Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_4 30 Sep 2020 20:29:18 |
thierry |
Add recent tt-rss issues.
PR: 249472
Submitted by: Derek Schrock (tt-rss's maintainer)
MFC after: 1 day
Security: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 |
1.1_4 28 Sep 2020 11:23:28 |
pi |
security/vuxml: Add CVE-2020-1945: Apache Ant insecure temporary file
vulnerability
PR: 248098
Submitted by: mikael |
1.1_4 28 Sep 2020 09:42:55 |
pi |
security/vuxml: add entry dns/powerdns below 4.3.1
- CVE-2020-17482
PR: 249560
Submitted by: Ralf van der Enden <tremere@cainites.net>
Relnotes: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html |
1.1_4 26 Sep 2020 13:10:26 |
zeising |
vuxml: Update pango entry for CVE-2019-1010238
Update the pango entry for CVE-2019-1010238.
Since the fix to pango wasn't applied properly the first time around, the
pango version with the fix needed to be bumpt in the vuxml entry. |
1.1_4 22 Sep 2020 19:00:08 |
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.121
Obtained
from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html |
1.1_4 22 Sep 2020 17:23:51 |
tcberner |
security/vuxml: document libxml2 vulnerabilities
PR: 249386 |
1.1_4 21 Sep 2020 21:07:57 |
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 249375
Submitted by: Denis Kasak <dkasak@termina.org.uk>
Submitted by: Sascha Biberhofer <ports@skyforge.at> (earlier version) |
1.1_4 20 Sep 2020 11:36:50 |
fluffy |
- Document python35 multiple vulnerabilities
PR: 249187 |
1.1_4 20 Sep 2020 00:36:02 |
timur |
Add an entry about CVE-2020-1472 - Unauthenticated domain takeover via netlogon
("ZeroLogon")
Security: CVE-2020-1472 |
1.1_4 19 Sep 2020 12:22:27 |
brnrd |
security/vuxml: Document Nextcloud 19.0.1 vuln |
1.1_4 18 Sep 2020 09:26:23 |
mandree |
www/webkit2-gtk3: Multiple Vulnerabilities (vuxml entry)
PR: 247892
Submitted by: rob2g2 <spam123@bitbert.com>
Security: CVE-2020-9802
Security: CVE-2020-9803
Security: CVE-2020-9805
Security: CVE-2020-9806
Security: CVE-2020-9807
Security: CVE-2020-9843
Security: CVE-2020-9850
Security: CVE-2020-13753 |
1.1_4 16 Sep 2020 20:47:51 |
bhughes |
security/vuxml: document Node.js September 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Sponsored by: Miles AS |
1.1_4 16 Sep 2020 06:44:34 |
philip |
security/vuxml: add FreeBSD SA-20:30.ftpd |
1.1_4 16 Sep 2020 06:44:29 |
philip |
security/vuxml: add FreeBSD SA-20:29.bhyve_svm |
1.1_4 16 Sep 2020 06:44:24 |
philip |
security/vuxml: add FreeBSD SA-20:28.bhyve_vmcs |
1.1_4 16 Sep 2020 06:44:19 |
philip |
security/vuxml: add FreeBSD SA-20:27.ure |
1.1_4 12 Sep 2020 12:11:03 |
sunpoet |
Document rails vulnerability |
1.1_4 10 Sep 2020 00:10:25 |
leres |
security/vuxml: Mark zeek < 3.0.10 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.10
Memory leak has potential for remote DOS via resource exhaustion. |
1.1_4 09 Sep 2020 16:01:10 |
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.102
Obtained
from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html |
1.1_4 07 Sep 2020 18:04:21 |
delphij |
Sigh, fix previous entry as it's already documented, combine the information
into previous entry. |
1.1_4 07 Sep 2020 18:02:55 |
delphij |
Document mpd multiple vulnerabilities. |
1.1_4 06 Sep 2020 20:03:11 |
eugen |
Document remotely exploitable crash in the mpd5.
Reported by: chennan at SourceForge
Obtained from: http://mpd.sourceforge.net/doc5/mpd4.html#4 |
1.1_4 06 Sep 2020 10:49:32 |
tijl |
Document Mbed TLS 2020-09-1 and 2020-09-2.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 |
1.1_4 06 Sep 2020 10:22:45 |
tijl |
Document GNUTLS-SA-2020-09-04.
