Whitespace-only fixes, translators please ignore.
This commit is contained in:
Warren Block
parent
adfa005731
commit
1abac7710c
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=47880
1 changed files with 29 additions and 28 deletions
|
|
@ -97,12 +97,13 @@
|
|||
the community of port users about the jeopardy. Such
|
||||
notification serves two purposes. First, if the danger is
|
||||
really severe it will be wise to apply an instant workaround.
|
||||
For example, stop the affected network service or even deinstall the
|
||||
port completely until the vulnerability is closed. Second, a
|
||||
lot of users tend to upgrade installed packages only
|
||||
occasionally. They will know from the notification that they
|
||||
<emphasis>must</emphasis> update the package without delay as
|
||||
soon as a corrected version is available.</para>
|
||||
For example, stop the affected network service or even
|
||||
deinstall the port completely until the vulnerability is
|
||||
closed. Second, a lot of users tend to upgrade installed
|
||||
packages only occasionally. They will know from the
|
||||
notification that they <emphasis>must</emphasis> update the
|
||||
package without delay as soon as a corrected version is
|
||||
available.</para>
|
||||
|
||||
<para>Given the huge number of ports in the tree, a security
|
||||
advisory cannot be issued on each incident without creating a
|
||||
|
|
@ -115,12 +116,14 @@
|
|||
intervention.</para>
|
||||
|
||||
<para>Committers can update the <acronym>VuXML</acronym>
|
||||
database themselves, assisting the Security Officer Team
|
||||
and delivering crucial information to the community more
|
||||
quickly. Those who are not committers or have discovered
|
||||
an exceptionally severe vulnerability should not hesitate
|
||||
to contact the Security Officer Team directly, as described
|
||||
on the <link xlink:href="http://www.freebsd.org/security/#how">&os; Security Information</link> page.</para>
|
||||
database themselves, assisting the Security Officer Team and
|
||||
delivering crucial information to the community more quickly.
|
||||
Those who are not committers or have discovered an
|
||||
exceptionally severe vulnerability should not hesitate to
|
||||
contact the Security Officer Team directly, as described on
|
||||
the <link
|
||||
xlink:href="http://www.freebsd.org/security/#how">&os;
|
||||
Security Information</link> page.</para>
|
||||
|
||||
<para>The VuXML database is an <acronym>XML</acronym> document.
|
||||
Its source file <filename>vuln.xml</filename> is kept right
|
||||
|
|
@ -204,8 +207,8 @@
|
|||
</vuln></programlisting>
|
||||
|
||||
<para>The tag names are supposed to be self-explanatory so we
|
||||
shall take a closer look only at fields which needs to be filled
|
||||
in:</para>
|
||||
shall take a closer look only at fields which needs to be
|
||||
filled in:</para>
|
||||
|
||||
<calloutlist>
|
||||
<callout arearefs="co-vx-vid">
|
||||
|
|
@ -232,10 +235,10 @@
|
|||
important build-time configuration options.</para>
|
||||
|
||||
<important>
|
||||
<para>It is the submitter's responsibility to find all such related
|
||||
packages when writing a VuXML entry. Keep in mind that
|
||||
<literal>make search name=foo</literal> is helpful.
|
||||
The primary points to look for are:</para>
|
||||
<para>It is the submitter's responsibility to find all
|
||||
such related packages when writing a VuXML entry. Keep
|
||||
in mind that <literal>make search name=foo</literal> is
|
||||
helpful. The primary points to look for are:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
|
|
@ -267,8 +270,8 @@
|
|||
<literal><le></literal>,
|
||||
<literal><eq></literal>,
|
||||
<literal><ge></literal>, and
|
||||
<literal><gt></literal> elements. Check that the version
|
||||
ranges given do not overlap.</para>
|
||||
<literal><gt></literal> elements. Check that the
|
||||
version ranges given do not overlap.</para>
|
||||
|
||||
<para>In a range specification, <literal>*</literal>
|
||||
(asterisk) denotes the smallest version number. In
|
||||
|
|
@ -408,12 +411,11 @@
|
|||
<sect2 xml:id="security-notify-vuxml-testing">
|
||||
<title>Testing Changes to the VuXML Database</title>
|
||||
|
||||
<para>This example describes a new entry for a
|
||||
vulnerability in the package <literal>dropbear</literal> that
|
||||
has been fixed in version <literal>dropbear-2013.59</literal>.</para>
|
||||
<para>This example describes a new entry for a vulnerability in
|
||||
the package <literal>dropbear</literal> that has been fixed in
|
||||
version <literal>dropbear-2013.59</literal>.</para>
|
||||
|
||||
<para>As a prerequisite,
|
||||
install a fresh version of
|
||||
<para>As a prerequisite, install a fresh version of
|
||||
<package role="port">security/vuxml</package> port.</para>
|
||||
|
||||
<para>First, check whether there already is an entry for this
|
||||
|
|
@ -434,8 +436,8 @@
|
|||
<screen>&prompt.user; <userinput>make validate</userinput></screen>
|
||||
|
||||
<note>
|
||||
<para>At least one of these packages needs to be
|
||||
installed: <package role="port">textproc/libxml2</package>,
|
||||
<para>At least one of these packages needs to be installed:
|
||||
<package role="port">textproc/libxml2</package>,
|
||||
<package role="port">textproc/jade</package>.</para>
|
||||
</note>
|
||||
|
||||
|
|
@ -464,4 +466,3 @@ WWW: http://portaudit.FreeBSD.org/8c9b48d1-3715-11e3-a624-00262d8b701d.html
|
|||
</sect2>
|
||||
</sect1>
|
||||
</chapter>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue