cvs commit: ports/security/portaudit-db/database portaudit.txt portaudit.xlist portaudit.xml

Jacques A. Vidrine nectar at
Mon Aug 16 08:53:36 PDT 2004

[Hmm, it seems that the lists that contain FreeBSD developers was
accidently dropped.  Fixed.]

On Sun, Aug 15, 2004 at 07:41:34PM +0200, Oliver Eikemeier wrote:
> Jacques A. Vidrine wrote:
> >The commit message seems to be incomplete.  The 670% increase in
> >portaudit.xml seems to be largely a number of entries that are also in
> >ports/security/vuxml/vuln.xml, although the text and references seem to
> >be rewritten in most (all?) cases and different UUIDs have been
> >assigned.
> Yup, they use the UUIDs they had assigned in portaudit, before they have 
> been re-added with different UUIDs to vuxml.
> >I'm not sure what portaudit.xml is for, but it seems a bit confusing to
> >have some issues described differently in two different locations.  
> >Maybe
> >you could clue me in as to what is going on?  Seems like we need to
> >normalize this data.
> Those entries are tested and work with portaudit. It seems like vuxml 
> has different requirements.

You keep making this assertion, but you have not given any details.
What gives?  For example, why have you duplicated the following entry:

in ports/security/vuxml/vuln.xml
  ``acroread uudecoder input validation error''

in ports/security/portaudit-db/database/portaudit.xml
  ``Acrobat Reader handling of malformed uuencoded pdf files''

What is it about the original entry that does not "work with portaudit"?

This is particularly confusing because you somehow claim that the
original entry is "superseded" by yours.

Why didn't you simply correct the original entry if there is a problem?

What are you trying to accomplish, Oliver?  I would really like to know
because clearly this situation is not good for our community. 

Jacques A Vidrine / NTT/Verio
nectar at / jvidrine at / nectar at

More information about the cvs-all mailing list