The previous post was based on a question from Martin Wilke, who was looking for a vuxml entry against phpMyAdmin. We eventually found it. It had the wrong dates but it was found. Martin corrected the problem with a followup commit.
This incident prompted me to make a couple of changes to FreshPorts with respect to vuxml entries. The links in the following list relate to the incident in question.
- When you click on a vuxml icon, you will be taken to the FreshPorts page which lists details of that vuxml entry. Previously, you would be taken to the FreeBSD vuxml website. This change allows us to easily confirm that FreshPorts contains the correct information.
- vuxml.php was altered to allow listing of vulnerabilities for a single port/package. This will allow us to confirm FreshPorts has correctly detected the affected names.
- When a port has a present/past vulnerability, the vuxml icon at the top of the page will link to the above mentioned page. This allows you to go to the above page easily and quickly once you have identified the port in question.
- The vuxml.php page now compares affected names by lower case. This groups all the phpMyAdmin entries into one spot. People tend to specify the port name in various ways: phpmyadmin, phpMyAdmin, etc. This changes ensures the above changes show all the vulns for a given affected name regardless of case.
These changes should make vuxml navigation easier when the next situation arises.