cvs commit: ports/security/vuxml vuln.xml
Simon L. Nielsen
simon at FreeBSD.org
Sat Oct 7 02:35:21 PDT 2006
On 2006.10.05 16:30:52 +0000, Andrew Pantyukhin wrote:
> sat 2006-10-05 16:30:52 UTC
>
> FreeBSD ports repository
>
> Modified files:
> security/vuxml vuln.xml
> Log:
> - Document buffer overflow vulnerabilities in tin
>
> Revision Changes Path
> 1.1172 +32 -1 ports/security/vuxml/vuln.xml
> http://cvsweb.FreeBSD.org/ports/security/vuxml/vuln.xml.diff?r1=1.1171&r2=1.1172
[...]
> | + <vuln vid="19a92df1-548d-11db-8f1a-000a48049292">
> | + <topic>tin -- buffer overflow vulnerabilities</topic>
> | + <affects>
> | + <package>
> | + <name>tin</name>
> | + <range><lt>1.8.2</lt></range>
> | + </package>
> | + </affects>
> | + <description>
> | + <body xmlns="http://www.w3.org/1999/xhtml">
> | + <blockquote cite="ftp://ftp.tin.org/pub/news/clients/tin/stable/CHANGES">
> | + <p>Urs Janssen and Aleksey Salow report possible buffer
> | + overflows in tin versions 1.8.0 and 1.8.1.</p>
> | + </blockquote>
> | + <blockquote cite="http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.005-tin.html">
> | + <p>OpenPKG project elaborates there is an allocation
> | + off-by-one bug in version 1.8.0 which can lead to a buffer
> | + overflow.</p>
> | + </blockquote>
Text should only be inside blockquotes if it is really direct quotes.
If you written the text yourself you should just stick the references
in the references section - you don't need to use explicit references
in the body.
See also earlier entries for how it has been done in the past (in
particular in entries by nectar, remko or me).
--
Simon L. Nielsen
More information about the cvs-all
mailing list