Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_4 27 Apr 2020 19:47:27 |
jpaetzel |
Add entry for py-yaml vulnerability |
1.1_4 26 Apr 2020 17:39:27 |
dbaio |
security/vuxml: Document www/py-bleach issue
PR: 245943
Security: CVE-2020-6817 |
1.1_4 23 Apr 2020 12:25:39 |
brnrd |
security/vuxml: MySQL Server 2020Q2 vulnerabilities |
1.1_4 23 Apr 2020 12:23:50 |
brnrd |
security/vuxml: MySQL client 2020Q2 vulnerabilities |
1.1_4 23 Apr 2020 11:48:08 |
brnrd |
security/vuxml: Register Nextcloud vulnerabilities |
1.1_4 23 Apr 2020 01:17:13 |
dbaio |
security/vuxml: Document lang/python issue
PR: 245819
Security: CVE-2020-8492 |
1.1_4 22 Apr 2020 21:33:18 |
sunpoet |
Document wagtail vulnerability |
1.1_4 22 Apr 2020 20:29:14 |
gordon |
11.3 isn't vulenrable to the recent OpenSSL vulnerability.
Approved by: so
X-Pointy-Hat to: gordon |
1.1_4 22 Apr 2020 20:02:55 |
leres |
security/vuxml: Restore openssl port version range to the 2020-04-21 entry
I tested that this passes "make validate" and correctly flags
openssl-1.1.1f,1 as vulnerable.
Approved by: gjb |
1.1_4 22 Apr 2020 11:11:17 |
gjb |
Revert r532466, adding back 'FreeBSD' to the topic.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:09:17 |
gjb |
The vuxml build is now fixed. Remove the 'ignore' block and its
contents.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:07:32 |
gjb |
Comment the second name tag, which I believe is what is causing the
vuxml build to fail. If I am wrong, I will revert this commit.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:03:50 |
gjb |
Um, ok. Third attempt to try to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 10:44:59 |
gjb |
Attempt number 2 to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 10:36:57 |
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 09:38:05 |
brnrd |
security/vuxml: Fix OpenSSL port commit |
1.1_4 22 Apr 2020 08:20:12 |
brnrd |
security/vuxml: Mark OpenSSL 1.1.1f from ports vulnerable too |
1.1_4 21 Apr 2020 19:48:03 |
sunpoet |
Document libntlm vulnerability |
1.1_4 21 Apr 2020 18:29:59 |
gordon |
Add new entries for SA-20:10 and SA-20:11. |
1.1_4 21 Apr 2020 12:25:01 |
dbaio |
security/vuxml: Document devel/py-twisted vulnerabilities
PR: 245252
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Reported by: contact@evilham.com |
1.1_4 19 Apr 2020 12:58:21 |
salvadore |
security/vuxml: Add CVE-2020-1730 affecting security/libssh
Approved by: gerald (mentor)
Differential Revision: https://reviews.freebsd.org/D24377 |
1.1_4 18 Apr 2020 11:35:25 |
kwm |
Document webkit2-gtk3 vulnability |
1.1_4 18 Apr 2020 04:13:41 |
acm |
- Add www/drupal8 entry |
1.1_4 17 Apr 2020 22:29:36 |
bofh |
sysutils/ansible*: Add multiple Vulnerabilities
- Add vuxml entry for CVE-2020-1737, CVE-2020-1739 and CVE-2020-1740
Security: CVE-2020-1737
Security: CVE-2020-1739
Security: CVE-2020-1740 |
1.1_4 16 Apr 2020 16:16:25 |
rene |
Document new vulnerabilities in www/chromium < 81.0.4044.113
Obtained from: Google Chrome Releases |
1.1_4 16 Apr 2020 09:32:25 |
mandree |
document security/openvpn{,-mbedtls,-devel} illegal client float DoS
URL: https://community.openvpn.net/openvpn/ticket/1272
Reported by: Lev Stipakov
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f |
1.1_4 15 Apr 2020 13:30:03 |
tijl |
Document Mbed TLS CVE-2020-10932.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 |
1.1_4 15 Apr 2020 06:21:20 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 14 Apr 2020 20:53:37 |
leres |
security/vuxml: Mark zeek < 3.0.4 as vulnerable as per:
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
An attacker can crash Zeek remotely via crafted packet sequence via
a stack overflow in POP3 analyzer. |
1.1_4 12 Apr 2020 10:06:00 |
rene |
Document new vulnerabilities in www/chromium < 81.0.4044.92 |
1.1_4 02 Apr 2020 19:32:40 |
rene |
Document partial new vulnerabilities in www/chromium < 80.0.3987.162 |
1.1_4 02 Apr 2020 18:12:58 |
flo |
Add an entry for the HAproxy vulnerability announced today. The ports have
already been fixed.
