Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 20 Jul 2021 08:55:32 |
Bernard Spil (brnrd) |
security/vuxml: Document MySQL vulnerabilities Jul2021 |
1.1_5 18 Jul 2021 21:27:11 |
Guangyuan Yang (ygy) Author: stb |
security/vuxml: Document vulnerabilities in www/gitea
PR: 257221
Approved by: lwhsu (mentor) |
1.1_5 18 Jul 2021 17:54:30 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix make validate after 069e58611c7933431ec82b0b9c119677e8d6cc21
Reported by: lwhsu
Approved by: delphij (ports-secteam) |
1.1_5 16 Jul 2021 20:31:59 |
Rene Ladan (rene) |
security/vuxml: document chromium < 91.0.4472.164
Obtained
from: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html |
1.1_5 14 Jul 2021 17:26:34 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document ruby vulnerability |
1.1_5 14 Jul 2021 16:10:51 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix make test
- Respect VUXML_FILE and VUXML_FLAT_FILE [1]
It allows run "make test" on read-only media (e.g. poudriere jail)
- Copy all vuln XML file to the test directory [2]
Since vuln.xml has been split into multiple XML files, all of them must be
copied to the test directory.
Without [1], the error message is as follows:
===> Testing for vuxml-1.1_5
xmllint -noent vuln.xml > vuln-flat.xml
/bin/sh: cannot create vuln-flat.xml: Read-only file system
*** Error code 2
Stop.
Without [2], the error message is as follows: (Only the first 15 lines of the commit message are shown above ) |
1.1_5 13 Jul 2021 12:01:52 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5 10 Jul 2021 12:51:01 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in databases/mantis
PR: 257068
Reported by: Zoltan ALEXANDERSON BESSE <zab@zltech.eu> |
1.1_5 08 Jul 2021 06:49:57 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerability |
1.1_5 04 Jul 2021 20:55:52 |
Tobias C. Berner (tcberner) Author: Daniel Engberg |
security/vuxml: document vulnerabilities in graphics/exiv2
PR: 256803 |
1.1_5 03 Jul 2021 05:01:44 |
Matthias Andree (mandree) |
security/vuxml: document openexr < 3.0.5 vulns
Security: f2596f27-db4c-11eb-8bc6-c556d71493c9 |
1.1_5 02 Jul 2021 07:34:26 |
Matthias Fechner (mfechner) |
security/vuxml: Documented gitlab vulnerabilities. |
1.1_5 01 Jul 2021 07:30:09 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Let vuln-flat.xml depend on all vuln xml files
So it can get rebuilt when any of vuln xml file changed.
Approved by: ports-secteam (fluffy, implicitly) |
1.1_5 01 Jul 2021 07:28:36 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-06-30
Sponsored by: The FreeBSD Foundation |
1.1_5 30 Jun 2021 15:39:09 |
Juraj Lutter (otis) |
security/vuxml: Fix dovecot entry
Fix stray ">" character in a CVE URL. |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Add net/rabbitmq CVE-2021-22116 DoS vuln
Security: CVE-2021-22116
Sponsored by: SkunkWerks, GmbH |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Pet rabbitmq-c entry
make clean validate failed after rebased commit
fix package name error and indentation issues |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Pet puppetdb entry
make clean validate reports a missing stanza |
1.1_5 25 Jun 2021 20:46:55 |
Dave Cottlehuber (dch) |
security/vuxml: add entry for net/rabbitmq-c
Sponsored by: SkunkWerks, GmbH
Security: CVE-2019-18609
Differential Revision: https://reviews.freebsd.org/D30906 |
1.1_5 25 Jun 2021 20:03:01 |
Romain Tartière (romain) |
security/vuxml: Document CVE-2021-27021 |
1.1_5 25 Jun 2021 17:13:18 |
Mateusz Piotrowski (0mp) |
security/vuxml: Add another package for CVE-2021-3583
Also, fix a copy-paste error. py*-ansible-base are listed twice. The
second entry should list py*-ansible instead. |
1.1_5 25 Jun 2021 14:27:15 |
Mateusz Piotrowski (0mp) |
security/vuxml: Update Ansible's CVE-2021-3583
It turns out that it affects not only ansible-core, but also some other
ports. |
1.1_5 24 Jun 2021 18:50:15 |
Juraj Lutter (otis) |
security/vuxml: Fix mail/dovecot-pigeonhole vulnerable versions
Correct mail/dovecot-pigeonhole vulnerable versions to proper value. |
1.1_5 24 Jun 2021 10:30:56 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix CVS name for vid e4cd0b38-c9f9-11eb-87e1-08002750c711
This should fix vuxml.org build.
