From owner-freebsd-security@FreeBSD.ORG Mon Apr 19 12:04:04 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D19216A4CE for ; Mon, 19 Apr 2004 12:04:04 -0700 (PDT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 354E443D54 for ; Mon, 19 Apr 2004 12:04:04 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))verified)) by gw.celabo.org (Postfix) with ESMTP id D2AD25482B for ; Mon, 19 Apr 2004 14:04:03 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 82E006D455; Mon, 19 Apr 2004 14:04:03 -0500 (CDT) Date: Mon, 19 Apr 2004 14:04:03 -0500 From: "Jacques A. Vidrine" To: freebsd-security@freebsd.org Message-ID: <20040419190403.GA17526@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i Subject: VuXML and FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2004 19:04:04 -0000 Hello All, I'd like to bring to your attention the Vulnerabilities and eXposures Markup Language (VuXML) and associated resources. VuXML is a markup language designed for the documentation of security issues within a single package collection. Since about February of this year, we have been diligently documenting vulnerabilities in FreeBSD and the FreeBSD Ports Collection using VuXML. The Project's VuXML document is maintained in the FreeBSD repository, path ports/security/vuxml/vuln.xml. Any FreeBSD committer may make updates to this file. The FreeBSD security officer acts as editor. The contents of the FreeBSD Project VuXML document is made available in a human-friendly format at . There one may browse issues by date, package name, CVE name, and so forth. In addition, an RSS feed is available at , allowing one to keep informed using an RSS reader such as Straw. Some tools that use VuXML are available in the FreeBSD Ports Collection. `vxquery' (ports/security/vxquery) is a simple command line tool that parses the VuXML document directly. `portaudit' (ports/security/portaudit) uses a `distilled' version of the FreeBSD VuXML document to report which of your installed ports may be affected by security issues, as well as providing additional warnings when attempting to install ports. A mailing list has been established for the discussion of VuXML, . This is a forum for discussing: - VuXML itself, including the DTD and its evolution - entries in the FreeBSD VuXML document, including new submissions, corrections, and style issues - VuXML usage and tools - the VuXML web site (www.vuxml.org and vuxml.freebsd.org) To subscribe to the mailing list, visit or send a subscription request to . Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org As a postscript, I'm also happy to say that the OpenBSD Ports & Packages collection has adopted VuXML for documenting issues as well. See the announcement at ; the human-friendly contents at ; or the RSS feed at . The OpenBSD VuXML document is currently maintained in Robert Nagy's private repository.