On Wed, Dec 13, 2006 at 10:56:31PM +0000, Martin Wilke wrote:
> miwi 2006-12-13 22:56:31 UTC
>
> FreeBSD ports repository
>
> Modified files:
> security/vuxml vuln.xml
> Log:
> tDiary - Injection Vulnerability
>
> | + <description>
> | + <body xmlns="http://www.w3.org/1999/xhtml";>
> | + <p>A eRuby injection vulnerability has been discovered in tDiary.</p>
> | + </body>
> | + </description>
Hello Martin,
Just being the bad secteam member ;-) Can you tell me what the injection
vulnerability is? If people read this, they dont have any clue whatsoever
whether thies applies to their situation or not and what the risk actually
is.
This is one of the biggest problems since adding VuXML entries will take
up more time when people need to investigate the issue prior to adding
them to the vuln.xml db, but I think (my personal opinion) that this is
required since the above text tells us nothing.
Apart from that: Thank you very much for working on the VuXML entries!
We (secteam) really appriciate it!
Cheers,
remko
--
Kind regards,
Remko Lodder ** [EMAIL PROTECTED]
FreeBSD ** [EMAIL PROTECTED]
/* Quis custodiet ipsos custodes */
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
