svn commit: r302966 - head/security/vuxml

Thu Aug 23 04:14:44 UTC 2012

On 22 August 2012 17:10, Eygene Ryabinkin <rea at freebsd.org> wrote:
> Author: rea
> Date: Wed Aug 22 21:10:10 2012
> New Revision: 302966
> URL: http://svn.freebsd.org/changeset/ports/302966
>
> Log:
>   VuXML: document CVE-2012-3525 in jabberd 2.x
>
> Modified:
>   head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml        Wed Aug 22 20:40:40 2012        (r302965)
> +++ head/security/vuxml/vuln.xml        Wed Aug 22 21:10:10 2012        (r302966)
> @@ -51,6 +51,39 @@ Note:  Please add new entries to the beg
>
>  -->
>  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> +  <vuln vid="4d1d2f6d-ec94-11e1-8bd8-0022156e8794">
> +    <topic>jabberd -- domain spoofing in server dialback protocol</topic>
> +    <affects>
> +      <package>
> +        <name>jabberd</name>
> +        <range><lt>2.2.16_2</lt></range>
> +      </package>
> +    </affects>

It seems like this vuln affects multiple ports:
http://xmpp.org/resources/security-notices/server-dialback/

Do we want one vuxml for all of them or separate vuxmls?  My
preference is for one combined entry.

-- 
Eitan Adler
Source & Ports committer
X11, Bugbusting teams