Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 29 Sep 2004 16:48:15 |
trhodes |
Fix apache version number entry, bump modified date for apache as well.
Approved by: portmgr |
1.1_1 28 Sep 2004 18:02:03 |
nectar |
Make an initial attempt at covering all Mozilla/Firefox/Thunderbird
package names that we've had. Similar changes need to be made to many
other entries, but let's use this one as a test subject first.
Approved by: portmgr |
1.1_1 28 Sep 2004 15:06:19 |
nectar |
Correct spelling of phpnuke package name.
Reported by: Dan Langille
Approved by: portmgr |
1.1_1 28 Sep 2004 14:31:41 |
nectar |
Note BMP decoder flaws in Mozilla/Firefox/Thunderbird.
Approved by: portmgr |
1.1_1 28 Sep 2004 14:28:04 |
nectar |
Note stack buffer overflow in Mozilla mail.
Approved by: portmgr |
1.1_1 28 Sep 2004 14:22:35 |
nectar |
Document Mozilla/Firefox/Thunderbird heap buffer overflows.
Approved by: portmgr |
1.1_1 28 Sep 2004 13:36:53 |
nectar |
Correct the package name for phpMyAdmin.
Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by: portmgr |
1.1_1 27 Sep 2004 15:15:21 |
nectar |
Add CERT Vulnerability Note references to xpm entry.
Approved by: portmgr |
1.1_1 27 Sep 2004 02:57:32 |
nectar |
Note two older vulnerabilities in PHP.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1 26 Sep 2004 18:17:36 |
nectar |
Note subversion information disclosure vulnerability.
Submitted by: lev
Approved by: portmgr |
1.1_1 26 Sep 2004 18:04:52 |
nectar |
Add missing PORTEPOCH in a mozilla entry.
Correct package name in an apache entry.
Reported by: Dan Langille <dan@langille.org>
Approved by: portmgr |
1.1_1 25 Sep 2004 00:59:48 |
nectar |
Forgot to add <modified> element for last commit.
Approved by: portmgr |
1.1_1 25 Sep 2004 00:58:59 |
nectar |
Add missing PORTEPOCH on one of the mozilla entries.
Noticed by: Dan Langille <dan@langille.org>
Approved by: portmgr |
1.1_1 23 Sep 2004 15:07:39 |
nectar |
Document vulnerabilities in lha.
Reviewed by: dinoex
Approved by: portmgr |
1.1_1 23 Sep 2004 14:16:16 |
nectar |
Lately it seems I like to use dashes in topics... but I should at
least be consistent with how many. s/---/--/
Approved by: portmgr |
1.1_1 23 Sep 2004 14:10:58 |
nectar |
Document mysql buffer overflow.
Reported by: ale
Approved by: portmgr |
1.1_1 22 Sep 2004 16:39:58 |
nectar |
Document Mozilla security icon spoofing vulnerability.
Approved by: portmgr |
1.1_1 22 Sep 2004 16:16:30 |
nectar |
Document Mozilla vulnerability involving NULL bytes in FTP URLs.
Also, correct s/firebird/firefox/ in a previously documented issue.
Approved by: portmgr |
1.1_1 22 Sep 2004 15:59:56 |
nectar |
Document Mozilla automatic file upload vulnerability.
Approved by: portmgr |
1.1_1 22 Sep 2004 15:44:03 |
nectar |
Document mozilla certificate import denial-of-service vulnerability.
Approved by: portmgr |
1.1_1 21 Sep 2004 22:04:54 |
nectar |
Note a file name disclosure issue in rssh.
Reported by: leeym
Approved by: portmgr |
1.1_1 20 Sep 2004 20:13:11 |
nectar |
Add entry describe GNU Radius denial-of-service vulnerability.
Approved by: portmgr |
1.1_1 20 Sep 2004 20:06:44 |
nectar |
Add sudoedit vulnerability.
Approved by: portmgr |
1.1_1 19 Sep 2004 23:36:42 |
nectar |
In latest CVS entry, remove the reference to the exploit. It does
not apply to any of these vulnerabilities, but to the previous CVS
vulnerability (CAN-2004-0396).
Approved by: portmgr |
1.1_1 19 Sep 2004 23:32:05 |
nectar |
Oh yeah, add affected FreeBSD versions for CVS issues.
Approved by: portmgr |
1.1_1 19 Sep 2004 23:23:49 |
nectar |
Update CVS entry with some details.
Approved by: portmgr |
1.1_1 19 Sep 2004 17:38:14 |
trhodes |
Add an entry for the mod_proxy buffer overflow existant in apache13.
Approved by: portmgr |
1.1_1 18 Sep 2004 15:42:01 |
nectar |
Note some fixes for XPM image decoding vulnerabilities.
Submitted by: lesi
Add references to Chris Evans's advisories while I'm at it.
Approved by: portmgr |
1.1_1 17 Sep 2004 02:12:17 |
marcus |
Update to gdk-pixbuf vulnerability to reflect the fixed version of gtk20.
Approved by: portmgr( implicit) |
1.1_1 15 Sep 2004 19:54:22 |
nectar |
Note that a patched version of webmin 1.150 is now available, thanks
to olengi@.
Submitted by: olengi
Add a paragraph introducing the Webmin blockquote while I'm here.
Approved by: portmgr |
1.1_1 15 Sep 2004 18:05:16 |
nectar |
Note gdk-pixbuf image decoding issues.
Approved by: portmgr |
1.1_1 15 Sep 2004 17:39:48 |
nectar |
clement@ has patched Apache 2.
Approved by: portmgr |
1.1_1 15 Sep 2004 16:31:55 |
nectar |
Note CUPS printer queue browser denial-of-service.
Approved by: portmgr |
1.1_1 15 Sep 2004 15:57:52 |
nectar |
Note Apache 2 IPv6 address parsing bug.
Approved by: portmgr |
1.1_1 15 Sep 2004 15:16:36 |
nectar |
Note new libXpm vulnerabilities.
Approved by: portmgr |
1.1_1 15 Sep 2004 14:47:36 |
nectar |
I appear to have deleted a line at the last minute. Restore it.
Approved by: portmgr |
1.1_1 15 Sep 2004 14:45:03 |
nectar |
Add mod_dav denial-of-service issue.
Approved by: portmgr |
1.1_1 15 Sep 2004 14:20:53 |
nectar |
Oops, forgot to note that the previous issue affects only the Apache 2.x
series.
Approved by: portmgr |
1.1_1 15 Sep 2004 14:18:17 |
nectar |
Add Apache 2 vulnerability concerning environmental variables in
configuration files.
Approved by: portmgr |
1.1_1 15 Sep 2004 13:52:30 |
nectar |
Repair three <freebsdpr> elements. The content of these elements
must be e.g. "ports/46613", not just "46613".
Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by: portmgr |
1.1_1 15 Sep 2004 03:03:26 |
nectar |
Note that some versions of OpenOffice have been corrected.
Approved by: portmgr |
1.1_1 14 Sep 2004 03:38:59 |
trhodes |
Fix botched date entry and correct iDefense URL.
Approved by: portmgr |
1.1_1 14 Sep 2004 03:19:10 |
trhodes |
Really add Samba 3 vulnerability.
Remove incorrect URL in mpg123 entry.
Approved by: portmgr
URL noticed: nectar |
1.1_1 14 Sep 2004 03:01:07 |
trhodes |
Correct version. Note my last commit here was for mpg123 instead of
samba3.
Noticed by: nectar
Approved by: portmgr |
1.1_1 14 Sep 2004 02:21:06 |
nectar |
- There is a WITHOUT_X11 version of ImageMagick that needs to be
taken into account.
- Fix transposed characters in `isakmpd'.
Noticed by: Dan Langille <dan@langille.org>
- Add CVE name reference for ImageMagick.
- Add webmin temporary file handling issue.
- Add OpenOffice temporary file handling issue.
- Widen the `KDE frame injection' issue to cover Mozilla, Firebird,
Netscape, and Opera as well
- Add Mozilla/Firebird/Netscape SOAPParameter vulnerability
- Add Mozilla/Thunderbird/Netscape POP client vulnerability
Approved by: portmgr |
1.1_1 14 Sep 2004 02:02:25 |
trhodes |
Update for recent Samba3 vulnerabilities.
Approved by: portmgr |
1.1_1 02 Sep 2004 12:02:29 |
nectar |
Adjust the affected version for imlib now that the 2nd instance of BMP
loader has been corrected. |
1.1_1 01 Sep 2004 17:12:54 |
nectar |
The recent commit to the krb5 port brought the version to 1.3.4_1 but
did not correct one of the existing vulnerabilities. Update the
affected range to compensate. |
1.1_1 31 Aug 2004 20:52:16 |
nectar |
Note recent MIT Kerberos 5 vulnerabilities. |
1.1_1 31 Aug 2004 14:55:49 |
nectar |
Document imlib2 BMP decoder bug. |
1.1_1 31 Aug 2004 14:34:03 |
nectar |
Document BMP decoder bugs in imlib1 and ImageMagick. |
1.1_1 30 Aug 2004 14:23:47 |
nectar |
Correct bogus date in mysql entry. (It should be YYYY-MM-DD, not
DD-MM-YYYY.)
Reported by: robert@openbsd.org |
1.1_1 30 Aug 2004 14:21:49 |
nectar |
Add more references (particularly CVE names) for issues affecting
SpamAssassin, tnftpd, ruby, mysql.
Place text taken from another source inside <blockquote cite="...">
for ruby issue. |
1.1_1 30 Aug 2004 11:08:58 |
eik |
correct/add some references |
1.1_1 27 Aug 2004 15:29:58 |
nectar |
Document NSS SSLv2 server buffer overflow (already referenced in
portaudit.txt). |
1.1_1 27 Aug 2004 14:43:07 |
nectar |
Document ripMIME decoding bug (already referenced in portaudit.txt). |
1.1_1 27 Aug 2004 04:29:59 |
marcus |
Remove <modified/> from the gnomevfs vulnerability since it was the same
as <entry/> and it needed to be last anyway.
Suggested by: nectar |
1.1_1 27 Aug 2004 01:48:56 |
marcus |
Update the gnomevfs entry to reflect the fixed versions. |
1.1_1 26 Aug 2004 22:30:07 |
trhodes |
Add entry for moinmoin ACL bypass. |
1.1_1 26 Aug 2004 22:10:50 |
nectar |
Note sanitize_path bug in rsync (already referenced in portaudit.txt). |
1.1_1 26 Aug 2004 21:12:28 |
nectar |
Unsafe URI handling in gnome-vfs, MidnightCommander. |
1.1_1 26 Aug 2004 20:34:41 |
nectar |
Document buffer overflows in SoX (already referenced in portaudit.txt). |
1.1_1 26 Aug 2004 20:15:22 |
nectar |
Document cookie bug in Konqueror (already referenced in portaudit.txt). |
1.1_1 25 Aug 2004 15:36:09 |
hrs |
- Fix "make validate" problem when textproc/xhtml-basic is
installed by adding an SGML declaration and DTDDECL.
- Remove the --catalogs option for xmllint(1) in validate.sh.
Approved by: nectar (maintainer)
PR: ports/63035 |
1.1 23 Aug 2004 19:18:08 |
trhodes |
Place port name in the description.
Suggested by: eik |
1.1 23 Aug 2004 16:08:13 |
nectar |
Add libxine vcd URL handling issue. |
1.1 23 Aug 2004 14:51:53 |
nectar |
Add DoS in SpamAssassin. |
1.1 23 Aug 2004 13:06:44 |
nectar |
Add <modified> date for previous commit. |
1.1 23 Aug 2004 13:05:07 |
nectar |
fidogate-ds was also affected by the ``write files as `news' user''
issue. |
1.1 22 Aug 2004 23:14:53 |
nectar |
Off-by-one error in courier-imap entry.
Noticed by: oliver |
1.1 22 Aug 2004 22:58:19 |
nectar |
Add a more useful reference for the Qt issue. |
1.1 22 Aug 2004 22:56:56 |
nectar |
Add Qt heap overflow issue. |
1.1 22 Aug 2004 22:39:32 |
nectar |
Add a security issue affected courier-imap when run with certain debug
flags. |
1.1 22 Aug 2004 22:28:54 |
nectar |
Add fidogate issue. |
1.1 22 Aug 2004 22:07:52 |
nectar |
Add an issue covering a vulnerability in mysqlhotcopy.
Reported by: robert@openbsd.org |
1.1 22 Aug 2004 21:44:40 |
nectar |
Cancel a VuXML entry for an Apache vulnerability that does not affect
FreeBSD.
Reminded by: recent conversations :-) |
1.1 21 Aug 2004 08:29:24 |
eik |
cancelled 6fd9a1e9-efd3-11d8-9837-000c41e2cdad: does not affect FreeBSD
<http://docs.FreeBSD.org/cgi/mid.cgi?20040817123651.GB930> |
1.1 17 Aug 2004 21:18:28 |
nectar |
Add a pointer to Przemyslaw Frasunek's advisory. |
1.1 17 Aug 2004 18:30:08 |
nectar |
For the lukemftpd/tnftpd issue, add a reference to NetBSD security
advisory now that it is available. |
1.1 17 Aug 2004 18:01:37 |
nectar |
Note a vulnerability in lukemftpd/tnftpd. |
1.1 17 Aug 2004 12:07:30 |
eik |
multiple CVS vulnerabilities |
1.1 17 Aug 2004 06:46:49 |
knu |
Correct the version numbers and dates in the last entry. |
1.1 17 Aug 2004 06:40:37 |
knu |
Add an entry for:
Ruby insecure file permissions in the CGI session management |
1.1 16 Aug 2004 22:38:28 |
nectar |
Document a setgid "games" security issue in xonix. Based on a VuXML
entry that was
Submitted by: robert@OpenBSD.org |
1.1 15 Aug 2004 15:51:15 |
nectar |
Correct the version number range affected for ja-samba.
Correct the version number range affected for Mozilla 1.8 alphas.
Problem hinted at by: eik |
1.1 15 Aug 2004 14:31:56 |
nectar |
Correct the version number range affected for Mozilla 1.8 alphas.
Problem hinted at by: eik
While I'm here, add a CVE name reference and a couple of other relevant
Bugzilla links. It is interesting that this security issue was reported
as early as 1999. Also, replace the text plagiarized from the Secunia
advisory without attribution with a more helpful (maybe?) description of
the issue. |
1.1 13 Aug 2004 21:31:53 |
trhodes |
Format string vulnerability in jftpgw.
Informed by: Robert Nagy <robert@openbsd.org> |
1.1 12 Aug 2004 22:06:17 |
nectar |
Repair broken URL.
Noticed by: simon |
1.1 12 Aug 2004 21:07:06 |
nectar |
Add two issues covering three KDE advisories: two temporary file
handling issues, and a KHTML issue. |
1.1 12 Aug 2004 20:54:13 |
marcus |
The last commit should have changed the comparison tag from <le> to <lt>. |
1.1 12 Aug 2004 20:44:41 |
marcus |
Update Gaim vulnerability (5b8f9a02-ec93-11d8-b913-000c41e2cdad) to indicate
that gaim-0.81_1 has a fix for this. |
1.1 12 Aug 2004 19:23:23 |
nectar |
The MSN component of Gaim contains remotely exploitable buffer
overflows. |
1.1 12 Aug 2004 19:05:51 |
nectar |
The Adobe Acrobat Reader can be coerced into executing arbitrary
commands on UNIX systems. |
1.1 12 Aug 2004 18:56:10 |
nectar |
Under certain configurations of POPfile may allow an attacker to
retrieve files from the victim's machine.
Reported by: Daniel Grund <mail@dgrund.de> |
1.1 12 Aug 2004 18:43:01 |
nectar |
Correct version information syntax in a number of entries. VuXML-using
tools are expected only to understand actual package names and version
numbers, not globs such as `foo-{bar,baz}' or `1.*'. |
1.1 12 Aug 2004 11:58:18 |
eik |
give the ImageMagick png vulnerability an own entry |
1.1 11 Aug 2004 22:57:51 |
eik |
f72ccf7c-e607-11d8-9b0a-000347a4fa7d is a duplicate of
6f955451-ba54-11d8-b88c-000d610a3b12, move references |
1.1 10 Aug 2004 11:00:48 |
eik |
add a reference for linux-png-1.0.x to 3a408f6f-9c52-11d8-9366-0020ed76ef5a |
1.1 09 Aug 2004 15:10:03 |
eik |
add ImageMagick to the list of png-vulnerable ports |
1.1 07 Aug 2004 08:33:00 |
eik |
correct typo |