From owner-cvs-all@FreeBSD.ORG  Sat Oct  7 09:35:21 2006
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2EAF116A40F;
	Sat,  7 Oct 2006 09:35:21 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B2F8943D46;
	Sat,  7 Oct 2006 09:35:20 +0000 (GMT)
	(envelope-from simon@zaphod.nitro.dk)
Received: from zaphod.nitro.dk (unknown [192.168.3.39])
	by mx.nitro.dk (Postfix) with ESMTP id 0EDAD2FFA61;
	Sat,  7 Oct 2006 09:35:19 +0000 (UTC)
Received: by zaphod.nitro.dk (Postfix, from userid 3000)
	id ED27411420; Sat,  7 Oct 2006 11:35:18 +0200 (CEST)
Date: Sat, 7 Oct 2006 11:35:18 +0200
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Andrew Pantyukhin <sat@FreeBSD.org>
Message-ID: <20061007093518.GF982@zaphod.nitro.dk>
References: <200610051630.k95GUqZ6037048@repoman.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200610051630.k95GUqZ6037048@repoman.freebsd.org>
User-Agent: Mutt/1.5.11
Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2006 09:35:21 -0000

On 2006.10.05 16:30:52 +0000, Andrew Pantyukhin wrote:
> sat         2006-10-05 16:30:52 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   - Document buffer overflow vulnerabilities in tin
>   
>   Revision  Changes    Path
>   1.1172    +32 -1     ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1171&r2=1.1172
[...]
> | +  <vuln vid="19a92df1-548d-11db-8f1a-000a48049292">
> | +    <topic>tin -- buffer overflow vulnerabilities</topic>
> | +    <affects>
> | +      <package>
> | +	<name>tin</name>
> | +	<range><lt>1.8.2</lt></range>
> | +      </package>
> | +    </affects>
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">
> | +	<blockquote cite="ftp://ftp.tin.org/pub/news/clients/tin/stable/CHANGES">
> | +	  <p>Urs Janssen and Aleksey Salow report possible buffer
> | +	    overflows in tin versions 1.8.0 and 1.8.1.</p>
> | +	</blockquote>
> | +	<blockquote cite="http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.005-tin.html">
> | +	  <p>OpenPKG project elaborates there is an allocation
> | +	    off-by-one bug in version 1.8.0 which can lead to a buffer
> | +	    overflow.</p>
> | +	</blockquote>

Text should only be inside blockquotes if it is really direct quotes.
If you written the text yourself you should just stick the references
in the references section - you don't need to use explicit references
in the body.

See also earlier entries for how it has been done in the past (in
particular in entries by nectar, remko or me).

-- 
Simon L. Nielsen