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 |
1.1_4 05 Sep 2020 21:44:38 |
sunpoet |
Update jasper vulnerability |
1.1_4 05 Sep 2020 21:35:39 |
sunpoet |
Document Django vulnerability |
1.1_4 04 Sep 2020 21:08:41 |
adamw |
security/vuxml: Fix gnupg version range specification
Thanks to swills for pointing me to the error here.
PR: 249110
Reported by: jjuanino gmail |
1.1_4 04 Sep 2020 05:25:46 |
lwhsu |
Fix format |
1.1_4 04 Sep 2020 02:13:17 |
adamw |
vuxml: Add entry for gnupg 2.2.21 - 2.2.22 |
1.1_4 03 Sep 2020 01:00:50 |
philip |
security/vuxml: add FreeBSD SA-20:26.dhclient |
1.1_4 03 Sep 2020 01:00:46 |
philip |
security/vuxml: add FreeBSD SA-20:25.sctp |
1.1_4 03 Sep 2020 01:00:36 |
philip |
security/vuxml: add FreeBSD SA-20:24.ipv6 |
1.1_4 02 Sep 2020 19:39:19 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 01 Sep 2020 19:28:26 |
dmgk |
security/vuxml: Document lang/go vulnerability |
1.1_4 28 Aug 2020 05:15:49 |
tcberner |
security/vuxml: document vulnerability in ark |
1.1_4 27 Aug 2020 20:50:21 |
leres |
security/vuxml: Mark php72, php73, and php74 vulnerable as per:
https://www.php.net/ChangeLog-7.php#PHP_7_4
https://www.php.net/ChangeLog-7.php#PHP_7_3
https://www.php.net/ChangeLog-7.php#PHP_7_2
The phar_parse_zipfile function had [a] use-after-free vulnerability
because of [a] mishandling of the actual_alias variable.
Security: CVE-2020-7068 |
1.1_4 26 Aug 2020 18:01:43 |
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.83 |
1.1_4 25 Aug 2020 19:00:36 |
sunpoet |
Document jasper vulnerability |
1.1_4 25 Aug 2020 17:26:32 |
zeising |
vuxml: Document xorg-server and libX11 vulns
Document newly announced vulnerabilities in libX11 and xorg-server. |
1.1_4 25 Aug 2020 13:12:31 |
mfechner |
Updated entry for gitlab to clarify that the previously reported version does
not fix the problem.
Please also see this upstream issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/233881 |
1.1_4 22 Aug 2020 10:08:38 |
mandree |
vuln.xml: add chrony < 3.5.1 pidfile symlink vulnerability
Security: 719f06af-e45e-11ea-95a1-c3b8167b8026
Security: CVE-2020-14367 |
1.1_4 20 Aug 2020 18:12:46 |
freqlabs |
security/vuxml: Document sysutils/openzfs-kmod issues
PR: 248787
Reported by: Andrew Walker
Reviewed by: wg
Approved by: wg (ports)
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D26121 |
1.1_4 20 Aug 2020 11:54:31 |
dmgk |
security/vuxml: Document textproc/elasticsearch6 vulnerability
PR: 248761
Submitted by: Juraj Lutter <juraj@lutter.sk> (maintainer) |
1.1_4 20 Aug 2020 10:39:16 |
zeising |
vuxml: Document dns/adns security issues
Document several securiy issues in dns/adns.
While here, fix whitespace in adjacent entries, as reported by make
validate. |
1.1_4 19 Aug 2020 17:29:51 |
lme |
Document icingaweb2 vulnerability |
1.1_4 19 Aug 2020 16:26:33 |
sunpoet |
Document curl vulnerability |
1.1_4 19 Aug 2020 15:59:56 |
wen |
- Update a cvename entry |
1.1_4 19 Aug 2020 15:30:09 |
wen |
- Document python37 and python36 multiple vulnerabilities
PR: 248751
Submitted by: mwalker@carbonhouse.com |
1.1_4 19 Aug 2020 08:24:45 |
zeising |
vuxml: Document security/trousers issues
Reapply r545263, but do it properly this time.
