From owner-freebsd-www@FreeBSD.ORG  Wed Jun 29 03:30:29 2005
Return-Path: <owner-freebsd-www@FreeBSD.ORG>
X-Original-To: freebsd-www@hub.freebsd.org
Delivered-To: freebsd-www@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0BC7416A41C
	for <freebsd-www@hub.freebsd.org>; Wed, 29 Jun 2005 03:30:29 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CF21643D5C
	for <freebsd-www@hub.freebsd.org>; Wed, 29 Jun 2005 03:30:28 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j5T3USMQ019202
	for <freebsd-www@freefall.freebsd.org>; Wed, 29 Jun 2005 03:30:28 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j5T3USNQ019196;
	Wed, 29 Jun 2005 03:30:28 GMT (envelope-from gnats)
Resent-Date: Wed, 29 Jun 2005 03:30:28 GMT
Resent-Message-Id: <200506290330.j5T3USNQ019196@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-www@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Kevin Kinsey <kdk@daleco.biz>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E494916A41C;
	Wed, 29 Jun 2005 03:26:33 +0000 (GMT)
	(envelope-from kadmin@elisha.daleco.biz)
Received: from elisha.daleco.biz (fbc-carthage.org [66.76.92.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E625743D48;
	Wed, 29 Jun 2005 03:26:31 +0000 (GMT)
	(envelope-from kadmin@elisha.daleco.biz)
Received: from elisha.daleco.biz (localhost [127.0.0.1])
	by elisha.daleco.biz (8.12.11/8.12.11) with ESMTP id j5T3QUm5071785;
	Tue, 28 Jun 2005 22:26:30 -0500 (CDT)
	(envelope-from kadmin@elisha.daleco.biz)
Received: (from kadmin@localhost)
	by elisha.daleco.biz (8.12.11/8.12.11/Submit) id j5T3QUFT071784;
	Tue, 28 Jun 2005 22:26:30 -0500 (CDT) (envelope-from kadmin)
Message-Id: <200506290326.j5T3QUFT071784@elisha.daleco.biz>
Date: Tue, 28 Jun 2005 22:26:30 -0500 (CDT)
From: Kevin Kinsey <kdk@daleco.biz>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: advocacy@FreeBSD.org
Subject: www/82761: (PATCH) www/marketing/os-comparison.sgml,
	updates CERT advisories
X-BeenThere: freebsd-www@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Kevin Kinsey <kdk@daleco.biz>
List-Id: FreeBSD Project Webmasters <freebsd-www.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
	<mailto:freebsd-www-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-www>
List-Post: <mailto:freebsd-www@freebsd.org>
List-Help: <mailto:freebsd-www-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-www>,
	<mailto:freebsd-www-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2005 03:30:29 -0000


>Number:         82761
>Category:       www
>Synopsis:       (PATCH) www/marketing/os-comparison.sgml, updates CERT advisories
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-www
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 29 03:30:28 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Kevin Kinsey
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
DaleCo, S.P.
>Environment:
System: FreeBSD elisha.daleco.biz 4.11-RELEASE-p2 FreeBSD 4.11-RELEASE-p2 #4: Wed Apr 6 15:26:00 CDT 2005 root@elisha.daleco.biz:/usr/obj/usr/src/sys/GENERIC i386


>Description:
This patch updates the "OS Comparison" article with the dates,
                case numbers, and names of (US) CERT advisories from January 2004
                to June 2005.
>How-To-Repeat:
>Fix:
        This article is currently being discussed on advocacy@; I decided
        to "put up" instead of being asked to "shut up" (Hi, Julian!  Keep
        up the good work! ;-)  My www tree is a few weeks old, but the website
        appears to still have the same information as my "os-comparison.sgml".

        I updated the referenced URI due to the fact that "cert.org" is no
        longer being actively updated with advisories; these seem to have moved
        to:
                 http://www.us-cert.gov/cas/techalerts/

           --- I can't speculate on what "International" users might wish
        to have listed there; this seems (to me) appropriate for most of North
        America.

        Note that I haven't made any commentary about the list, *nor have I
        enumerated the number of advisories that affect any particular OS*.
        Particularly in regard to Microsoft's offerings, the list might very
        well speak for itself.  Feel free to modify it as you wish, though.

        Instead of two "headers", there's only one; this is because of the
        nature of the content only, and not for any other reason.  We appreciate
        Murray writing this in the first place, and "hope this helps".


--- os-comparison.sgml  Mon May  9 11:06:12 2005
+++ os-comparison2.sgml Tue Jun 28 21:39:06 2005
@@ -470,37 +470,49 @@
 information and training to help improve security at Internet
 sites.<p>