PR: 256789 |
1.1_5 24 Jun 2021 10:03:43 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Update the doc link and the comment of where to add new entry
Approved by: ports-secteam (implicitly) |
1.1_5 24 Jun 2021 09:59:09 |
Mateusz Piotrowski (0mp) |
security/vuxml: Document sysutils/py-ansible-core vulnerability
Security: CVE-2021-3583 |
1.1_5 23 Jun 2021 18:21:56 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix `make validate` to use the latest vuxml file
This is a follow up for 6954792fe916862afd25cf6ce961bd7062dfb21f
Approved by: ports-secteam (fluffy) |
1.1_5 23 Jun 2021 14:34:34 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Create 2021 entity
Let's create a new entity in the beginning of each year and append to it,
instead of massive copying in the end of each year. |
1.1_5 23 Jun 2021 10:00:10 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range of www/py-aiohttp
This also marks 3.7.4.p0 as fixed.
PR: 256219 |
1.1_5 22 Jun 2021 16:14:41 |
Juraj Lutter (otis) |
security/vuxml: Document mail/dovecot-pigeonhole vulnerability |
1.1_5 22 Jun 2021 16:14:41 |
Juraj Lutter (otis) |
security/vuxml: Document mail/dovecot vulnerabilities |
1.1_5 21 Jun 2021 20:34:11 |
Brad Davis (brd) |
security/vuxml: Fix range for www/nginx CVE-2021-23017
Reviewed by: garga
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5 21 Jun 2021 16:20:13 |
Danilo G. Baio (dbaio) |
security/vuxml: Fix 'make validate'
While here, remove hyperlinks to simplify, they can be accessed through
the report's url. |
1.1_5 20 Jun 2021 01:31:15 |
Adam Weinberger (adamw) |
security/vuxml: Add entry for gitea < 1.14.3
PR: 256720 |
1.1_5 18 Jun 2021 11:01:23 |
Rene Ladan (rene) |
security/vuxml: Add www/chromium < 91.0.4472.114
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html |
1.1_5 15 Jun 2021 15:48:20 |
Kevin Bowling (kbowling) |
security/vuxml: Document CVE-2021-29376 for irc/ircII
PR: 255492
Reported by: Andrew Gierth <andrew@tao11.riddles.org.uk> |
1.1_5 14 Jun 2021 07:15:01 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulns |
1.1_5 11 Jun 2021 10:50:26 |
Dmitry Marakasov (amdmi3) |
security/vuxml: document CVE-2021-33564 for rubygem-dragonfly |
1.1_5 10 Jun 2021 14:37:05 |
Rodrigo Osorio (rodrigo) |
security/vuxml: Document CVE-2020-35701 for net-mgmt/cacti |
1.1_5 10 Jun 2021 11:37:46 |
Rene Ladan (rene) |
security/vuxml: add Chromium < 91.0.4472.101
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html |
1.1_5 08 Jun 2021 19:30:08 |
Ashish SHUKLA (ashish) |
security/vuxml: Document CVE-2021-33896 in net-im/dino port |
1.1_5 06 Jun 2021 20:48:56 |
Matthew Seaman (matthew) |
security/vuxml: Document CVE-2021-3515 for databases/pglogical
A shell injection flaw was found in pglogical in versions before 2.3.4
and before 3.6.26. An attacker with CREATEDB privileges on a
PostgreSQL server can craft a database name that allows execution of
shell commands as the postgresql user when calling
pglogical.create_subscription(). |
1.1_5 06 Jun 2021 08:48:40 |
Kurt Jaeger (pi) Author: Simon Wright |
security/vuxml: add www/drupal7 CVE |
1.1_5 04 Jun 2021 18:29:52 |
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in sysutils/polkit
Cedric Buissart reports:
The function `polkit_system_bus_name_get_creds_sync` is used to get the
uid and pid of the process requesting the action. It does this by
sending the unique bus name of the requesting process, which is
typically something like ":1.96", to `dbus-daemon`. These unique names
are assigned and managed by `dbus-daemon` and cannot be forged, so this
is a good way to check the privileges of the requesting process.
The vulnerability happens when the requesting process disconnects from
`dbus-daemon` just before the call to
`polkit_system_bus_name_get_creds_sync` starts. In this scenario, the
unique bus name is no longer valid, so `dbus-daemon` sends back an error (Only the first 15 lines of the commit message are shown above ) |
1.1_5 04 Jun 2021 09:59:47 |
Thomas Zander (riggs) |
security/vuxml: Document CVE-2021-33054 for www/sogo*.
PR: 256374
Reported by: rob2g2 <spam123@bitbert.com> |
1.1_5 04 Jun 2021 09:38:47 |
Fernando ApesteguÃa (fernape) |
security/vuxml: Add CVE-2020-8492 for lang/tauthon
PR: 256387
Reported by: olivier.freebsd@free.fr |
1.1_5 04 Jun 2021 09:32:50 |
Thomas Zander (riggs) |
security/vuxml: Document CVE-2021-28091 for security/lasso.
