Source string Read only

(itstool) path: callout/para
99/990
Context English State
&lt;vuln vid="f4bc80f4-da62-11d8-90ea-0004ac98a7b9"&gt; <co xml:id="co-vx-vid"/>
&lt;topic&gt;Several vulnerabilities found in Foo&lt;/topic&gt; <co xml:id="co-vx-top"/>
&lt;affects&gt;
&lt;package&gt;
&lt;name&gt;foo&lt;/name&gt; <co xml:id="co-vx-nam"/>
&lt;name&gt;foo-devel&lt;/name&gt;
&lt;name&gt;ja-foo&lt;/name&gt;
&lt;range&gt;&lt;ge&gt;1.6&lt;/ge&gt;&lt;lt&gt;1.9&lt;/lt&gt;&lt;/range&gt; <co xml:id="co-vx-rng"/>
&lt;range&gt;&lt;ge&gt;2.*&lt;/ge&gt;&lt;lt&gt;2.4_1&lt;/lt&gt;&lt;/range&gt;
&lt;range&gt;&lt;eq&gt;3.0b1&lt;/eq&gt;&lt;/range&gt;
&lt;/package&gt;
&lt;package&gt;
&lt;name&gt;openfoo&lt;/name&gt; <co xml:id="co-vx-nm2"/>
&lt;range&gt;&lt;lt&gt;1.10_7&lt;/lt&gt;&lt;/range&gt; <co xml:id="co-vx-epo"/>
&lt;range&gt;&lt;ge&gt;1.2,1&lt;/ge&gt;&lt;lt&gt;1.3_1,1&lt;/lt&gt;&lt;/range&gt;
&lt;/package&gt;
&lt;/affects&gt;
&lt;description&gt;
&lt;body xmlns="http://www.w3.org/1999/xhtml"&gt;
&lt;p&gt;J. Random Hacker reports:&lt;/p&gt; <co xml:id="co-vx-bdy"/>
&lt;blockquote
cite="http://j.r.hacker.com/advisories/1"&gt;
&lt;p&gt;Several issues in the Foo software may be exploited
via carefully crafted QUUX requests. These requests will
permit the injection of Bar code, mumble theft, and the
readability of the Foo administrator account.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;/body&gt;
&lt;/description&gt;
&lt;references&gt; <co xml:id="co-vx-ref"/>
&lt;freebsdsa&gt;SA-10:75.foo&lt;/freebsdsa&gt; <co xml:id="co-vx-fsa"/>
&lt;freebsdpr&gt;ports/987654&lt;/freebsdpr&gt; <co xml:id="co-vx-fpr"/>
&lt;cvename&gt;CAN-2010-0201&lt;/cvename&gt; <co xml:id="co-vx-cve"/>
&lt;cvename&gt;CAN-2010-0466&lt;/cvename&gt;
&lt;bid&gt;96298&lt;/bid&gt; <co xml:id="co-vx-bid"/>
&lt;certsa&gt;CA-2010-99&lt;/certsa&gt; <co xml:id="co-vx-cts"/>
&lt;certvu&gt;740169&lt;/certvu&gt; <co xml:id="co-vx-ctv"/>
&lt;uscertsa&gt;SA10-99A&lt;/uscertsa&gt; <co xml:id="co-vx-ucs"/>
&lt;uscertta&gt;SA10-99A&lt;/uscertta&gt; <co xml:id="co-vx-uct"/>
&lt;mlist msgid="201075606@hacker.com"&gt;http://marc.theaimsgroup.com/?l=bugtraq&amp;amp;m=203886607825605&lt;/mlist&gt; <co xml:id="co-vx-mls"/>
&lt;url&gt;http://j.r.hacker.com/advisories/1&lt;/url&gt; <co xml:id="co-vx-url"/>
&lt;/references&gt;
&lt;dates&gt;
&lt;discovery&gt;2010-05-25&lt;/discovery&gt; <co xml:id="co-vx-dsc"/>
&lt;entry&gt;2010-07-13&lt;/entry&gt; <co xml:id="co-vx-ent"/>
&lt;modified&gt;2010-09-17&lt;/modified&gt; <co xml:id="co-vx-mod"/>
&lt;/dates&gt;
&lt;/vuln&gt;
The tag names are supposed to be self-explanatory so we shall take a closer look only at fields which needs to be filled in:
This is the top-level tag of a VuXML entry. It has a mandatory attribute, <literal>vid</literal>, specifying a universally unique identifier (UUID) for this entry (in quotes). Generate a UUID for each new VuXML entry (and do not forget to substitute it for the template UUID unless writing the entry from scratch). use <citerefentry><refentrytitle>uuidgen</refentrytitle><manvolnum>1</manvolnum></citerefentry> to generate a VuXML UUID.
This is a one-line description of the issue found.
The names of packages affected are listed there. Multiple names can be given since several packages may be based on a single master port or software product. This may include stable and development branches, localized versions, and slave ports featuring different choices of important build-time configuration options.
It is the submitter's responsibility to find all such related packages when writing a VuXML entry. Keep in mind that <literal>make search name=foo</literal> is helpful. The primary points to look for are:
the <filename>foo-devel</filename> variant for a <filename>foo</filename> port;
other variants with a suffix like <literal>-a4</literal> (for print-related packages), <literal>-without-gui</literal> (for packages with X support disabled), or similar;
<literal>jp-</literal>, <literal>ru-</literal>, <literal>zh-</literal>, and other possible localized variants in the corresponding national categories of the ports collection.
