diff --git a/security/vuxml/files/newentry.sh b/security/vuxml/files/newentry.sh
--- a/security/vuxml/files/newentry.sh
+++ b/security/vuxml/files/newentry.sh
@@ -66,6 +66,7 @@
 	  <p>${details}</p>
 	</blockquote>
 	</body>"
+WEAKNESSES=""
 
 
 # Try to retrieve information if a CVE identifier was provided
@@ -91,6 +92,7 @@
 	cveurl=https://nvd.nist.gov/vuln/detail/${CVE_ID}
 	pref=.vulnerabilities[0].cve
 	details=$(jq -r "${pref}.descriptions[0].value|@html" "${tmp_nvd}" | fmt -p -s | sed '1!s/^/\t/') || exit 1
+	cwenames=$(jq -r "${pref}.weaknesses[].description[0].value|@html" "${tmp_nvd}" | fmt -p -s | sed '1!s/^/\t/') || exit 1
 	discovery=$(jq -r "${pref}.published|@html" "${tmp_nvd}" | cut -f1 -dT) || exit 1
 	pref=.vulnerabilities[0].cve.configurations[0].nodes[0].cpeMatch[0]
 	package_name=$(jq -r "${pref}.criteria|@html" "${tmp_nvd}" | cut -f4 -d:) || exit 1
@@ -106,6 +108,16 @@
 	  <p>${details}</p>
 	</blockquote>
 	</body>"
+
+	for cwe in ${cwenames}; do
+WEAKNESSES="${WEAKNESSES}
+      <cwename>${cwe}</cwename>"
+	done
+
+	if [ -n "${WEAKNESSES}" ]; then
+WEAKNESSES="<weaknesses>${WEAKNESSES}
+    </weaknesses>"
+	fi
 fi
 
 if [ -n "${SA_ID}" ]; then
@@ -167,6 +179,7 @@
       <cvename>${cvename}</cvename>
       <url>${cveurl}</url>
     </references>
+    ${WEAKNESSES}
     <dates>
       <discovery>${discovery}</discovery>
       <entry>${entry}</entry>
diff --git a/security/vuxml/files/tidy.xsl b/security/vuxml/files/tidy.xsl
--- a/security/vuxml/files/tidy.xsl
+++ b/security/vuxml/files/tidy.xsl
@@ -24,7 +24,7 @@
 
 <xsl:template match="/">
 	<xsl:text disable-output-escaping="yes"><![CDATA[<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd" [
+<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.2//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-12.dtd" [
 <!ENTITY vuln-2003 SYSTEM "vuln/2003.xml">
 <!ENTITY vuln-2004 SYSTEM "vuln/2004.xml">
 <!ENTITY vuln-2005 SYSTEM "vuln/2005.xml">
diff --git a/security/vuxml/files/validate.sh b/security/vuxml/files/validate.sh
--- a/security/vuxml/files/validate.sh
+++ b/security/vuxml/files/validate.sh
@@ -39,7 +39,8 @@
 for x in ${X}; do
   case ${x} in
   *xmllint)
-    validate ${x} --valid --noout "${vuxml_file}"
+    # XXX for testing dtd; remove before commit
+    validate ${x} --nonet --dtdvalid 'file:///home/trasz/git/ports/security/vuxml/vuxml-12.dtd' --noout "${vuxml_file}"
     exit $?
     ;;
   *onsgmls)
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd" [
+<!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.2//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-12.dtd" [
 <!ENTITY vuln-2003 SYSTEM "vuln/2003.xml">
 <!ENTITY vuln-2004 SYSTEM "vuln/2004.xml">
 <!ENTITY vuln-2005 SYSTEM "vuln/2005.xml">