GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
VUXML(1) FreeBSD General Commands Manual VUXML(1)

vuxmlFreeBSD VuXML query tool

vuxml [--desc|-D] [--id|-i VID] [--topic|-t RE] [--keyword|-k RE] [--package|-p PID] [--re-names|-R] [--sources|-s] [--ref|-r RID] [--discovery|-d DATE] [--entry|-e DATE] [--modified|-m DATE] [--debug] [--help|-?] [--version] [--]

The vuxml utility provides easy and flexible ways to query the FreeBSD VuXML database of security issues in FreeBSD and its ports collection.

You can search or explore the database:

  • by vulnerability ID (with the [--id|-i] option),
  • by regular expression in topics (with the [--topic|-t] option),
  • by regular expression in topics and descriptions (with the [--keyword|-k] option),
  • by package name or package name and version (with the [--package|-p] option),
    • the package name can be treated as a regular expression (with the [--re-names|-R] option),
  • by reference source, reference source and ID, or ID (with the [--ref|-r] option),
    • existing sources can be listed (with the [--sources|-s] option),
  • by discovery, entry or modification dates (with the [--discovery|-d], [--entry|-e] or [--modified|-m] options),
    • these dates can be a specific day, month or year.

For all these queries the detailed description is not printed, unless you use the [--desc|-d] option to render the HTML description as text.

For the package and reference queries, the package and version, or reference source and ID, are separated using the '~' character.

All the options can be used several times and their results are cumulative (ie. treated as logical OR).

[--desc|-D] Print description

[--id|-i VID] Search for the specified Vulnerability ID

[--topic|-t RE] Search for the specified regex in topics

[--keyword|-k RE] Search for the specified regex in topics and desc.

[--package|-p PID] Search for the specified name in affected packages. PID can also be name~version

[--re-names|-R] The name part of a PID is a regex

[--sources|-s] List references sources

[--ref|-r RID] Search for the specified ID in references. RID can also be source~, source~ID

[--discovery|-d DATE] Search for the specified date in discovery dates

[--entry|-e DATE] Search for the specified date in entry dates

[--modified|-m DATE] Search for the specified date in modified dates. DATE can be YYYY-MM-DD, YYYY-MM or YYYY

[--debug] Enable debug mode

[--help|-?] Print usage and this help message and exit

[--version] Print version and exit

[--] Options processing terminator

The VUXML_DEBUG environment variable can be set to any value to enable debug mode.

The LOCALAPPDATA and TMP environment variables under Windows, and HOME, TMPDIR and TMP environment variables under other operating systems can influence the caching directory used.

The vuxml utility will attempt to maintain a caching directory for the web service it uses, where the downloaded database will be re-used within the next 24 hours.

This directory will be located in one of the following places:

  • Windows:
    • %LOCALAPPDATA%/cache/vuxml
    • %TMP%/cache/vuxml
  • Unix:
    • ${HOME}/.cache/vuxml
    • ${TMPDIR}/.cache/vuxml
    • ${TMP}/.cache/vuxml

The vuxml utility exits 0 on success, and >0 if an error occurs.

Use the following command to search for vulnerabilities affecting the "gnutls" package:

vuxml -p gnutls

And the following one to search for vulnerabilities affecting packages whose name starts with "gnutls" ("gnutls", "gnutls-devel", "gnutls3" will match, while "linux-f10-gnutls" won't):

vuxml -Rp "^gnutls"

vuxml(3), VuXML website FreeBSD VuXML website VuXML database explanation in the Porter's handbook VuXML database as a FreeBSD port pkg-audit(8), vxquery

The vuxml utility is not a standard UNIX command.

It tries to follow the PEP 8 style guide for Python code.

Tested OK under Windows.

Packaged for FreeBSD as .

This implementation was made for the PNU project

While working on the pipinfo(1) tool, I noticed that some Python packages installed as FreeBSD ports where marked as vulnerable in Python advisories but not in FreeBSD ports advisories.

I made a tool called pysec2vuxml to check the 4000+ FreeBSD ports of Python packages, and found around 1% of them vulnerable.

So I made a library in order to verify if these vulnerable ports where also marked as vulnerable in FreeBSD VuXML, and got carried away writing this utility to demonstrate the use of the library!

This utility is available under the 3-clause BSD license.

Hubert Tournier

PORTEPOCH (ie. software versions ending with ",number") is not taken into account when checking if a vulnerable Python package is also a vulnerable FreeBSD port.

Exotic version numbers (ie. with letters for example) are also not taken into account.

March 17, 2024 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.