PR: 256373
Reported by: spam123@bitbert.com |
1.1_5 03 Jun 2021 23:17:28 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 03 Jun 2021 11:26:09 |
Dmitry Marakasov (amdmi3) |
security/vuxml: document aiohttp CVE-2021-21330 |
1.1_5 02 Jun 2021 23:53:02 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.2
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability. |
1.1_5 02 Jun 2021 18:41:43 |
Dmitry Marakasov (amdmi3) |
security/vuxml: add entry for PyYAML CVE-2020-14343
PR: 256220 |
1.1_5 02 Jun 2021 13:48:26 |
Ryan Steinmetz (zi) |
security/vuxml: Fix overly large entry that violates 'make validate' |
1.1_5 02 Jun 2021 13:48:26 |
Ryan Steinmetz (zi) |
security/vuxml: Document isc-dhcp44-* vulnerability
PR: 256377 |
1.1_5 01 Jun 2021 22:37:21 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities. |
1.1_5 01 Jun 2021 16:59:21 |
Jung-uk Kim (jkim) |
security/vuxml: Correct CVE entry for the x11/libX11 vulnerability |
1.1_5 01 Jun 2021 15:35:26 |
Sergey A. Osokin (osa) |
security/vuxml: document vulnerability in databases/redis
Security: CVE-2021-32625 |
1.1_5 01 Jun 2021 15:13:05 |
Jung-uk Kim (jkim) |
security/vuxml: Document vulnerability in x11/libX11
PR: 256034
Security: CVE-2021-31535 |
1.1_5 01 Jun 2021 03:02:51 |
Guangyuan Yang (ygy) Author: David O'Rourke |
security/vuxml: Document vulnerability in net-mgmt/prometheus2
PR: 255976
Security: CVE-2021-29622
Approved by: lwhsu (mentor) |
1.1_5 31 May 2021 20:55:37 |
Adriaan de Groot (adridg) |
security/vuxml: Document graphics/wayland <= 1.19.0 |
1.1_5 27 May 2021 05:17:36 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:12.libradius |
1.1_5 27 May 2021 05:17:36 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:11.smap |
1.1_5 26 May 2021 10:17:39 |
Rene Ladan (rene) |
vuln.xml: Document chromium < 91.0.4472.77
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html |
1.1_5 26 May 2021 00:33:57 |
Danilo G. Baio (dbaio) |
security/vuxml: Document net/libzmq4 issues
PR: 255102
Reported by: Thomas Petig <thomas@petig.eu>
Security: CVE-2019-13132
Security: CVE-2020-15166 |
1.1_5 25 May 2021 15:40:21 |
Sergey A. Osokin (osa) |
security/vuxml: document vulnerability in www/nginx and www/nginx-devel
Security: CVE-2021-23017 |
1.1_5 24 May 2021 15:57:00 |
Palle Girgensohn (girgen) |
databases/pg_partman: arbitrary code execution
Security: CVE-2021-33204 |
1.1_5 24 May 2021 15:02:45 |
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in texptroc/expat2
Security: CVE-2013-0340
PR: 256121 |
1.1_5 23 May 2021 14:44:41 |
Tobias C. Berner (tcberner) Author: Yasuhiro Kimura |
security/vuxml: document vulnerability in texptroc/libxml2
PR: 256093
Security: CVE-2021-3541 |
1.1_5 17 May 2021 15:11:08 |
Mateusz Piotrowski (0mp) |
security/vuxml: Add example cvename tag to template
Reviewed by: riggs
Approved by: riggs (ports secteam)
Differential Revision: https://reviews.freebsd.org/D30231 |
1.1_5 15 May 2021 09:12:15 |
Palle Girgensohn (girgen) |
databases/postgresql??-server: multiple security issues |
1.1_5 13 May 2021 19:44:55 |
Neel Chauhan (nc) Author: Thomas Morper |
security/vuxml: Add entry for net-im/prosody
PR: 255845, 255849 |
1.1_5 13 May 2021 14:43:16 |
Thierry Thomas (thierry) |
security/vuxml: declare vulnerabilities for ImageMagick6
PR: 255818 |
1.1_5 13 May 2021 14:43:16 |
Thierry Thomas (thierry) |
security/vuxml: declare vulnerabilities for ImageMagick7
PR: 255802 |
1.1_5 12 May 2021 10:09:17 |
Thierry Thomas (thierry) |
security/vuxml: add vunerabilities fixed in 8.2.0
PR: 255361 |
1.1_5 11 May 2021 18:11:58 |
Rene Ladan (rene) |
Document vulnerabilities in Chromium < 90.0.4430.212
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html |
1.1_5 11 May 2021 15:19:59 |
Neel Chauhan (nc) Author: Sascha Biberhofer |
security/vuxml: Add entry for net-im/py-matrix-synapse |
1.1_5 10 May 2021 12:35:14 |