PR: 245282
Discussed with: demon |
1.1_4 02 Apr 2020 12:21:59 |
sunpoet |
Fix rubygem-json entry (40194e1c-6d89-11ea-8082-80ee73419af3)
rubygem-json 2.3.0 was erroneously marked as vulnerable.
% cd /usr/ports/devel/rubygem-json
% make fetch
===> rubygem-json-2.3.0 has known vulnerabilities:
rubygem-json-2.3.0 is vulnerable:
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
CVE: CVE-2020-10663
WWW: https://vuxml.FreeBSD.org/freebsd/40194e1c-6d89-11ea-8082-80ee73419af3.html
1 problem(s) in 1 installed package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make: stopped in /usr/ports/devel/rubygem-json |
1.1_4 02 Apr 2020 07:23:32 |
joneum |
Add entry for Apache 2.4
Sponsored by: Netzkommune GmbH |
1.1_4 01 Apr 2020 22:06:18 |
woodsb02 |
Document multiple vulnerabilities in net-mgmt/cacti < 1.2.10
PR: 245205
Submitted by: Michael Muenz <m.muenz@gmail.com> |
1.1_4 31 Mar 2020 15:52:42 |
tijl |
Add entry for GNUTLS-SA-2020-03-31 (flaw in DTLS).
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 |
1.1_4 29 Mar 2020 19:50:00 |
girgen |
Fix validation error |
1.1_4 29 Mar 2020 19:46:16 |
girgen |
Add vuxml entry for CVE-2020-1720 |
1.1_4 27 Mar 2020 13:48:12 |
wen |
- Document mediawiki's multiple vulnerabilities |
1.1_4 26 Mar 2020 20:43:10 |
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 26 Mar 2020 20:27:30 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 26 Mar 2020 04:40:23 |
meta |
security/vuxml: Document CVE-2020-10663 (devel/rubygem-json)
PR: 245023 |
1.1_4 25 Mar 2020 18:25:15 |
lwhsu |
Document Jenkins Security Advisory 2020-03-25
Sponsored by: The FreeBSD Foundation |
1.1_4 25 Mar 2020 17:59:50 |
joneum |
Add entry for phpmyadmin
Sponsored by: Netzkommune GmbH |
1.1_4 23 Mar 2020 17:34:41 |
romain |
Add details for two Puppet-related CVEs |
1.1_4 19 Mar 2020 18:00:34 |
gordon |
Add details for today's SAs.
Approved by: so |
1.1_4 18 Mar 2020 07:23:22 |
koobs |
security/vuxml: Add www/py-bleach entry |
1.1_4 15 Mar 2020 22:31:28 |
leres |
security/vuxml: Mark zeek < 3.0.3 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/9dda3602a760f00d9532c6314ea79108106033fa/NEWS
There are a number of potential denial of service issues due to
memory leaks, buffer overflows, and a null pointer dereference.
Approved by: matthew (mentor, implicit) |
1.1_4 13 Mar 2020 05:48:23 |
tcberner |
scurity/vuxml: fix range |
1.1_4 13 Mar 2020 05:39:12 |
tcberner |
Document security issue in graphics/okular
https://kde.org/info/security/advisory-20200312-1.txt:
Overview
========
Okular can be tricked into executing local binaries via specially crafted
PDF files.
This binary execution can require almost no user interaction.
No parameters can be passed to those local binaries.
We have not been able to identify any binary that will cause actual damage,
be it in the hardware or software level, when run without parameters. (Only the first 15 lines of the commit message are shown above ) |
1.1_4 12 Mar 2020 10:05:33 |
mfechner |
Document gitlab-ce vulnerability. |
1.1_4 12 Mar 2020 01:31:29 |
wen |
- Document django's potential SQL injection vulnerability |
1.1_4 11 Mar 2020 10:58:20 |
decke |
Document py-matrix-synapse vulnerabilities
PR: 244279
Submitted by: Sascha Biberhofer <ports@skyforge.at> |
1.1_4 09 Mar 2020 21:54:54 |
bhughes |
security/vuxml: document recent Node.js vulnerabilities
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
While here, fix errors from `make validate` for the preceeding gitea
vulnerabilities.
