Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_4 09 Jul 2020 17:09:28 |
cy |
Correct FreeBSD versions vulnerable to the latest sqlite3
vulnerabilities. This will be updated by so@ at a future date.
PR: 247865
Submitted by: Yasuhiro KIMURA <yasu at utahime.org>
Reported by: Yasuhiro KIMURA <yasu at utahime.org>
Approved by: ports-secteam (jonenum) |
1.1_4 08 Jul 2020 19:20:01 |
sunpoet |
Document rubygem-kramdown vulnerability |
1.1_4 07 Jul 2020 11:49:48 |
tijl |
Document Mbed TLS security advisory 2020-07.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 |
1.1_4 07 Jul 2020 10:14:35 |
mfechner |
Document gitlab vulnerability. |
1.1_4 06 Jul 2020 02:02:21 |
wen |
- Document python37 multiple vulnerabilities |
1.1_4 05 Jul 2020 00:45:52 |
timur |
Add entry about Samba vulnerabilities CVE-2020-10730, CVE-2020-10745,
CVE-2020-10760, CVE-2020-14303
PR: 247725
Security: CVE-2020-10730
CVE-2020-10745
CVE-2020-10760
CVE-2020-14303 |
1.1_4 04 Jul 2020 15:37:58 |
joneum |
Add entry for anydesk
PR: 247406
Sponsored by: Netzkommune GmbH |
1.1_4 03 Jul 2020 07:04:06 |
lwhsu |
Document net-im/py-matrix-synapse security issue before 1.15.2
PR: 247720
Submitted by: Sascha Biberhofer <ports@skyforge.at> |
1.1_4 03 Jul 2020 06:02:40 |
tcberner |
Document vulnerability in dbus < 2.12.18
* See [1] for details.
* The port is already updated to 2.12.18.
[1] https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
PR: 247340
Submitted by: rob2g2 <spam123@bitbert.com>
Security: CVE-2020-12049 |
1.1_4 02 Jul 2020 19:21:58 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 02 Jul 2020 17:33:32 |
yuri |
security/vuxml update: coturn CVE-2020-4067 for net/coturn |
1.1_4 02 Jul 2020 08:58:43 |
joneum |
Add entrx for dns/powerdns-recursor
PR: 247707
Submitted by: Ralf van der Enden <tremere@cainites.net>
Sponsored by: Netzkommune GmbH |
1.1_4 01 Jul 2020 08:50:56 |
joneum |
Add entry for Drupal 7
Sponsored by: Netzkommune GmbH |
1.1_4 30 Jun 2020 08:04:16 |
meta |
Document xrdp CVE-2020-4044 vulnerability |
1.1_4 29 Jun 2020 16:58:02 |
pi |
security/vuxml: add mongodb CVE entry
- See also: https://jira.mongodb.org/browse/SERVER-45472
PR: 247392
Submitted by: Ronald Klop <ronald-lists@klop.ws> |
1.1_4 28 Jun 2020 21:47:34 |
naddy |
Document libvorbis vulnerabilities CVE-2017-14160 and CVE-2018-10392. |
1.1_4 28 Jun 2020 13:52:19 |
mandree |
security/putty: two security vulnerabilities in versions < 0.74
Security: 6190c0cd-b945-11ea-9401-2dcf562daa69
Security: CVE-2020-14002
Security: FZI-2020-5 |
1.1_4 25 Jun 2020 19:26:23 |
zeising |
vuln.xml: Adjust sqlite version in sqlite entry
Update the sqlite versions affected in the latest sqlite entry. The entry
failed to take PORTEPOCH into account, and without this fix pkg audit fails
to mark sqlite as vulnerable when it's not updated to the latest version,
since any version with PORTEPOCH set will always be greater than any version
without.
PR: 247149 |
1.1_4 24 Jun 2020 21:53:59 |
gjb |
Fix build, again...
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 24 Jun 2020 21:30:42 |
rene |
Document new vulnerablities in www/chromium < 83.0.4103.116 |
1.1_4 24 Jun 2020 20:30:36 |
zeising |
Update VuXML with security issues in mail/mutt
PR: 247399
Submitted by: Derek Schrock |
1.1_4 24 Jun 2020 17:59:39 |
sunpoet |
Document curl vulnerability |
1.1_4 24 Jun 2020 14:42:24 |
gjb |
Attempt to fix build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 24 Jun 2020 14:10:57 |
tijl |
Document CUPS CVE-2019-8842 and CVE-2020-3898.
