Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 12 Oct 2005 22:53:00 |
simon |
Improve last couple of entries:
- Use standard topic format.
- Fix packagename in phpmyadmin and zone entries.
- Fix indention and remove EOL white-space.
- Make lead in a bit more verbose.
- Add more references to phpmyadmin issue.
- Remove some redundant quoted text in zope issue. |
1.1_1 12 Oct 2005 14:51:14 |
mnag |
Add entry for openssl
Remove entry about safe mode in phpmyadmin |
1.1_1 12 Oct 2005 00:24:39 |
mnag |
Add entry for phpmyadmin (PMASA-2005-4) |
1.1_1 12 Oct 2005 00:12:21 |
mnag |
Fix typo with range values |
1.1_1 12 Oct 2005 00:01:03 |
mnag |
Add entry from zope28 |
1.1_1 09 Oct 2005 21:03:07 |
simon |
For libxine -- format string vulnerability entry:
- Add reference to xine security announcement.
- Fix indention on a few lines. |
1.1_1 09 Oct 2005 16:14:41 |
nobutaka |
Add an entry for libxine format string vulnerability. |
1.1_1 09 Oct 2005 10:14:28 |
simon |
Mark older revisions linux_base-suse 9.3 as vulnerable to kdebase --
Kate backup file permission leak. |
1.1_1 07 Oct 2005 07:31:51 |
sergei |
- Mark cfengine's arbitrary file overwriting vulnerability as fixed in 2.1.6_1
- Add another possible variant of package name - cfengine2 |
1.1_1 05 Oct 2005 17:44:06 |
thierry |
Add an entry for UW-IMAP Mailbox Name Handling Remote Buffer Overflow
Vulnerability (CAN-2005-2933). |
1.1_1 05 Oct 2005 15:55:08 |
ehaupt |
Add credit for recent ftp/weex incident
Approved by: novel (mentor) |
1.1_1 04 Oct 2005 13:23:00 |
garga |
rinetd >= 0.62_1 has no more vulnerabilities |
1.1_1 02 Oct 2005 20:10:42 |
remko |
Add references to three squid entries.
Submitted by: Thomas-Martin Seck <tmseck at netcologne dot de>
(except for the bid's which i added myself). |
1.1_1 02 Oct 2005 17:46:23 |
simon |
Use the <freebsdpr> tag to markup a PR in weex -- remote format string
vulnerability entry. |
1.1_1 02 Oct 2005 16:11:30 |
jylefort |
Document a format string vulnerability in ftp/weex. |
1.1_1 02 Oct 2005 07:45:29 |
simon |
Document picasm -- buffer overflow vulnerability. |
1.1_1 01 Oct 2005 16:43:38 |
nobutaka |
Add an URL to the entry of the japanese/uim. |
1.1_1 01 Oct 2005 16:35:20 |
nobutaka |
Document japanese/uim privilege escalation vulnerability. |
1.1_1 01 Oct 2005 15:21:57 |
simon |
Document cfengine -- arbitrary file overwriting vulnerability. |
1.1_1 01 Oct 2005 10:17:19 |
remko |
Mark zsync <= 0.4.1 vulnerable to the zlib buffer overflow vulnerability.
Inspired by: gordon's commit |
1.1_1 01 Oct 2005 08:40:58 |
simon |
Add more references to unace -- multiple vulnerabilities entry. |
1.1_1 01 Oct 2005 07:14:34 |
simon |
Add CVE name to an older ProZilla entry. |
1.1_1 29 Sep 2005 20:01:41 |
simon |
Add more references for latest phpmyfaq entry. |
1.1_1 29 Sep 2005 19:31:13 |
simon |
- Add a note that new entries, per convention, should be added to the
start of this file.
For latest phpmyfaq entry:
- Use port directory name as first part of topic.
- No need to include information about affected releases in topic
(it's somewhat redundant and makes the title longer).
- Reindent body with standard FreeBSD Doc Project (more or less)
style. |
1.1_1 28 Sep 2005 22:54:43 |
vsevolod |
Document vulnerabilities in www/phpmyfaq |
1.1_1 24 Sep 2005 09:22:30 |
remko |
Add linux_base-suse-9.3 to the zlib entry.
Inspired by: trevors commit. |
1.1_1 24 Sep 2005 08:31:47 |
simon |
Document clamav -- arbitrary code execution and DoS vulnerabilities. |
1.1_1 23 Sep 2005 21:44:15 |
simon |
- Be consistent and call entries "firefox & mozilla", not the other way
around.
- Mark latest linux-mozilla port as fixed for recent mozilla
vulnerabilities. |
1.1_1 23 Sep 2005 19:19:04 |
simon |
- Document mozilla & firefox -- multiple vulnerabilities.
