NOTE when adding VuXML entries (was Re: cvs commit:
ports/security/vuxml vuln.xml)
Jacques A. Vidrine
nectar at FreeBSD.org
Sun Aug 15 07:37:39 PDT 2004
On Sun, Aug 15, 2004 at 02:31:56PM +0000, Jacques A. Vidrine wrote:
> nectar 2004-08-15 14:31:56 UTC
>
> FreeBSD ports repository
>
> Modified files:
> security/vuxml vuln.xml
> Log:
> Correct the version number range affected for Mozilla 1.8 alphas.
>
> Problem hinted at by: eik
>
> While I'm here, add a CVE name reference and a couple of other relevant
> Bugzilla links. It is interesting that this security issue was reported
> as early as 1999. Also, replace the text plagiarized from the Secunia
> advisory without attribution with a more helpful (maybe?) description of
> the issue.
>
> Revision Changes Path
> 1.175 +14 -5 ports/security/vuxml/vuln.xml
Hi All,
There is absolutely nothing wrong with using text from another source
within VuXML entries. However, when doing so, please use
<blockquote cite="{url}">. For example, if I hadn't felt like giving
more detail in this commit, I could have fixed the problem by modifying
this:
<p>A vulnerability has been reported in Mozilla and Mozilla Firefox,
allowing malicious websites to spoof the user interface.</p>
to be this:
<p>A Secunia security advisory reports:</p>
<blockquote cite="http://secunia.com/advisories/12188">
<p>A vulnerability has been reported in Mozilla and Mozilla Firefox,
allowing malicious websites to spoof the user interface.</p>
</blockquote>
This is both useful information as well as courteous :-)
Cheers,
--
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at FreeBSD.org
More information about the cvs-ports
mailing list