Document security issues in security/trousers. |
1.1_4 19 Aug 2020 03:30:06 |
gjb |
Revert r545263, which excludes the package name, version(s) affected,
and includes "INSERT BLOCKQUOTE URL HERE" for a URL, suggesting the
'make validate' target was clearly not executed. |
1.1_4 18 Aug 2020 23:17:17 |
zeising |
vuxml: Document security issues in security/trousers |
1.1_4 18 Aug 2020 19:36:51 |
rene |
Document new vulnerability in www/chromium < 84.0.4147.135 |
1.1_4 17 Aug 2020 20:10:04 |
flo |
Document ceph vulnerability
PR: 248673
Submitted by: Willem Jan Withagen <wjw@digiware.nl> |
1.1_4 17 Aug 2020 17:00:24 |
lwhsu |
Document Jenkins Security Advisory 2020-08-17
Sponsored by: The FreeBSD Foundation |
1.1_4 16 Aug 2020 17:45:41 |
rodrigo |
security/vuxml: Update rsync issues with zlib |
1.1_4 16 Aug 2020 13:27:17 |
swills |
Document py-ecdsa issue |
1.1_4 15 Aug 2020 14:10:33 |
dbaio |
security/vuxml: Document net-mgmt/snmptt issue
PR: 248162
Reported by: nistor@snickers.org |
1.1_4 14 Aug 2020 00:14:16 |
ler |
security/vuxml: mail/dovecot multiple vulnerabilities. |
1.1_4 13 Aug 2020 10:48:56 |
mandree |
graphics/ilmbase, graphics/openexr: mention security fixes in v2.5.3
No CVE numbers available at this time.
Security: b1d6b383-dd51-11ea-a688-7b12871ef3ad |
1.1_4 12 Aug 2020 13:31:47 |
lwhsu |
Document Jenkins Security Advisory 2020-08-12
Sponsored by: The FreeBSD Foundation |
1.1_4 11 Aug 2020 19:31:38 |
rene |
Document new vulnerabilities in www/chromium < 84.0.4147.125 |
1.1_4 11 Aug 2020 03:14:16 |
romain |
Document puppetdb5 vulnerability |
1.1_4 10 Aug 2020 13:30:09 |
danilo |
- Document ftp/bftpd vulnerabilities |
1.1_4 09 Aug 2020 08:00:28 |
pi |
security/vuxml: add www/trafficserver entry for CVE-2020-9494
PR: 247713
Submitted by: spam123@bitbert.com |
1.1_4 08 Aug 2020 18:52:06 |
brnrd |
security/vuxml: www/mod_http2 also vulnerable to latest Apache httpd vulns |
1.1_4 08 Aug 2020 09:53:49 |
brnrd |
security/vuxml: Add Apache httpd vulnerabilities |
1.1_4 06 Aug 2020 17:22:21 |
dmgk |
security/vuxml: Document lang/go vulnerability |
1.1_4 06 Aug 2020 07:35:38 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4 06 Aug 2020 03:43:17 |
philip |
security/vuxml: correct a typo in SA-20:22.sqlite
Pointy hat to: philip |
1.1_4 06 Aug 2020 03:31:27 |
philip |
security/vuxml: add FreeBSD SA-20:23.sendmsg |
1.1_4 06 Aug 2020 03:31:22 |
philip |
security/vuxml: add FreeBSD SA-20:21.usb_net |
1.1_4 06 Aug 2020 03:31:18 |
philip |
security/vuxml: add FreeBSD SA to sqlite3 entry
Reference FreeBSD-SA-20:22.sqlite and correct the fixed patch releases
in the recent sqlite3 entry. |
1.1_4 04 Aug 2020 09:30:44 |
joneum |
add entry for typo3-9 and typo3-10
PR: 248430 248429
Sponsored by: Netzkommune GmbH |
1.1_4 01 Aug 2020 13:50:09 |
zeising |
vuxml: Document vulns in xorg-server and libX11
Document two vulnerabilities, one in xorg-server and one in libX11.