Affected versions of the package(s) are specified there as one or more ranges using a combination of <literal>&lt;lt&gt;</literal>, <literal>&lt;le&gt;</literal>, <literal>&lt;eq&gt;</literal>, <literal>&lt;ge&gt;</literal>, and <literal>&lt;gt&gt;</literal> elements. Check that the version ranges given do not overlap.
In a range specification, <literal>*</literal> (asterisk) denotes the smallest version number. In particular, <literal>2.*</literal> is less than <literal>2.a</literal>. Therefore an asterisk may be used for a range to match all possible <literal>alpha</literal>, <literal>beta</literal>, and <literal>RC</literal> versions. For instance, <literal>&lt;ge&gt;2.*&lt;/ge&gt;&lt;lt&gt;3.*&lt;/lt&gt;</literal> will selectively match every <literal>2.x</literal> version while <literal>&lt;ge&gt;2.0&lt;/ge&gt;&lt;lt&gt;3.0&lt;/lt&gt;</literal> will not since the latter misses <literal>2.r3</literal> and matches <literal>3.b</literal>.
The above example specifies that affected are versions <literal>1.6</literal> and up to but not including <literal>1.9</literal>, versions <literal>2.x</literal> before <literal>2.4_1</literal>, and version <literal>3.0b1</literal>.
Several related package groups (essentially, ports) can be listed in the <literal>&lt;affected&gt;</literal> section. This can be used if several software products (say FooBar, FreeBar and OpenBar) grow from the same code base and still share its bugs and vulnerabilities. Note the difference from listing multiple names within a single &lt;package&gt; section.
The version ranges have to allow for <varname>PORTEPOCH</varname> and <varname>PORTREVISION</varname> if applicable. Please remember that according to the collation rules, a version with a non-zero <varname>PORTEPOCH</varname> is greater than any version without <varname>PORTEPOCH</varname>, for example, <literal>3.0,1</literal> is greater than <literal>3.1</literal> or even than <literal>8.9</literal>.
This is a summary of the issue. XHTML is used in this field. At least enclosing <literal>&lt;p&gt;</literal> and <literal>&lt;/p&gt;</literal> has to appear. More complex mark-up may be used, but only for the sake of accuracy and clarity: No eye candy please.
This section contains references to relevant documents. As many references as apply are encouraged.
This is a <link xlink:href="https://www.freebsd.org/security/#adv">FreeBSD security advisory</link>.
This is a <link xlink:href="https://www.freebsd.org/support.html">FreeBSD problem report</link>.
This is a <link xlink:href="http://www.cve.mitre.org/">MITRE CVE</link> identifier.
This is a <link xlink:href="http://www.securityfocus.com/bid">SecurityFocus Bug ID</link>.
This is a <link xlink:href="http://www.cert.org/">US-CERT</link> security advisory.
This is a <link xlink:href="http://www.cert.org/">US-CERT</link> vulnerability note.
This is a <link xlink:href="http://www.cert.org/">US-CERT</link> Cyber Security Alert.
This is a <link xlink:href="http://www.cert.org/">US-CERT</link> Technical Cyber Security Alert.
This is a URL to an archived posting in a mailing list. The attribute <literal>msgid</literal> is optional and may specify the message ID of the posting.
This is a generic URL. Only it if none of the other reference categories apply.
This is the date when the issue was disclosed (<replaceable>YYYY-MM-DD</replaceable>).
This is the date when the entry was added (<replaceable>YYYY-MM-DD</replaceable>).
This is the date when any information in the entry was last modified (<replaceable>YYYY-MM-DD</replaceable>). New entries must not include this field. Add it when editing an existing entry.
Testing Changes to the VuXML Database
This example describes a new entry for a vulnerability in the package <literal>dropbear</literal> that has been fixed in version <literal>dropbear-2013.59</literal>.

Loading…

No matching activity found.

Browse all component changes

Glossary

English English
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: callout/para
Flags
read-only
Source string location
book.translate.xml:20361
String age
a year ago
Source string age
a year ago
Translation file
books/porters-handbook.pot, string 4191