VuXML and FreeBSD

Jacques A. Vidrine nectar at
Mon Apr 19 12:05:39 PDT 2004

Hello All,

I'd like to bring to your attention the Vulnerabilities and eXposures
Markup Language (VuXML) and associated resources.

VuXML is a markup language designed for the documentation of security
issues within a single package collection.  Since about February
of this year, we have been diligently documenting vulnerabilities
in FreeBSD and the FreeBSD Ports Collection using VuXML.  The
Project's VuXML document is maintained in the FreeBSD repository, path
ports/security/vuxml/vuln.xml.  Any FreeBSD committer may make updates
to this file.  The FreeBSD security officer acts as editor.

The contents of the FreeBSD Project VuXML document is made available
in a human-friendly format at <URL:>.
There one may browse issues by date, package name, CVE name,
and so forth.  In addition, an RSS feed is available at
<URL:>, allowing one to keep
informed using an RSS reader such as Straw.

Some tools that use VuXML are available in the FreeBSD Ports
Collection.  `vxquery' (ports/security/vxquery) is a simple command
line tool that parses the VuXML document directly.  `portaudit'
(ports/security/portaudit) uses a `distilled' version of the FreeBSD
VuXML document to report which of your installed ports may be affected
by security issues, as well as providing additional warnings when
attempting to install ports.

A mailing list has been established for the discussion of VuXML,
<freebsd-vuxml at>.  This is a forum for discussing:

  - VuXML itself, including the DTD and its evolution

  - entries in the FreeBSD VuXML document, including new submissions,
    corrections, and style issues

  - VuXML usage and tools

  - the VuXML web site ( and

To subscribe to the mailing list, visit
<URL:> or send
a subscription request to <freebsd-vuxml-request at>.

Jacques Vidrine / nectar at / jvidrine at / nectar at

As a postscript, I'm also happy to say that the OpenBSD
Ports & Packages collection has adopted VuXML for
documenting issues as well.  See the announcement at
<URL:>; the
human-friendly contents at <URL:>; or the
RSS feed at <URL:>.  The OpenBSD
VuXML document is currently maintained in Robert Nagy's private

More information about the freebsd-ports mailing list