PR: 246011
Security: https://github.com/apple/cups/releases/tag/v2.3.3 |
1.1_4 24 Jun 2020 13:14:19 |
sunpoet |
Clean up unnecessary "<p>.</p>" in blockquote section |
1.1_4 22 Jun 2020 16:13:14 |
sunpoet |
Document rails vulnerability |
1.1_4 19 Jun 2020 14:29:02 |
tcberner |
security/vuxml: Document multimedia/vlc Vulnerability
PR: 247341
Security: CVE-2020-13428 |
1.1_4 18 Jun 2020 14:45:31 |
lme |
security/vuxml:
Document CVE-2020-13882 and CVE-2019-13033 for security/lynis. |
1.1_4 18 Jun 2020 08:05:59 |
philip |
security/vuxml: CVE-2020-8618 and CVE-2020-8619
ISC published CVE-2020-8618 affecting dns/bind916 and CVE-2020-8619
affecting dns/bind911 and dns/bind916. Both ports were updated. |
1.1_4 13 Jun 2020 14:08:03 |
dbaio |
security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries
Python 3.6 and 3.7 are not vulnerable in the ports tree anymore.
Change range for python35 to <le>, suggested by swills.
PR: 246984, 246738 |
1.1_4 13 Jun 2020 08:20:32 |
fluffy |
security/vuxml: document libreoffice <6.4.4 security issues
PR: 247196
Submitted by: rob2g2 <spam123@bitbert.com> |
1.1_4 13 Jun 2020 04:43:34 |
cy |
Document multiple sqlite3 vulnerabilities with CVSS scores ranging
from 5.5 (medium) to 7.5 (high).
PR: 247149 |
1.1_4 12 Jun 2020 04:47:06 |
bhughes |
security/vuxml: document Node.js June 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/
Sponsored by: Miles AS |
1.1_4 11 Jun 2020 13:24:06 |
ehaupt |
Document net-mgmt/tcpreplay vulnerabilities |
1.1_4 11 Jun 2020 00:36:21 |
dbaio |
security/vuxml: Document irc/znc issue
Security: CVE-2020-13775 |
1.1_4 10 Jun 2020 12:12:57 |
mfechner |
Document npm vulnerabilities. |
1.1_4 10 Jun 2020 09:12:12 |
ehaupt |
Document the audio/libadplug vulnerabilities:
https://github.com/adplug/adplug/releases/tag/adplug-2.3.3 |
1.1_4 10 Jun 2020 02:29:32 |
leres |
security/vuxml: Mark zeek < 3.0.7 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS
Various issues including stack overflows and memory leaks. |
1.1_4 09 Jun 2020 21:50:21 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-30.html |
1.1_4 09 Jun 2020 16:59:12 |
gordon |
Add FreeBSD-SA-20:17.usb.
Approved by: so |
1.1_4 08 Jun 2020 16:26:09 |
joneum |
Unbreak vuxmlbuild
Parsing VuXML ...Application exception:
bad CVE name for vid 669f3fe8-a07a-11ea-b83e-f0def1f5c5a2: GHSL-2020-100 @ho:215
*** Error code 1
Sponsored by: Netzkommune GmbH |
1.1_4 08 Jun 2020 15:49:05 |
kevans |
security/vuxml: document new vulnerabilities in net/freerdp < 2.1.0
PR: 246931, 245517
Obtained from: https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
Approved by: koobs (mentor) |
1.1_4 07 Jun 2020 02:20:40 |
dbaio |
security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries
CVE-2019-18348: Add missing Python packages range
CVE-2020-8492: Fix Python 3.7 entrie, it's currently affected.
After committing fixes, we'll need to change ranges again.