- Add Mozilla Foundation Security Advisory references to two other
firefox/mozilla entries. |
1.1_1 21 Sep 2005 23:03:57 |
simon |
Add real references to urban -- stack overflow vulnerabilities. |
1.1_1 21 Sep 2005 22:31:09 |
simon |
Document mozilla & firefox -- command line URL shell command injection. |
1.1_1 21 Sep 2005 21:59:32 |
simon |
Add CVE name for tor -- diffie-hellman handshake flaw. |
1.1_1 21 Sep 2005 21:46:26 |
simon |
Correct package name for entry bind -- buffer overrun vulnerability. |
1.1_1 21 Sep 2005 21:15:51 |
simon |
Add CVE name to an older CUPS issue. |
1.1_1 19 Sep 2005 16:12:07 |
remko |
Fix the htdig entry, the port version and the VuXML version did not
align.
Reported by: Nic Bellamy <nic at bellamy dot co dot nz> |
1.1_1 19 Sep 2005 16:09:28 |
remko |
Fix the squirrelmail entry since only versions prior to 1.4.5 were
affected. Bump modification date accordingly.
Reported by: Avinash Piare <avinash at piare dot org> |
1.1_1 17 Sep 2005 19:08:43 |
remko |
Document the following items:
o apache -- Certificate Revocation List (CRL) off-by-one vulnerability
o squirrelmail -- _$POST variable handling allows for various attacks
Reviewed by: simon |
1.1_1 15 Sep 2005 20:14:27 |
pav |
- Add an entry on possible DOS condition regarding NTLM in squid
PR: ports/86179
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1 14 Sep 2005 22:22:49 |
lesi |
Document X11 server -- pixmap allocation vulnerability.
Reviewed by: simon |
1.1_1 13 Sep 2005 20:18:44 |
remko |
Document unzip -- permission race vulnerability. [1]
Update the recent htdig entry with it's corrected version.
Reviewed by: simon [1] |
1.1_1 10 Sep 2005 20:55:35 |
simon |
Document firefox & mozilla -- buffer overflow vulnerability.
Prodded by: pav |
1.1_1 07 Sep 2005 08:46:53 |
lawrance |
Mark the latest version of cups-base fixed for "xpdf -- disk fill DoS
vulnerability" |
1.1_1 04 Sep 2005 15:24:56 |
remko |
Add forgotten </package> line.
Spotted by: simon |
1.1_1 04 Sep 2005 15:16:52 |
remko |
Mark b2evolution prior to 0.9.0.12_2 vulnerable to the XML_RPC remote php code
injection vulnerability.
Inspired by: pav's commit, updating the port. |
1.1_1 04 Sep 2005 09:03:05 |
remko |
Document htdig -- cross site scripting vulnerability.
Reviewed by: simon |
1.1_1 04 Sep 2005 07:54:46 |
sem |
- Document two squid security related issues.
PR: ports/85688
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer) |
1.1_1 03 Sep 2005 19:05:01 |
remko |
Document bind9 -- denial of service.
Also merge the FreeBSD-SA-05:12.bind9 advisory in the entry. [1]
Suggested by: simon [1]
Reviewed by: simon |
1.1_1 03 Sep 2005 18:06:52 |
remko |
Document bind -- buffer overrun vulnerability |
1.1_1 02 Sep 2005 13:10:52 |
simon |
Add a more or less bogus reference section to the last entry, to make it
a valid entry. The reference simply references the VuXML entry itself,
but at least it fixes the build for now.
Missed by: simon |
1.1_1 02 Sep 2005 12:59:55 |
jylefort |
Document stack overflow vulnerabilities in games/urban.
Approved by: simon |
1.1_1 29 Aug 2005 20:47:28 |
simon |
Mark latest evolution port version as fixed wrt. evolution -- remote
format string vulnerabilities. |
1.1_1 29 Aug 2005 15:10:30 |
kuriyama |
Add entry for fswiki's vuln. |
1.1_1 29 Aug 2005 08:11:21 |
niels |
Dante 1.1.15 is no longer affected by the fd_set bitmap index overflow.
Updated the version in VuXML (was 0).
Approved by: nectar (mentor) |
1.1_1 28 Aug 2005 20:48:11 |
simon |
- Fill out part of the std. VuXML template missed in the last entry.
- Mark acroread 7.0.1 as fixed for acroread -- XML External Entity
vulnerability. [1]
Reported by: Sverre H. Huseby [1] |
1.1_1 27 Aug 2005 22:25:31 |
simon |
Document evolution -- remote format string vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1 27 Aug 2005 21:54:42 |
simon |
Document pam_ldap -- authentication bypass vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1 27 Aug 2005 18:17:24 |
simon |
Mark phpgroupware as vulnerable to pear-XML_RPC -- remote PHP code
injection vulnerability.