Sponsored by: Miles AS |
1.1_4 07 Mar 2020 20:25:52 |
adamw |
Fix closing tag
Reported by: joneum |
1.1_4 07 Mar 2020 18:31:08 |
adamw |
Add entry for www/gitea
PR: 244025
Submitted by: maintainer |
1.1_4 07 Mar 2020 00:41:13 |
woodsb02 |
Document vulnerability in sysutils/py-salt
PR: 243908
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2019-17361 |
1.1_4 06 Mar 2020 07:25:43 |
mfechner |
Documment gitlab vulnerabilities. |
1.1_4 04 Mar 2020 15:23:15 |
cy |
Document the latest nwtime.org ntp security advisory found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele
No CVEs have been documented yet.
Security: http://support.ntp.org/bin/view/Main/NtpBug3610
http://support.ntp.org/bin/view/Main/NtpBug3596
http://support.ntp.org/bin/view/Main/NtpBug3592 |
1.1_4 02 Mar 2020 18:32:07 |
kwm |
Document librsvg2 vulnabilities.
Security: CVE-2019-20446 |
1.1_4 02 Mar 2020 08:56:46 |
0mp |
Document some audio/timidity++* vulnerabilities
PR: 244429
Reported by: pi
Security: CVE-2017-11546
Security: CVE-2017-11547
Security: CVE-2017-11549 |
1.1_4 29 Feb 2020 09:59:14 |
mfechner |
Document apache-solr vulnerabilities. |
1.1_4 27 Feb 2020 10:23:33 |
fluffy |
security/vuxml: fix vuxml entries for OpenSMTPd, remove duplicates with wrong
version and missed description
Approved by: ports-secteam (miwi) |
1.1_4 25 Feb 2020 03:07:17 |
fluffy |
Document OpenSMTPd vulnerability
LPE and RCE in OpenSMTPD's default install
Security: CVE-2020-8793, CVE-2020-8794 |
1.1_4 24 Feb 2020 21:15:43 |
cs |
CVE-2020-8794
Security: CVE-2020-8794 |
1.1_4 24 Feb 2020 21:11:35 |
cs |
CVE-2020-8793
Security: CVE-2020-8793 |
1.1_4 24 Feb 2020 17:21:37 |
tijl |
Document Mbed TLS vulnerabilities 2019-12 and 2020-02.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 |
1.1_4 23 Feb 2020 08:58:20 |
tcberner |
vuxml: correct range for avidemux2
- avidemux2 version 2.6.12 switched to ffmpeg 2.7.6 |
1.1_4 23 Feb 2020 05:02:29 |
cy |
Post 93v ksh is only affected by the code injection vulnerability. |
1.1_4 21 Feb 2020 18:46:23 |
brnrd |
security/vuxml: Document latest WeeChat vulns |
1.1_4 19 Feb 2020 18:06:45 |
kwm |
Document webkit2-gtk3 vulnabilities |
1.1_4 14 Feb 2020 01:16:13 |
philip |
security/vuxml: Add January FreeBSD SAs
SA-20:01.libfetch
SA-20:02.ipsec
SA-20:03.thrmisc
PR: 243702
Submitted by: Miroslav Lachman <000.fbsd@quip.cz> |
1.1_4 13 Feb 2020 21:41:47 |
mfechner |
Document gitlab vulnerability. |
1.1_4 13 Feb 2020 00:18:20 |
ler |
security/vuxml: dovecot vulnerabilities |
1.1_4 12 Feb 2020 16:18:46 |
cem |
security/vuxml: Document sysutils/grub2-bhyve escalations
Mitigated in r525916.
