Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Aug 2004 09:37:14 -0500
From:      "Jacques A. Vidrine" <nectar@FreeBSD.org>
To:        ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   NOTE when adding VuXML entries (was Re: cvs commit: ports/security/vuxml vuln.xml)
Message-ID:  <20040815143714.GA3110@lum.celabo.org>
In-Reply-To: <200408151431.i7FEVu8H094070@repoman.freebsd.org>
References:  <200408151431.i7FEVu8H094070@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Aug 15, 2004 at 02:31:56PM +0000, Jacques A. Vidrine wrote:
> nectar      2004-08-15 14:31:56 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   Correct the version number range affected for Mozilla 1.8 alphas.
>   
>   Problem hinted at by:   eik
>   
>   While I'm here, add a CVE name reference and a couple of other relevant
>   Bugzilla links.  It is interesting that this security issue was reported
>   as early as 1999.  Also, replace the text plagiarized from the Secunia
>   advisory without attribution with a more helpful (maybe?) description of
>   the issue.
>   
>   Revision  Changes    Path
>   1.175     +14 -5     ports/security/vuxml/vuln.xml



Hi All,

There is absolutely nothing wrong with using text from another source
within VuXML entries.  However, when doing so, please use
<blockquote cite="{url}">.  For example, if I hadn't felt like giving 
more detail in this commit, I could have fixed the problem by modifying
this:

  <p>A vulnerability has been reported in Mozilla and Mozilla Firefox,
    allowing malicious websites to spoof the user interface.</p>

to be this:

  <p>A Secunia security advisory reports:</p>
  <blockquote cite="http://secunia.com/advisories/12188">;
    <p>A vulnerability has been reported in Mozilla and Mozilla Firefox,
      allowing malicious websites to spoof the user interface.</p>
  </blockquote>

This is both useful information as well as courteous :-)

Cheers,
-- 
Jacques A Vidrine / NTT/Verio
nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040815143714.GA3110>