Date: Mon, 24 Jan 2005 09:58:32 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Dan Langille <dan@langille.org> Cc: freebsd-vuxml@freebsd.org Subject: Re: what happens if a vuln is loaded in error? Message-ID: <20050124155832.GF3960@lum.celabo.org> In-Reply-To: <41F4D240.12228.221FB59D@localhost> References: <41F3755F.17732.1CCB0831@localhost> <41F4D240.12228.221FB59D@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 24, 2005 at 10:47:28AM -0500, Dan Langille wrote: > On 23 Jan 2005 at 9:58, Dan Langille wrote: > > > I'm looking over the design of how FreshPorts handles VuXML > > changes. A thought comes to mind. If a vuln turns out to be > > false (i.e not a vulnerability at all, for whatever reason), what > > changes would be made to the VuXML data? How would this situation > > be fixed? > > This commit answers my question: > > http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/vuln.xml.diff?r1=1.515&r2=1.516&f=h Yep, I made that one just for you (^_^). But seriously, let me draw your attention to the following comments in the VuXML document model DTD (http://www.vuxml.org/dtd/vuxml-1/vuxml-model-11.mod): ,---- | A given `vuln' element may represent either an active issue | or a cancelled issue. Active `vuln's contain the full set | of sub-elements (topic, affects, and so on). Cancelled `vuln's | may contain only a single `cancelled' element. | | A `vuln' should be cancelled only when it was issued in error. `---- ,---- | If a `vuln' is issued in error, it may be cancelled by replacing its | content with a single `cancelled' element. The optional `superseded' | attribute with a VuXML ID value may be used to indicate that another | `vuln' entry replaced this one. | | Example. | | <vuln vid="f1d20b27-835f-11d8-a41f-0020ed76ef5a"> | <cancelled superseded="1ed556e6-734f-11d8-868e-000347dd607f" /> | </vuln> `---- Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050124155832.GF3960>