Created attachment 207171 [details]
FreeBSD SA entries
As noted on https://vuxml.freebsd.org/freebsd/
"Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML)."
But they are not. Security issues in base system a.k.a Security Advisories are not being added by Security Team.
In my not so humble opinion they should be added in to vuln.xml at the same time as they are published on web https://www.freebsd.org/security/advisories.html
Anyway I created patch to add last entries from August 2019.
Please commit it soon so other users can use vuxml entries to check theirs systems by security/base-audit
Thank you for the report and patch Miroslav
(In reply to Kubilay Kocak from comment #1)
Maybe this PR is not the best place to discuss it but what is the current process of publishing new SA on web https://www.freebsd.org/security/advisories.html?
Is there some template system where Security Officer fills in all the textual data and the file with right format is created or is it all manual work to write the plain text files published on the web?
I am asking if there is any way to automates the process of pushing it to vuln.xml too.
If the final plain text file is the only source of information for new SA I can send you my quick shell script as prototype to ease the conversion of text SA in to XML format for vuln.xml. (the attached patch was create by this script)
I really would like to see vuxml entries published at the same time as plain text SAs in the future.
Can you commit it, please?
Another week passed.
Can somebody commit this really simple patch to finally add known SAs to VuXML, please?