Reported by: olgeni
Approved by: portmgr (blanket, VuXML) |
1.1_1 26 Aug 2005 21:24:31 |
simon |
Document pcre -- regular expression buffer overflow.
Approved by: portmgr (blanket, VuXML) |
1.1_1 23 Aug 2005 20:26:39 |
simon |
Mark latest awstats port as fixed for awstats -- arbitrary code
execution vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1 23 Aug 2005 19:07:08 |
sem |
Document mail/elm remote buffer overflow vulnerability.
PR: ports/85225
Submitted by: Kevin Day <toasty@dragondata.com> (elm maintainer)
Approved by: portmgr (blanket, VuXML) |
1.1_1 19 Aug 2005 09:58:20 |
remko |
Document four vulnerabilities in openvpn:
* openvpn -- multiple TCP clients connecting with the same certificate at the
same time can crash the server
* openvpn -- denial of service: malicious authenticated "tap" client
can deplete server virtual memory
* openvpn -- denial of service: undecryptable packet from authorized client can
disconnect unrelated clients
* openvpn -- denial of service: client certificate validation can disconnect
unrelated clients
Approved by: portsmgr (blanket VuXML)
Submitted by: Matthias Andree <matthias dot andree at gmx dot de> |
1.1_1 17 Aug 2005 20:01:02 |
simon |
Also mark phpAdsNew as affected by "pear-XML_RPC -- remote PHP code
injection vulnerability".
Approved by: portmgr (blanket, VuXML) |
1.1_1 17 Aug 2005 19:46:40 |
remko |
Add the fixed version so that people do not get a stale portaudit when the
update is there.
Also fix some indentation that i overlooked.
Noticed by: simon (both of the items)
Approved by: portsmgr (blanket VuXML) |
1.1_1 17 Aug 2005 19:34:44 |
remko |
Document tor -- diffie-hellman handshake flaw.
Submitted by: Michal Bartkowiak <michal at nonspace dot net>
Approved by: portsmgr (blanket VuXML) |
1.1_1 16 Aug 2005 21:19:30 |
simon |
gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark it
as such.
Approved by: portmgr (blanket, VuXML) |
1.1_1 16 Aug 2005 20:56:54 |
simon |
Add eGroupWare to the list of packages affected by "pear-XML_RPC --
remote PHP code injection vulnerability".
Approved by: portmgr (blanket, VuXML) |
1.1_1 16 Aug 2005 18:43:41 |
simon |
Document acroread -- plug-in buffer overflow vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1 15 Aug 2005 20:38:54 |
simon |
Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code
injection vulnerability" entry since they contain an embedded version of
pear-XML_RPC.
Fix typo in body of the latest xpdf entry (note: no modified date bump
as this is a minor typo fix which does change <affects>).
Approved by: portmgr (blanket, VuXML) |
1.1_1 15 Aug 2005 13:20:31 |
simon |
Document pear-XML_RPC -- remote PHP code injection vulnerability.
Submitted by: hrs
Approved by: portmgr (blanket, VuXML) |
1.1_1 14 Aug 2005 21:09:11 |
simon |
Document awstats -- arbitrary code execution vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1 12 Aug 2005 16:38:54 |
simon |
After further examination it turns out that gnugadu does not include
libgadu, at least not any in any current version, and from looking at
the gnugadu code there is no direct indication that this code should
actually be vulnerable to the other libgadu vulnerabilities. [1]
The gaim part of libgadu -- multiple vulnerabilities was fixed in
1.4.0_1. [2]
Polish translation clue: pjd [1]
General clue by: markus [2]
Not enough checking: simon
Approved by: portmgr (blanket, VuXML) |
1.1_1 12 Aug 2005 14:45:57 |
simon |
Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiple
vulnerabilities, since it turns out that they use libgadu from the ekg
port.
Approved by: portmgr (blanket, VuXML) |
1.1_1 12 Aug 2005 14:21:10 |
simon |
Document libgadu -- multiple vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1 12 Aug 2005 11:26:44 |
simon |
Document gaim -- AIM/ICQ away message buffer overflow and gaim --
AIM/ICQ non-UTF-8 filename crash.
Approved by: portmgr (blanket, VuXML) |
1.1_1 12 Aug 2005 10:42:14 |
simon |
Remove pdftohtml from the list of packages affected by xpdf -- disk
fill DoS vulnerability, since it includes xpdf 2, which should not be
affected.
Approved by: portmgr (blanket, VuXML) |
1.1_1 11 Aug 2005 22:18:53 |
simon |
Document xpdf -- disk fill DoS vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1 11 Aug 2005 12:40:52 |
simon |
Mark apache 1.3.33_2 as fixed for apache -- http request smuggling.
Approved by: portmgr (blanket, VuXML) |
1.1_1 09 Aug 2005 11:51:25 |
simon |
Document gforge -- XSS and email flood vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1 07 Aug 2005 22:19:56 |
simon |
Document postnuke -- multiple vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1 05 Aug 2005 13:32:17 |
simon |
Document mambo -- multiple vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1 05 Aug 2005 10:34:41 |
remko |
Correct the ranges for the IPSec advisory and the devfs advisory.
Also correct proper ranges for the zlib advisory.
Approved by: portsmgr (blanket VuXML) |
1.1_1 05 Aug 2005 10:21:39 |
remko |
Document some recent FreeBSD advisories:
o devfs -- ruleset bypass.
o zlib -- buffer overflow vulnerability.
o ipsec -- Incorrect key usage in AES-XCBC-MAC.
Approved by: portsmgr (blanket VuXML) |
1.1_1 04 Aug 2005 15:56:53 |
remko |
Add some more entries to the apache -- http smuggling vulnerability.
PR: ports/84312
Submitted by: Dmitry A Grigorovich <odip at bionet dot nsc dot ru>
Approved by: portsmgr (blanket VuXML) |
1.1_1 03 Aug 2005 17:14:16 |
simon |
Document proftpd -- format string vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1 03 Aug 2005 16:54:48 |
simon |
Note that the fix for gnupg -- OpenPGP symmetric encryption
vulnerability in gnupg is not complete (see entry for details).
Discussed with: nectar
Approved by: portmgr (blanket, VuXML) |
1.1_1 03 Aug 2005 11:58:12 |
simon |
Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg --
OpenPGP symmetric encryption vulnerability.
Reminded by: nectar
Approved by: portmgr (blanket, VuXML) |
1.1_1 01 Aug 2005 18:38:11 |
simon |
Mark latest gdal version as fixed for all tiff vulnerabilities. |
1.1_1 01 Aug 2005 07:45:18 |
niels |
Added nbsmtp format string vulnerability.
Approved by: nectar (mentor) |
1.1_1 31 Jul 2005 23:39:50 |
simon |
Mark latest the linux-tiff and pdflib ports safe from latest tiff
vulnerability.
Thanks to lawrance and netchild for fast fixes. |
1.1_1 31 Jul 2005 15:00:54 |
simon |
Document sylpheed -- MIME-encoded file name buffer overflow
vulnerability. |
1.1_1 31 Jul 2005 13:50:20 |
simon |
Document phpmyadmin -- cross site scripting vulnerability. |
1.1_1 31 Jul 2005 13:23:50 |
simon |
Document gnupg -- OpenPGP symmetric encryption vulnerability.
Note: this is mainly a theoretical vulnerability. |
1.1_1 31 Jul 2005 11:38:25 |
remko |
Bump entry date.
Forgotten by: remko
Spotted by: simon |
1.1_1 31 Jul 2005 11:31:52 |
remko |
Document vim -- vulnerabilities in modeline handling: glob, expand.
Discussed with: nectar, simon |
1.1_1 30 Jul 2005 22:20:27 |
simon |
Document that ekg -- insecure temporary file creation was fixed in
1.6r2,1.
Noted by: Michal Kalkowski |
1.1_1 30 Jul 2005 20:20:52 |
simon |
Add pdflib-perl, fractorama, gdal, iv, ivtools, ja-iv, ja-libimg,
paraview to recent libtiff vulnerabilities since they contain (and
compile) an embedded version of libtiff... |
1.1_1 30 Jul 2005 19:13:10 |
simon |
Change MAINTAINER address for ports maintained by the Security Team to
secteam@ instead of security@ to make it more clear that the ports are
not maintained by the freebsd-security@ mailing list. Both addresses
go to the same people. |
1.1_1 30 Jul 2005 15:48:06 |
simon |
Document tiff -- buffer overflow vulnerability. |
1.1_1 30 Jul 2005 11:18:20 |
simon |
- Misc. markup/whitespace fixes.
- Collapse a few package entries from the latest apache entry (still
matches same package names, is just shorter markup-wise).
- Use standard topic style for jaberd entry.
- Fix entry date for jaberd entry. |
1.1_1 30 Jul 2005 10:00:41 |
vsevolod |
Document jabberd vulnerabilities that were fixed by the latest update.
Approved by: perky (mentor) |