cvs commit: ports/security/vuxml vuln.xml
Remko Lodder
remko at elvandar.org
Thu Dec 14 05:57:49 PST 2006
On Wed, Dec 13, 2006 at 10:56:31PM +0000, Martin Wilke wrote:
> miwi 2006-12-13 22:56:31 UTC
>
> FreeBSD ports repository
>
> Modified files:
> security/vuxml vuln.xml
> Log:
> tDiary - Injection Vulnerability
>
> | + <description>
> | + <body xmlns="http://www.w3.org/1999/xhtml">
> | + <p>A eRuby injection vulnerability has been discovered in tDiary.</p>
> | + </body>
> | + </description>
Hello Martin,
Just being the bad secteam member ;-) Can you tell me what the injection
vulnerability is? If people read this, they dont have any clue whatsoever
whether thies applies to their situation or not and what the risk actually
is.
This is one of the biggest problems since adding VuXML entries will take
up more time when people need to investigate the issue prior to adding
them to the vuln.xml db, but I think (my personal opinion) that this is
required since the above text tells us nothing.
Apart from that: Thank you very much for working on the VuXML entries!
We (secteam) really appriciate it!
Cheers,
remko
--
Kind regards,
Remko Lodder ** remko at elvandar.org
FreeBSD ** remko at FreeBSD.org
/* Quis custodiet ipsos custodes */
More information about the cvs-all
mailing list