PR: 246984 |
1.1_4 05 Jun 2020 10:51:55 |
rene |
Document new vulnerabilities in www/chromium < 83.0.4103.97
Obtained
from: https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html |
1.1_4 04 Jun 2020 23:43:26 |
wen |
- Fix the name of py-django30 in my previous commit
Spotted by: dan@langille.org |
1.1_4 04 Jun 2020 23:31:29 |
gjb |
Attempt to fix build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 04 Jun 2020 22:49:54 |
acm |
- Update c5ec57a9-9c2b-11ea-82b8-4c72b94353b5 entry. Add drupal 8.8.6 |
1.1_4 04 Jun 2020 17:51:59 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4 04 Jun 2020 14:25:13 |
wen |
- Document Django multiple vulnerabilities |
1.1_4 04 Jun 2020 12:41:05 |
garga |
vuxml: Document git vulnerability CVE-2020-5260
PR: 245821
Submitted by: rob2g2 <spam123@bitbert.com>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.1_4 04 Jun 2020 12:37:35 |
garga |
vuxml: Document git vulnerability CVE-2020-11008
PR: 245822
Submitted by: rob2g2 <spam123@bitbert.com>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.1_4 04 Jun 2020 12:14:42 |
tijl |
Add entry for GNUTLS-SA-2020-06-03 (flaw in TLS).
Add CVE reference to previous GnuTLS entry. |
1.1_4 03 Jun 2020 16:46:06 |
sunpoet |
Document rubygem-websocket-extensions vulnerability |
1.1_4 03 Jun 2020 16:44:57 |
sunpoet |
Document nghttp2 vulnerability |
1.1_4 31 May 2020 10:53:13 |
adamw |
VuXML: Add entry for gitea < 1.11.6
PR: 246892
Submitted by: maintainer |
1.1_4 29 May 2020 06:51:37 |
tagattie |
Correct vulnerable version range of powerdns-recursor
PR: 246655
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ehaupt (mentor) |
1.1_4 29 May 2020 02:07:53 |
sunpoet |
Fix r536871 |
1.1_4 29 May 2020 01:59:46 |
sunpoet |
Document rubygem-kaminari-core vulnerability |
1.1_4 28 May 2020 10:20:23 |
cmt |
document sane-backend vulnerabilities
CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864,
CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
PR: 246803 |
1.1_4 28 May 2020 06:19:22 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4 27 May 2020 16:20:11 |
pi |
security/vuxml: add two entries for mail/sympa
PR: 246701
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> |
1.1_4 27 May 2020 12:08:46 |
tagattie |
Document powerdns-recursor vulnerabilities
PR: 246655
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ehaupt (mentor) |
1.1_4 25 May 2020 18:04:40 |
pi |
security/vuxml: add three CVEs for qmail
PR: 245010
Submitted by: erdgeist@erdgeist.org |
1.1_4 24 May 2020 18:55:35 |
rene |
Document new vulnerabilities in www/chromium 83.0.4103.61.
The website is somewhat crippled and does not show the full text. |
1.1_4 23 May 2020 12:31:37 |
joneum |
Add entry for piwigo
PR: 245153
Sponsored by: Netzkommune GmbH |
1.1_4 23 May 2020 09:22:21 |
joneum |
Add entry for tomcat
PR: 246657
Sponsored by: Netzkommune GmbH |
1.1_4 22 May 2020 22:20:22 |
delphij |
Document unbound multiple vulnerabilities. |
1.1_4 22 May 2020 13:07:46 |
joneum |
Add entry for drual7
Sponsored by: Netzkommune GmbH |
1.1_4 20 May 2020 11:41:05 |
dbaio |
security/vuxml: Document net-mgmt/zabbix3 issue
Security: CVE-2020-11800 |
1.1_4 19 May 2020 23:35:17 |
sunpoet |
Document rails vulnerability |
1.1_4 19 May 2020 14:18:34 |
wen |
- Document CVE-2019-18348, CVE-2020-8492 for python38 |
1.1_4 18 May 2020 19:00:35 |
ler |
security/vuxml: Report multiple dovecot vulnerabilities. |
1.1_4 17 May 2020 20:42:25 |
zi |
- Document security/clamav vulnerabilities |
1.1_4 17 May 2020 20:18:31 |
sunpoet |
Update json-c vulnerability
- While I'm here, fix format
json-c 0.14 will land the ports tree along with the fix, thus I change it to
0.14.
PR: 246389 |
1.1_4 17 May 2020 18:33:09 |
sunpoet |
Document rails vulnerability |
1.1_4 16 May 2020 09:17:26 |
brnrd |
security/vuxml: MariaDB vulnerabilities |
1.1_4 16 May 2020 06:45:08 |
woodsb02 |
Add new sysutils/py-salt vulnerabilities
PR: 246061
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2020-11651
Security: CVE-2020-11652 |
1.1_4 14 May 2020 11:29:20 |
mandree |
devel/json-c: CVE-2020-12762 integer overflow, out of bounds write
Reported by: Daniel Engberg
Security: abc3ef37-95d4-11ea-9004-25fadb81abf4
Security: CVE-2020-12762 |
1.1_4 13 May 2020 20:44:18 |
sunpoet |
Document typo3 vulnerability |
1.1_4 13 May 2020 15:16:46 |
gordon |
Add proper links for the html output of vuln.xml.
