Bug 256789

Summary: security/vuxml: vuxml.org/freebsd entries not up to date / synchronised
Product: Ports & Packages Reporter: Dani <i.dani>
Component: Individual Port(s)Assignee: Ports Security Team <ports-secteam>
Status: In Progress ---    
Severity: Affects Many People CC: clusteradm, herbert, lwhsu, mwalker
Priority: --- Flags: bugzilla: maintainer-feedback? (ports-secteam)
Version: Latest   
Hardware: Any   
OS: Any   

Description Dani 2021-06-23 12:55:13 UTC
The latest entries to security/vuxml aren't synchronised with https://www.vuxml.org/freebsd/index.html anymore. The latest entry is from 2021-06-10. We fetch the bz2 provided there once internally and then use that as source for "pkg audit". Would be cool if this could be looked at :)
Comment 1 commit-hook freebsd_committer 2021-06-24 10:31:13 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=46119dd553f18833b20a76623029a24dd4948c58

commit 46119dd553f18833b20a76623029a24dd4948c58
Author:     Li-Wen Hsu <lwhsu@FreeBSD.org>
AuthorDate: 2021-06-24 10:30:56 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2021-06-24 10:30:56 +0000

    security/vuxml: Fix CVS name for vid e4cd0b38-c9f9-11eb-87e1-08002750c711

    This should fix vuxml.org build.

    PR:             256789

 security/vuxml/vuln-2021.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Comment 2 Li-Wen Hsu freebsd_committer 2021-06-24 11:11:31 UTC
https://www.vuxml.org/freebsd/ gets updated again. It would be good if we can check cvename entry format in `make validate` target.
Comment 3 Herbert J. Skuhra 2021-09-26 09:27:02 UTC
Are you sure?

-r--r--r--  1 root  wheel  6806644 17 Sep 03:39 /var/db/pkg/vuln.xml

# pkg audit -F
vulnxml file up-to-date

This is a serious issue, isnt't it? Some entries were added during the past few days.