vuxml issue – vulnx.txt did not contain UTF-8

A few days ago, I noticed portaudit telling me about a few things that needed to be updated:

# portaudit
Affected package: rubygem-rails-1.2.3
Type of problem: rubygem-rails — session-fixation vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/30acb8ae-9d46-11dc-9114-001c2514716c.html>

Affected package: rubygem-rails-1.2.3
Type of problem: rubygem-rails — JSON XSS vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/44fb0302-9d38-11dc-9114-001c2514716c.html>

Affected package: rubygem-activesupport-1.4.2
Type of problem: rubygem-rails — JSON XSS vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/44fb0302-9d38-11dc-9114-001c2514716c.html>

3 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

Today, I tried updating them via portupgrade. I found I could not. portupgrade didn’t perform any work. OK, perhaps I’ve already upgraded. Let me check FreshPorts and see what the latest versions are. OH! FreshPorts says version 1.2.3 is not vulnerable. That conflicts with portaudit.

Either FreshPorts is not correctly processing the vuln.xml file or it has not processed the latest revision of vuln.xml. OK, so it has processed the latest… It must be a processing error.

I ran the script manually and noticed an error:

not well-formed (invalid token) at line 82, column 28, byte 3390 at /usr/local/lib/perl5/site_perl/5.8.8/mach/XML/Parser.pm line 187

Checking the file (vuln.txt), I found this on line 82:

to 1.2.5, though it isn¡¯t strictly necessary if you

That isn’t UTF-8, or at least it does not look like it is. I think the line should look like this:

to 1.2.5, though it isn’t strictly necessary if you

I also added addition error reporting to FreshPorts so that such errors are reported.

Thanks to Simon Nielson for commiting the change.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top