Hajimu UMEMOTO (ume) |
security/vuxml: cyrus-imapd -- Remote authenticated users could bypass intended
access restrictions on c\ertain server annotations. |
1.1_5 08 May 2021 16:03:23 |
Christian Weisgerber (naddy) |
security/vuxml: Document FLAC out-of-bounds read |
1.1_5 08 May 2021 09:33:44 |
Matthias Andree (mandree) |
security/vuxml: add CVE #s for OpenEXR 2.5.4 fixes |
1.1_5 07 May 2021 09:52:53 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document rails vulnerability |
1.1_5 06 May 2021 20:12:51 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5 05 May 2021 08:39:44 |
Mateusz Piotrowski (0mp) |
security/vuxml: Document Ansible vulnerability |
1.1_5 05 May 2021 07:05:58 |
Wen Heping (wen) |
security/vuxml : Document django's multiple vulnerabilities |
1.1_5 05 May 2021 03:39:35 |
Wen Heping (wen) |
Document Python's multiple vulnerabilities |
1.1_5 04 May 2021 14:26:23 |
Bernard Spil (brnrd) |
security/vuxml: Update latest MySQL vuln entry
* Adds CVE numbers
* Mark MariaDB partially affected |
1.1_5 03 May 2021 21:44:51 |
Sergey A. Osokin (osa) |
security/vuxml: document recent vulnerabilities with redis ports.
PR: 255580 |
1.1_5 03 May 2021 13:59:52 |
Koichiro Iwao (meta) |
security/vuxml: Document command injection vulnerability in RDoc
PR: 255552
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Security: CVE-2021-31799 |
1.1_5 02 May 2021 12:59:33 |
Kurt Jaeger (pi) Author: Geoffroy Desvernay |
security/vuxml: add mail/sympa CVE
PR: 252464 |
1.1_5 01 May 2021 01:25:40 |
Timur I. Bakeyev (timur) |
Add an entry about Samba vulnerability CVE-2021-20254:
Negative idmap cache entries can cause incorrect group entries in the Samba file
server process token.
PR:
Submitted by:
Reported by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
MFH:
Relnotes:
Security: CVE-2021-20254
Sponsored by:
Differential Revision: |
1.1_5 29 Apr 2021 23:00:45 |
Don Lewis (truckman) |
security/vuxml: Update fixed version of openoffice-devel.
CVE-2021-30245 is fixed in version 1619649022 of
editors/openoffice-devel. |
1.1_5 28 Apr 2021 21:57:39 |
Matthias Fechner (mfechner) |
Document gitlab-ce vulnerabilities. |
1.1_5 28 Apr 2021 21:57:38 |
Matthias Fechner (mfechner) |
Document vulnerabilities for www/rubygem-carrierwave. |
1.1_5 28 Apr 2021 16:56:22 |
Neel Chauhan (nc) |
mail/sympa: add vuxml entry
PR: 255455
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer) |
1.1_5 27 Apr 2021 17:11:58 |
Rene Ladan (rene) |
Document new vulns, www/chromium < 90.0.4430.93
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html |
1.1_5 26 Apr 2021 13:30:52 |
Palle Girgensohn (girgen) |
security/shibboleth.sp: add more information to security advisory |
1.1_5 26 Apr 2021 08:36:36 |
Palle Girgensohn (girgen) |
security/shibboleth-sp: add entry for upcoming vulnerability
The details are not yet disclosed. |
1.1_5 21 Apr 2021 21:40:41 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.1 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.1
Fix null-pointer dereference when encountering an invalid enum name
in a config/input file that tries to read it into a set[enum]. For
those that have such an input feed whose contents may come from
external/remote sources, this is a potential DoS vulnerability. |
1.1_5 21 Apr 2021 17:48:54 |
Matthias Andree (mandree) |
security/vuxml: add devel/openvpn < 2.5.2 entry
Security: CVE-2020-15078
Security: efb965be-a2c0-11eb-8956-1951a8617e30 |
1.1_5 21 Apr 2021 08:11:40 |
Rene Ladan (rene) |
Document new vulnerabilities in www/chromium < 90.0.4430.85
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html |
1.1_5 20 Apr 2021 19:28:14 |
Bryan Drewery (bdrewery) |
Another openssh version fix for CVE-2021-28041.
Reported by: leres |
1.1_5 20 Apr 2021 19:26:54 |
Li-Wen Hsu (lwhsu) |
Document Jenkins Security Advisory 2021-04-20
Sponsored by: The FreeBSD Foundation |