admbugs: 948
Reported by: Reno Robert <renorobert AT gmail.com>
Approved by: bapt
MFH: 2020Q1 (bapt) |
1.1_4 12 Feb 2020 00:19:38 |
dbaio |
security/vuxml: Document graphics/libexif issue
PR: 244060
Reported by: tj@mrsk.me (email)
Security: CVE-2019-9278 |
1.1_4 11 Feb 2020 15:13:47 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-06.html |
1.1_4 11 Feb 2020 08:53:51 |
joneum |
Fix entry for NGINX
Sponsored by: Netzkommune GmbH |
1.1_4 10 Feb 2020 17:42:47 |
joneum |
Fix NGINX entry
Sponsored by: Netzkommune GmbH |
1.1_4 09 Feb 2020 11:10:36 |
joneum |
Add entry for nginx
PR: 243952
Sponsored by: Netzkommune GmbH |
1.1_4 07 Feb 2020 19:38:45 |
cy |
Document ksh93 CVE-2019-14868: certain environment variables interpreted
as arithmetic expressions on startup, leading to code injection.
Reported by: Siteshwar Vashisht <svashisht@redhat.com>
MFH: 2020Q1
Security: CVE-2019-14868
https://bugzilla.redhat.com/show_bug.cgi?id=1757324
https://access.redhat.com/security/cve/CVE-2019-14868 |
1.1_4 06 Feb 2020 21:02:19 |
pi |
security/vuxml: Document Denial-of-Service vulnerability in ClamAV
- CVE-2020-3123
PR: 243913
Submitted by: Yasuhiro KIMURA <yasu@utahime.org> |
1.1_4 04 Feb 2020 18:17:29 |
sunpoet |
Document Django vulnerability |
1.1_4 02 Feb 2020 20:14:40 |
brnrd |
security/vuxml: Properly document MariaDB vuln
PR: 243660
Reported by: <ari ish com au> |
1.1_4 02 Feb 2020 07:20:49 |
woodsb02 |
Fix typo in SpamAssassin vuxml entry from 2020-01-31 |
1.1_4 02 Feb 2020 07:15:44 |
woodsb02 |
vuxml: Add entry for libssh CVE-2019-14889
Security: CVE-2019-14889 |
1.1_4 31 Jan 2020 20:22:22 |
cy |
Remove my older entry for CVE-2020-1931. The subequent entry by
zeising@ is better.
Whitespace adjustment. |
1.1_4 31 Jan 2020 16:02:45 |
zeising |
vuxml: Add entries for spamassasin vulnerabilities. |
1.1_4 31 Jan 2020 14:00:22 |
cy |
Document sudo CVE-2019-18634:
Buffer overflow when pwfeedback is set in sudoers.
Security: CVE-2019-18634 |
1.1_4 31 Jan 2020 10:09:57 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 30 Jan 2020 13:51:14 |
cy |
Document:
[CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration
(.cf) files can be configured to run system commands with warnings
Security: CVE-2020-1931
Security: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/\
build/announcements/3.4.4.txt
Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931 |
1.1_4 30 Jan 2020 06:25:48 |
fluffy |
Document mail/opensmtpd LPE and RCE vulnerabilities
PR: 243686
Security: CVE-2020-7247 |
1.1_4 29 Jan 2020 15:29:30 |
lwhsu |
Document Jenkins Security Advisory 2020-01-29
Sponsored by: The FreeBSD Foundation |
1.1_4 29 Jan 2020 13:23:59 |
bapt |
Document libfetch vulnerability which affects pkg. |
1.1_4 27 Jan 2020 01:38:10 |
timur |
Add an entry about CVE-2019-14902, CVE-2019-14907, CVE-2019-19344
vulnerabilities in the Samba 4.1[01] versions.
Security: CVE-2019-14902
CVE-2019-14907
CVE-2019-19344 |
1.1_4 26 Jan 2020 17:51:44 |
kwm |
Document webkit-gtk3 vulnabilities. |
1.1_4 24 Jan 2020 22:20:00 |
kai |
security/vuxml: Document graphics/py-pillow issues
PR: 243336
Security: CVE-2019-19911
CVE-2020-5310
CVE-2020-5311
CVE-2020-5312
CVE-2020-5313 |
1.1_4 20 Jan 2020 11:07:29 |
joneum |
Add entry for www/gitea
PR: 243437
Reported by: stb@lassitu.de
Sponsored by: Netzkommune GmbH |
1.1_4 15 Jan 2020 20:23:39 |
brnrd |
security/vuxml: Document 2020Q1 Oracle MySQL Vulns |
1.1_4 15 Jan 2020 13:54:43 |
zeising |
vuxml: Document recent intel GPU vulnerability |