Add freebsdsa as a proper type.
Correct link to CVEs.
Reviewed by: gjb, joneum
Approved by: ports-secteam (joneum)
Differential Revision: https://reviews.freebsd.org/D24824 |
1.1_4 12 May 2020 18:37:02 |
gordon |
Add data for today's SA batch.
Approved by: so |
1.1_4 09 May 2020 16:02:59 |
novel |
security/vuxml: log www/qutebrowser CVE-2020-11054 |
1.1_4 09 May 2020 10:08:14 |
wen |
- Document python27 CVE-2019-18348 |
1.1_4 09 May 2020 08:23:42 |
joneum |
add entry for www/glpi
PR: 244971
Sponsored by: Netzkommune GmbH |
1.1_4 07 May 2020 19:56:01 |
mandree |
mail/mailman: extend content injection vuln via private archive login
This led up to mailman 2.1.33 today.
https://bugs.launchpad.net/mailman/+bug/1877379
https://launchpadlibrarian.net/478684932/private.diff
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
Approved by: ports-secteam@ (blanket for security fixes)
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 06 May 2020 23:26:49 |
leres |
security/vuxml: Mark zeek < 3.0.6 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
Various issues including buffer over-reads, uninitialized field
access, memory leak, and stack overflows. |
1.1_4 06 May 2020 15:02:40 |
salvadore |
security/vuxml: Update discovery date for CVE-2020-1730
Update discovery date for CVE-2020-1730 based on information obtained from
the libssh team.
Approved by: gerald (mentor) |
1.1_4 06 May 2020 05:14:42 |
sunpoet |
Document wagtail vulnerability |
1.1_4 05 May 2020 22:55:22 |
mandree |
Permit mail/mailman vulnerability to be fixed in 2.1.30_3 already
...not in 2.1.31 only. We can't just easily backport 2.1.31 to 2020Q2.
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 05 May 2020 17:51:49 |
mandree |
new mailman < 2.1.31 content injection vulnerability
similar to CVE-2018-13796 (not sure if they'll reuse that no. so
not including in Security: tags below)
https://bugs.launchpad.net/mailman/+bug/1873722
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 05 May 2020 05:32:48 |
fjoe |
Fix version range for 97fcc60a-6ec0-11ea-a84a-4c72b94353b5:
phpMyAdmin 4.9.5 is not vulnerable
PR: 245096 |
1.1_4 04 May 2020 23:23:15 |
dbaio |
security/vuxml: Document net-mgmt/cacti issue
PR: 246164
Submitted by: Michael Muenz <m.muenz@gmail.com>
Security: CVE-2020-7106 |
1.1_4 03 May 2020 21:28:58 |
pi |
security/vuxml: add squid 4.10 CVEs
PR: 245433
Submitted by: Michael Muenz <m.muenz@gmail.com> |
1.1_4 03 May 2020 07:46:28 |
tcberner |
Document audio/taglib vulnerability |
1.1_4 01 May 2020 09:44:40 |
mfechner |
Documented gitlab vulnerabilities. |
1.1_4 29 Apr 2020 22:31:08 |
dbaio |
security/vuxml: Add other flavors of py-yaml |
1.1_4 29 Apr 2020 18:48:51 |
tcberner |
Document multimedia/vlc vulnerabilities
Security: CVE-2019-19721 CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077
CVE-2020-6078 CVE-2020-6079 |
1.1_4 29 Apr 2020 15:03:41 |
timur |
Add an entry about CVE-2020-10700, CVE-2020-10704 in samba410 and 411.
Security: CVE-2020-10700
CVE-2020-10704 |
1.1_4 29 Apr 2020 06:08:20 |
fluffy |
net/ceph14: document CVE-2020-1759, CVE-2020-1760 |
1.1_4 29 Apr 2020 01:35:22 |
delphij |
Document OpenLDAP CVE-2020-12243.
PR: 213895
Submitted by: rob2g2 <spam123 bitbert com> |