Solved Is this vuln missing from security/vuxml?

dvl@

dvl@

Developer
https://www.vuxml.org/freebsd/057130e6-7f61-11e1-8a43-00262d5ed8ee.html documents a known vulnerability with www/chromium

I cannot locate that vuln within the security/vuxml data:

Code: 
[11:48 mydev dvl /usr/ports] % sudo git pull
Already up to date.
[11:48 mydev dvl /usr/ports] % git status
On branch main
Your branch is up to date with 'origin/main'.

nothing to commit, working tree clean
[11:49 mydev dvl /usr/ports] % date
Thu Sep  4 11:49:02 UTC 2025
[11:49 mydev dvl /usr/ports] %

[11:49 mydev dvl /usr/ports] % grep -ri 057130e6-7f61-11e1-8a43-00262d5ed8ee security/vuxml/
[11:49 mydev dvl /usr/ports] %

I have about 70 similar examples, but wanted to start on this.

Background: I found this particular vulnerability in my copy of the FreshPorts database. To get there, it must have been within security/vuxml at home time.
 
There was a time we purged vuxml from the files to keep them under 5M:

"Purge another batch of superceded www/chromium entries to give us additional headroom under the 5M vuln.xml file size limit"

ports - FreeBSD ports tree

cgit.freebsd.org cgit.freebsd.org
 
That one commit accounts for 59 of the commits I was concerned about.
 
Notes for future researchers:

* compile the log of commits for security/vuxml:

[21:11 mydev dvl /usr/ports] % git log -- security/vuxml > ~/tmp/security-vuxml.log

* checkout only security/vuxml for a given commit:

[21:09 mydev dvl /usr/ports] % sudo git checkout f50795c81a7d5280d1c358ee571f71ffa94153df -- security/vuxml

That type of checkout is much faster than checking out the entire tree.
 
You must log in or register to reply here.
Back
Top