The one in libX11 is a heap corruption vulnerability. [1]
The one in xorg-server (and slave ports) is a uninitialized memory
disclosure. [2]
Security: CVE-2020-14344[1], CVE-2020-14347 [2] |
1.1_4 31 Jul 2020 13:57:37 |
wen |
- Document python38 multiple vulnerabilities |
1.1_4 30 Jul 2020 17:10:27 |
tcberner |
security/vuxml: fix randomly introduced typo
Pointy hat: tcberner
Reported by: kevans |
1.1_4 30 Jul 2020 15:54:21 |
tcberner |
Document vulnerability in archivers/ark
- fixed in r543704 (head), r543705 (2020Q3) |
1.1_4 28 Jul 2020 17:42:47 |
rene |
Document new vulnerabilities in www/chromium < 84.0.4147.105
Obtained
from: https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html |
1.1_4 28 Jul 2020 12:19:48 |
riggs |
Document out-of-bounds-read in libsndfile (CVE-2019-3832).
PR: 248268 |
1.1_4 28 Jul 2020 04:38:20 |
kevans |
security/vuxml: document new vulnerability in net/freerdp < 2.2.0
PR: 248198 |
1.1_4 28 Jul 2020 01:00:20 |
leres |
security/vuxml: Mark zeek < 3.0.8 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.8
Two potential stack overflows. |
1.1_4 27 Jul 2020 08:48:47 |
joneum |
Add entry for Cacti
PR: 248140
Sponsored by: Netzkommune GmbH |
1.1_4 24 Jul 2020 19:08:54 |
sunpoet |
Document wagtail vulnerability |
1.1_4 23 Jul 2020 18:37:12 |
joneum |
Fix typo
Reported by: cmt
Sponsored by: Netzkommune GmbH |
1.1_4 23 Jul 2020 17:32:16 |
joneum |
Add entry for pango
Sponsored by: Netzkommune GmbH |
1.1_4 23 Jul 2020 14:43:55 |
joneum |
Fix typo
Sponsored by: Netzkommune GmbH |
1.1_4 23 Jul 2020 14:42:25 |
joneum |
modified the tomcat entry and add CVE-2020-11996
PR: 247555
Sponsored by: Netzkommune GmbH |
1.1_4 23 Jul 2020 11:54:53 |
joneum |
Add entry for www/tomcat{7,85,9,-devel}
PR: 247975
Sponsored by: Netzkommune GmbH |
1.1_4 22 Jul 2020 17:17:02 |
cy |
Fixup affected versions, imprecisely.
Reported by: mat |
1.1_4 20 Jul 2020 08:10:53 |
wen |
- Document multiple vulnerabilities of python38
- Fix 2 typos in my last commit |
1.1_4 19 Jul 2020 09:11:26 |
madpilot |
Document multiple vulnerabilities in VirtualBox>
PR: 244212
Submitted by: Nikita Stepanov <nikitastepan0v@bk.ru> |
1.1_4 17 Jul 2020 05:44:10 |
pi |
security/vuxml: Document multiple vulnerabilities in clamav
- CVE-2020-3350, CVE-2020-3327, CVE-2020-3481
PR: 248027
Submitted by: Yasuhiro KIMURA <yasu@utahime.org> |
1.1_4 16 Jul 2020 12:02:38 |
mandree |
vuln db: record OpenEXR/ilmbase < 2.5.2 vulnerabilities
Security: 714e6c35-c75b-11ea-aa29-d74973d1f9f3 |
1.1_4 15 Jul 2020 18:13:56 |
rene |
Document new vulnerabilities in www/chromium < 84.0.4147.89
Obtained
from: https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html |
1.1_4 15 Jul 2020 16:58:53 |
lwhsu |
Document Jenkins Security Advisory 2020-07-15
Sponsored by: The FreeBSD Foundation |
1.1_4 11 Jul 2020 11:40:09 |
brnrd |
security/vuxml: Add MySQL vulns from pre-announce |
1.1_4 10 Jul 2020 05:30:24 |
philip |
security/vuxml: update CVE-2020-1266[23] entry
Note vulnerable FreeBSD releases and add a reference to
FreeBSD-SA-20:19.unbound. |
1.1_4 10 Jul 2020 05:30:19 |
philip |
security/vuxml: add FreeBSD SA-20:20.ipv6 |
1.1_4 10 Jul 2020 05:30:12 |
philip |
security/vuxml: add FreeBSD SA-20:18.posix_spawnp |
1.1_4 09 Jul 2020 21:52:27 |
joneum |
Add entry for www/mybb
Sponsored by: Netzkommune GmbH |