Update several entries, making them a bit clearer (Were possible),

adjusting some package names, and collapsing some ruby entries that
can be combined. Also properly sort the <bid> and <cvename> tags.
b comes before c.

1 files changed, 16 insertions, 36 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 3285be5150bb..a7d49788daa1 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -108,7 +108,7 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>A eRuby injection vulnerability has been discovered in tDiary.</p>
+	<p>An undisclosed eRuby injection vulnerability had been discovered in tDiary.</p>
       </body>
     </description>
     <references>
@@ -117,6 +117,7 @@ Note:  Please add new entries to the beginning of this file.
     <dates>
       <discovery>2006-12-10</discovery>
       <entry>2006-12-13</entry>
+      <modified>2006-12-15</modified>
     </dates>
   </vuln>
 
@@ -295,8 +296,7 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Werner Koch reports:</p>
 	<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000491.html">
-	  <p>
-	    GnuPG uses data structures called filters to process
+	  <p>GnuPG uses data structures called filters to process
 	    OpenPGP messages.  These filters are used in a similar
 	    way as a pipelines in the shell.  For communication
 	    between these filters context structures are used.  These
@@ -314,22 +314,17 @@ Note:  Please add new entries to the beginning of this file.
 	    call an arbitrary function of the process.  Obviously an
 	    exploit needs to prepared for a specific version,
 	    compiler, libc, etc to be successful - but it is
-	    definitely doable.
-	  </p>
-	  <p>
-	    Fixing this is obvious: We need to allocate the context on
+	    definitely doable.</p>
+	  <p>Fixing this is obvious: We need to allocate the context on
 	    the heap and use a reference count to keep it valid as
 	    long as either the controlling code or the filter code
-	    needs it.
-	  </p>
-	  <p>
-	    We have checked all other usages of such a stack based
+	    needs it.</p>
+	  <p>We have checked all other usages of such a stack based
 	    filter contexts but fortunately found no other vulnerable
 	    places.  This allows to release a relatively small patch.
 	    However, for reasons of code cleanness and easier audits
 	    we will soon start to change all these stack based filter
-	    contexts to heap based ones.
-	  </p>
+	    contexts to heap based ones.</p>
 	</blockquote>
       </body>
     </description>
@@ -341,6 +336,7 @@ Note:  Please add new entries to the beginning of this file.
     <dates>
       <discovery>2006-12-04</discovery>
       <entry>2006-12-07</entry>
+      <modified>2006-12-15</modified>
     </dates>
   </vuln>
 
@@ -349,17 +345,8 @@ Note:  Please add new entries to the beginning of this file.
     <affects>
       <package>
         <name>ruby</name>
-        <range><ge>1.8.*,1</ge><lt>1.8.5_5,1</lt></range>
-      </package>
-      <package>
         <name>ruby+pthreads</name>
-        <range><ge>1.8.*,1</ge><lt>1.8.5_5,1</lt></range>
-      </package>
-      <package>
         <name>ruby+pthreads+oniguruma</name>
-        <range><ge>1.8.*,1</ge><lt>1.8.5_5,1</lt></range>
-      </package>
-      <package>
         <name>ruby+oniguruma</name>
         <range><ge>1.8.*,1</ge><lt>1.8.5_5,1</lt></range>
       </package>
@@ -370,7 +357,7 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>Official ruby site reports:</p>
+	<p>The official ruby site reports:</p>
 	<blockquote cite="http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/">
 	  <p>Another vulnerability has been discovered in the CGI library
 	    (cgi.rb) that ships with Ruby which could be used by a malicious
@@ -387,6 +374,7 @@ Note:  Please add new entries to the beginning of this file.
     <dates>
       <discovery>2006-12-04</discovery>
       <entry>2006-12-04</entry>
+      <modified>2006-12-15</modified>
     </dates>
   </vuln>
 
@@ -633,13 +621,14 @@ Note:  Please add new entries to the beginning of this file.
       </body>
     </description>
     <references>
+      <bid>11417</bid>
       <url>http://secunia.com/advisories/12857/</url>
       <url>http://securitytracker.com/alerts/2004/Oct/1011673.html</url>
-      <bid>11417</bid>
     </references>
     <dates>
       <discovery>2004-10-18</discovery>
       <entry>2006-11-14</entry>
+      <modified>2006-12-15</modified>
     </dates>
   </vuln>
 
@@ -715,11 +704,11 @@ Note:  Please add new entries to the beginning of this file.
       </body>
     </description>
     <references>
+      <bid>20903</bid>
       <cvename>CVE-2006-4806</cvename>
       <cvename>CVE-2006-4807</cvename>
       <cvename>CVE-2006-4808</cvename>
       <cvename>CVE-2006-4809</cvename>
-      <bid>20903</bid>
     </references>
     <dates>
       <discovery>2006-11-03</discovery>
@@ -732,17 +721,8 @@ Note:  Please add new entries to the beginning of this file.
     <affects>
       <package>
 	<name>ruby</name>
-	<range><ge>1.8.*,1</ge><lt>1.8.5_4,1</lt></range>
-      </package>
-      <package>
 	<name>ruby+pthreads</name>
-	<range><ge>1.8.*,1</ge><lt>1.8.5_4,1</lt></range>
-      </package>
-      <package>
 	<name>ruby+pthreads+oniguruma</name>
-	<range><ge>1.8.*,1</ge><lt>1.8.5_4,1</lt></range>
-      </package>
-      <package>
 	<name>ruby+oniguruma</name>
 	<range><ge>1.8.*,1</ge><lt>1.8.5_4,1</lt></range>
       </package>
@@ -767,14 +747,14 @@ Note:  Please add new entries to the beginning of this file.
       </body>
     </description>
     <references>
-      <cvename>CVE-2006-5467</cvename>
       <bid>20777</bid>
+      <cvename>CVE-2006-5467</cvename>
       <url>http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html</url>
     </references>
     <dates>
       <discovery>2006-10-25</discovery>
       <entry>2006-11-04</entry>
-      <modified>2006-12-05</modified>
+      <modified>2006-12-15</modified>
     </dates>
   </vuln>