cvs commit: ports/security/vuxml vuln.xml

Simon L. Nielsen simon at FreeBSD.org
Sat Oct 7 02:35:21 PDT 2006


On 2006.10.05 16:30:52 +0000, Andrew Pantyukhin wrote:
> sat         2006-10-05 16:30:52 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   - Document buffer overflow vulnerabilities in tin
>   
>   Revision  Changes    Path
>   1.1172    +32 -1     ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1171&r2=1.1172
[...]
> | +  <vuln vid="19a92df1-548d-11db-8f1a-000a48049292">
> | +    <topic>tin -- buffer overflow vulnerabilities</topic>
> | +    <affects>
> | +      <package>
> | +	<name>tin</name>
> | +	<range><lt>1.8.2</lt></range>
> | +      </package>
> | +    </affects>
> | +    <description>
> | +      <body xmlns="http://www.w3.org/1999/xhtml">
> | +	<blockquote cite="ftp://ftp.tin.org/pub/news/clients/tin/stable/CHANGES">
> | +	  <p>Urs Janssen and Aleksey Salow report possible buffer
> | +	    overflows in tin versions 1.8.0 and 1.8.1.</p>
> | +	</blockquote>
> | +	<blockquote cite="http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.005-tin.html">
> | +	  <p>OpenPKG project elaborates there is an allocation
> | +	    off-by-one bug in version 1.8.0 which can lead to a buffer
> | +	    overflow.</p>
> | +	</blockquote>

Text should only be inside blockquotes if it is really direct quotes.
If you written the text yourself you should just stick the references
in the references section - you don't need to use explicit references
in the body.

See also earlier entries for how it has been done in the past (in
particular in entries by nectar, remko or me).

-- 
Simon L. Nielsen


More information about the cvs-all mailing list