Date: Thu, 14 Dec 2006 08:14:39 +0100 From: Remko Lodder <remko@elvandar.org> To: Martin Wilke <miwi@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20061214071439.GC27554@elvandar.org> In-Reply-To: <200612132256.kBDMuVVf084024@repoman.freebsd.org> References: <200612132256.kBDMuVVf084024@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 13, 2006 at 10:56:31PM +0000, Martin Wilke wrote: > miwi 2006-12-13 22:56:31 UTC > > FreeBSD ports repository > > Modified files: > security/vuxml vuln.xml > Log: > tDiary - Injection Vulnerability > > | + <description> > | + <body xmlns="http://www.w3.org/1999/xhtml">; > | + <p>A eRuby injection vulnerability has been discovered in tDiary.</p> > | + </body> > | + </description> Hello Martin, Just being the bad secteam member ;-) Can you tell me what the injection vulnerability is? If people read this, they dont have any clue whatsoever whether thies applies to their situation or not and what the risk actually is. This is one of the biggest problems since adding VuXML entries will take up more time when people need to investigate the issue prior to adding them to the vuln.xml db, but I think (my personal opinion) that this is required since the above text tells us nothing. Apart from that: Thank you very much for working on the VuXML entries! We (secteam) really appriciate it! Cheers, remko -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061214071439.GC27554>