On Wed, Dec 13, 2006 at 10:56:31PM +0000, Martin Wilke wrote: > miwi 2006-12-13 22:56:31 UTC > > FreeBSD ports repository > > Modified files: > security/vuxml vuln.xml > Log: > tDiary - Injection Vulnerability > > | + <description> > | + <body xmlns="http://www.w3.org/1999/xhtml"> > | + <p>A eRuby injection vulnerability has been discovered in tDiary.</p> > | + </body> > | + </description>
Hello Martin, Just being the bad secteam member ;-) Can you tell me what the injection vulnerability is? If people read this, they dont have any clue whatsoever whether thies applies to their situation or not and what the risk actually is. This is one of the biggest problems since adding VuXML entries will take up more time when people need to investigate the issue prior to adding them to the vuln.xml db, but I think (my personal opinion) that this is required since the above text tells us nothing. Apart from that: Thank you very much for working on the VuXML entries! We (secteam) really appriciate it! Cheers, remko -- Kind regards, Remko Lodder ** [EMAIL PROTECTED] FreeBSD ** [EMAIL PROTECTED] /* Quis custodiet ipsos custodes */ _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"