Sun, 15 Aug 2004 14:37:38 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 100C75487F; Sun, 15 Aug 2004 09:37:38 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 31121-02; Sun, 15 Aug 2004 09:37:27 -0500 (CDT) Received: from lum.celabo.org (dhcp-207.celabo.org [10.0.1.207]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "lum.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id D7E2C5485D; Sun, 15 Aug 2004 09:37:26 -0500 (CDT) Received: by lum.celabo.org (Postfix, from userid 501) id AC5903F0E54; Sun, 15 Aug 2004 09:37:14 -0500 (CDT) Date: Sun, 15 Aug 2004 09:37:14 -0500 From: "Jacques A. Vidrine" To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Message-ID: <20040815143714.GA3110@lum.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org References: <200408151431.i7FEVu8H094070@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200408151431.i7FEVu8H094070@repoman.freebsd.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i Subject: NOTE when adding VuXML entries (was Re: cvs commit: ports/security/vuxml vuln.xml) X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2004 14:37:39 -0000 On Sun, Aug 15, 2004 at 02:31:56PM +0000, Jacques A. Vidrine wrote: > nectar 2004-08-15 14:31:56 UTC > > FreeBSD ports repository > > Modified files: > security/vuxml vuln.xml > Log: > Correct the version number range affected for Mozilla 1.8 alphas. > > Problem hinted at by: eik > > While I'm here, add a CVE name reference and a couple of other relevant > Bugzilla links. It is interesting that this security issue was reported > as early as 1999. Also, replace the text plagiarized from the Secunia > advisory without attribution with a more helpful (maybe?) description of > the issue. > > Revision Changes Path > 1.175 +14 -5 ports/security/vuxml/vuln.xml Hi All, There is absolutely nothing wrong with using text from another source within VuXML entries. However, when doing so, please use
. For example, if I hadn't felt like giving more detail in this commit, I could have fixed the problem by modifying this:

A vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious websites to spoof the user interface.

to be this:

A Secunia security advisory reports:

A vulnerability has been reported in Mozilla and Mozilla Firefox, allowing malicious websites to spoof the user interface.

This is both useful information as well as courteous :-) Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org