cvs commit: ports/security/vuxml vuln.xml
Simon L. B. Nielsen
simon at FreeBSD.org
Mon Sep 5 10:35:45 UTC 2011
On 4 Sep 2011, at 22:44, Chris Rees wrote:
> On 4 September 2011 21:15, Chris Rees <crees at freebsd.org> wrote:
>> crees 2011-09-04 20:15:52 UTC
>>
>> FreeBSD ports repository
>>
>> Modified files:
>> security/vuxml vuln.xml
>> Log:
>> - Document cfs buffer overflow vulnerability.
>> - While here, unbreak packaudit -- it doesn't like newlines in the
>> middle of tags. Perhaps a comment should say something?
>
> Actually, that's a bad long-term solution. The real solution would be
> to fix portaudit's XML parser.
>
> secteam, would you like me to have a go at it, or shall I let you
> investigate since you know the code?
I would happily accept patches (if they work and don't break things! :-) ). It's so long ago that I looked at the build code (packaudit) so I can't recall how ugly that is. I just remember portaudit's embedded awk in sh makes me want to run away :-).
Portaudit and packaudit haven't really been touched in any significant way since eik@ left the project.
-
Simon L. B. Nielsen
Hat: FreeBSD Deputy Security Officer
More information about the cvs-all
mailing list