-<p><strong>CERT Advisories in 2000 that affected Linux:</strong></p>
+<p><strong>CERT Advisories for 2004-early 2005, all operating systems:</strong></p>
 <ul>                                                       
-  <li>CA-2000-22 - Input Validation Problems in LPRng</li>
-  <li>CA-2000-21 - Denial-of-Service Vulnerability in TCP/IP
-  Stacks</li>
-  <li>CA-2000-20 - Multiple Denial-of-Service Problems in ISC BIND</li>
-  <li>CA-2000-17 - Input Validation Problem in rpc.statd</li>
-  <li>CA-2000-13 - Two Input Validation Problems in FTPD</li>
-  <li>CA-2000-06 - Multiple Buffer Overflows in Kerberos Authenticated
-  Services</li>
-  <li>CA-2000-03 - Continuing Compromises of DNS servers</li>
-</ul>
-
-<p><strong>CERT Advisories in 2000 that affected Windows:</strong></p>
-<ul>
-  <li>CA-2000-16 - Microsoft 'IE Script'/Access/OBJECT Tag
-  Vulnerability</li>
-  <li>CA-2000-14 - Microsoft Outlook and Outlook Express Cache Bypass
-  Vulnerability</li>
-  <li>CA-2000-12 - HHCtrl ActiveX Control Allows Local Files to be
-  Executed</li>
-  <li>CA-2000-10 - Inconsistent Warning Messages in Internet
-  Explorer</li>
-  <li>CA-2000-07 - Microsoft Office 2000 UA ActiveX Control
-  Incorrectly Marked "Safe for Scripting"</li>
-  <li>CA-2000-04 - Love Letter Worm</li>
+<li>2005-06-14 TA05-165A   Microsoft Windows and Internet Explorer Vulnerabilities</li>
+<li>2005-05-16 TA05-136A   Apple Mac OS X is affected by multiple vulnerabilities</li>
+<li>2005-04-27 TA05-117A   Oracle Products Contain Multiple Vulnerabilities</li>
+<li>2005-04-12 TA05-102A   Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-02-08 TA05-039A   Multiple Vulnerabilities in Microsoft Windows Components</li>
+<li>2005-01-26 TA05-026A   Multiple Denial of Service Vulnerablities in Cisco IOS</li>
+<li>2005-01-12 TA05-012B   Microsoft Windows HTML Help ActiveX Control Cross-Domain Vulnerability</li>
+<li>2005-01-12 TA05-012A   Multiple Vulnerabilities in Microsoft Windows Icon and Cursor Processing</li>
+<li>2004-12-21 TA04-356A   Exploitation of phpBB highlight parameter vulnerability</li>
+<li>2004-12-01 TA04-336A   Update Available for Microsoft Internet Explorer HTML Elements Vulnerability</li>
+<li>2004-11-11 TA04-316A   Cisco IOS Input Queue Vulnerability</li>
+<li>2004-11-10 TA04-315A   Buffer Overflow in Microsoft Internet Explorer</li>
+<li>2004-10-19 TA04-293A   Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-09-17 TA04-261A   Multiple Vulnerabilities in Mozilla Products</li>
+<li>2004-09-16 TA04-260A   Microsoft Windows JPEG component buffer overflow</li>
+<li>2004-09-03 TA04-247A   Vulnerabilities in MIT Kerberos 5</li>
+<li>2004-09-01 TA04-245A   Multiple Vulnerabilities in Oracle Products</li>
+<li>2004-08-04 TA04-217A   Multiple Vulnerabilities in libpng</li>
+<li>2004-07-30 TA04-212A   Critical Vulnerabilities in Microsoft Windows</li>
+<li>2004-07-14 TA04-196A   Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express</li>
+<li>2004-07-02 TA04-184A   Internet Explorer Update to Disable ADODB.Stream ActiveX Control</li>
+<li>2004-06-22 TA04-174A   Multiple Vulnerabilities in ISC DHCP 3</li>
+<li>2004-06-11 TA04-163A   Cross-Domain Redirect Vulnerability in Internet Explorer</li>
+<li>2004-06-08 TA04-160A   SQL Injection Vulnerabilities in Oracle E-Business Suite</li>
+<li>2004-05-26 TA04-147A   CVS Heap Overflow Vulnerability</li>
+<li>2004-04-20 TA04-111B   Cisco IOS SNMP Message Handling Vulnerability</li>
+<li>2004-04-20 TA04-111A   Vulnerabilities in TCP</li>
+<li>2004-04-13 TA04-104A   Multiple Vulnerabilities in Microsoft Products</li>
+<li>2004-04-08 TA04-099A   Cross-Domain Vulnerability in Outlook Express MHTML Protocol Handler</li>
+<li>2004-03-18 TA04-078A   Multiple Vulnerabilities in OpenSSL</li>
+<li>2004-03-10 TA04-070A   Microsoft Outlook mailto URL Handling Vulnerability</li>
+<li>2004-02-10 TA04-041A   Multiple Vulnerabilities in Microsoft ASN.1 Library</li>
+<li>2004-02-05 TA04-036A   HTTP Parsing Vulnerabilities in Check Point Firewall-1</li>
+<li>2004-02-02 TA04-033A   Multiple Vulnerabilities in Microsoft Internet Explorer</li>
+<li>2004-01-28 TA04-028A   W32/MyDoom.B Virus</li>
+
 </ul>

 <p>For more information about CERT and potential security exploits for
 your operating system, please see <a
-href="http://www.cert.org">http://www.cert.org</a>.</p>
+href="http://www.us-cert.gov/cas/techalerts/">http://www.us-cert.gov/cas/techalerts/</a>.</p>

 <p>For more information about some of the enhanced security features
 of FreeBSD, please see <a


>Release-Note:
>Audit-Trail:
>Unformatted: