git: 1e665dbe14 - main - Porter's Handbook/Security: Update VuXML content

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Joseph Mingrone <jrm_at_FreeBSD.org>
Date: Sat, 16 Mar 2024 13:38:55 UTC
The branch main has been updated by jrm:

URL: https://cgit.FreeBSD.org/doc/commit/?id=1e665dbe1445e032d333b518788f7ec3d4389bd4

commit 1e665dbe1445e032d333b518788f7ec3d4389bd4
Author:     Joseph Mingrone <jrm@FreeBSD.org>
AuthorDate: 2024-03-16 13:26:10 +0000
Commit:     Joseph Mingrone <jrm@FreeBSD.org>
CommitDate: 2024-03-16 13:38:24 +0000

    Porter's Handbook/Security: Update VuXML content
    
    - Use a valid MITRE CVE instead of outdated CAN
    - Remove obsolete MITRE CVE ids, security focus bug id, US Cert id, and US Cert
      Security alerts
    - Update URLs for US Cert vulnerability note and Technical Cyber
      Security Alert
    
    PR:             277068
    Reviewed by:    jrm
    Sponsored by:   https://reviews.freebsd.org/D43992
---
 .../en/books/porters-handbook/security/_index.adoc       | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/documentation/content/en/books/porters-handbook/security/_index.adoc b/documentation/content/en/books/porters-handbook/security/_index.adoc
index 7843b770d7..3c3c77b0b0 100644
--- a/documentation/content/en/books/porters-handbook/security/_index.adoc
+++ b/documentation/content/en/books/porters-handbook/security/_index.adoc
@@ -168,12 +168,8 @@ Now consider a realistic VuXML entry:
   <references> <.>
     <freebsdsa>SA-10:75.foo</freebsdsa> <.>
     <freebsdpr>ports/987654</freebsdpr> <.>
-    <cvename>CAN-2010-0201</cvename> <.>
-    <cvename>CAN-2010-0466</cvename>
-    <bid>96298</bid> <.>
-    <certsa>CA-2010-99</certsa> <.>
+    <cvename>CVE-2023-48795</cvename> <.>
     <certvu>740169</certvu> <.>
-    <uscertsa>SA10-99A</uscertsa> <.>
     <uscertta>SA10-99A</uscertta> <.>
     <mlist msgid="201075606@hacker.com">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=203886607825605</mlist> <.>
     <url>http://j.r.hacker.com/advisories/1</url> <.>
@@ -213,15 +209,9 @@ The above example specifies that affected are versions `1.6` and up to but not i
 
 <.> This is a https://cve.mitre.org/[MITRE CVE] identifier.
 
-<.> This is a https://www.securityfocus.com/bid/[SecurityFocus Bug ID].
+<.> This is a https://www.kb.cert.org/vuls/[US-CERT] vulnerability note.
 
-<.> This is a https://www.cert.org/[US-CERT] security advisory.
-
-<.> This is a https://www.cert.org/[US-CERT] vulnerability note.
-
-<.> This is a https://www.cert.org/[US-CERT] Cyber Security Alert.
-
-<.> This is a https://www.cert.org/[US-CERT] Technical Cyber Security Alert.
+<.> This is a https://www.cisa.gov/news-events/cybersecurity-advisories[US-CERT] Technical Cyber Security Alert.
 
 <.> This is a URL to an archived posting in a mailing list. The attribute `msgid` is optional and may specify the message ID of the posting.