Date: Mon, 5 Sep 2011 12:35:41 +0200 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: Chris Rees <crees@freebsd.org> Cc: cvs-ports@freebsd.org, secteam@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <BBC6000B-0D51-4AD9-BB4C-7D6B3A894696@FreeBSD.org> In-Reply-To: <CADLo83_poDk0J2Sfk3dE8WvU8e3J47fewVhTtzLp2DznqEYxeA@mail.gmail.com> References: <201109042015.p84KFqOR005039@repoman.freebsd.org> <CADLo83_poDk0J2Sfk3dE8WvU8e3J47fewVhTtzLp2DznqEYxeA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Sep 2011, at 22:44, Chris Rees wrote: > On 4 September 2011 21:15, Chris Rees <crees@freebsd.org> wrote: >> crees 2011-09-04 20:15:52 UTC >>=20 >> FreeBSD ports repository >>=20 >> Modified files: >> security/vuxml vuln.xml >> Log: >> - Document cfs buffer overflow vulnerability. >> - While here, unbreak packaudit -- it doesn't like newlines in the >> middle of tags. Perhaps a comment should say something? >=20 > Actually, that's a bad long-term solution. The real solution would be > to fix portaudit's XML parser. >=20 > secteam, would you like me to have a go at it, or shall I let you > investigate since you know the code? I would happily accept patches (if they work and don't break things! :-) = ). It's so long ago that I looked at the build code (packaudit) so I = can't recall how ugly that is. I just remember portaudit's embedded awk = in sh makes me want to run away :-). Portaudit and packaudit haven't really been touched in any significant = way since eik@ left the project. -=20 Simon L. B. Nielsen Hat: FreeBSD Deputy Security Officer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BBC6000B-0D51-4AD9-BB4C-7D6B3A894696>