| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
23 May 2013 15:30:08
  1.1_1
|
flo  |
Update to 2.17.1 as the 2.18 release was postponed / cancelled |
23 May 2013 08:20:48
1.1_1
|
cs |
Fix entry date, wrongly entered in revision 318453 |
23 May 2013 08:02:57
1.1_1
|
cs |
fix typo in recent otrs vulnerability |
23 May 2013 07:58:58
1.1_1
|
cs |
Add vulnerabilities
Security: CVE-2013-2637
CVE-2013-3551 |
23 May 2013 07:24:40
1.1_1
|
matthew |
Security Updates
- www/rt40 to 4.0.13
- www/rt38 to 3.8.17 [1]
This is a security fix addressing a number of CVEs:
CVE-2012-4733
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
Users will need to update their database schemas as described in
pkg-message
Approved by: flo [1]
Security: 3a429192-c36a-11e2-97a9-6805ca0b3d42 |
22 May 2013 09:14:17
1.1_1
|
rene |
Fix vuxml by using the correct format for CVE names.
Prodded by: bz on IRC |
22 May 2013 08:45:11
1.1_1
|
rene |
List vulnerabilities fixed in www/chromium 27.0.1453.93 (which is the
current version in the Ports Collection). |
19 May 2013 14:06:36
1.1_1
|
rakuco |
Patch multiple vulnerabilities in x11-toolkits/plib.
PR: ports/178710
Submitted by: Denny Lin <dennylin93@hs.ntnu.edu.tw> |
18 May 2013 20:35:07
1.1_1
|
rakuco |
- Update to 0.7.4
- Add VuXML entry
- Trim Makefile header
- Add LICENSE
PR: ports/177206
Submitted by: Alexander Milanov <a@amilanov.com>
Approved by: Thomas Hurst <tom@hur.st> (maintainer)
Security: a8818f7f-9182-11e2-9bdf-d48564727302 |
16 May 2013 22:46:39
1.1_1
|
delphij |
Update the recent nginx entry to cover the exact version range and include
information for CVE-2013-2070. |
16 May 2013 04:14:31
1.1_1
|
eadler |
Update to the latest version of Adobe Flash |
16 May 2013 02:00:38
1.1_1
|
flo |
- update firefox to 21.0
- update firefox-esr and thunderbird to 17.0.6
- WEBRTC now supports PULSEAUDIO
- make linux-firefox work with plugins again (e.g. quakelive)
Security: 4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02
In collaboration with: Jan Beich <jbeich@tormail.org> |
14 May 2013 07:15:24
1.1_1
|
osa |
Update ranges according latest available information.
Source: http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html |
13 May 2013 00:08:14
1.1_1
|
ashish |
- Update emacs entry to correct the version ranges for CVE-2012-3479 |
07 May 2013 18:58:55
1.1_1
|
delphij |
Update nginx entry to reflect the right version ranges for CVE-2013-2028.
Note that we don't really have nginx 1.3.9 in the ports collection, due
to the recent ports freeze. The version 1.3.9 is used here just to
better match the original advisory. |
07 May 2013 13:32:03
1.1_1
|
osa |
Fix typo.
Found by: ru |
07 May 2013 11:35:19
1.1_1
|
osa |
Document nginx -- a stack-base buffer overflow. |
03 May 2013 18:20:43
1.1_1
|
ohauer |
- fix strongSwan discovery date /2013-05-03/2013-04-30/ |
03 May 2013 18:16:36
1.1_1
|
ohauer |
- update to version 5.0.4 which fixes CVE-2013-2944.
- add entry to vuxml
- add CVE references to jankins vuxml entry
while I'm here remove .sh from rc script
PR: ports/178266
Submitted by: David Shane Holden <dpejesh@yahoo.com>
Approved by: strongswan@nanoteq.com (maintainer) |
03 May 2013 16:26:20
1.1_1
|
lwhsu |
Document Jenkins Security Advisory 2013-05-02 |
02 May 2013 19:41:07
1.1_1
|
tmseck |
- Add the vendor patch for SQUID-2012:1 (CVE-2012-5643) and update VuXML
information accordingly
- Bump PORTREVISION
PR: ports/177773
Submitted by: Kan Sasaki
Approved by: flo (mentor)
Security: c37de843-488e-11e2-a5c9-0019996bc1f7 |
29 Apr 2013 22:41:58
1.1_1
|
des |
Add entry for SA-13:05.nfsserver |
27 Apr 2013 20:58:01
1.1_1
|
nivit |
- Document multiple XSS and DDoS vulnerabilities for Joomla!
(2.5.0 <= version < 2.5.10) |
24 Apr 2013 20:23:16
1.1_1
|
matthew |
Security updae to 3.5.8.1
Four new serious security alerts were issued today by the phpMyAdmin
them: PMASA-2013-2 and PMASA-2013-3 are documented in this commit to
vuln.xml.
- Remote code execution via preg_replace().
- Locally Saved SQL Dump File Multiple File Extension Remote Code
Execution.
The other two: PMASA-2013-4 and PMASA-2013-5 only affect PMA 4.0.0
pre-releases earlier than 4.0.0-rc3, which are not available through
the ports. |
22 Apr 2013 20:57:03
1.1_1
|
dinoex |
- Security update to 1.0.21
Security: CVE-2013-1428 |
20 Apr 2013 16:01:56
1.1_1
|
dinoex |
- Security fix
Security: CVE-2011-4517 execute arbitrary code on decodes images
Submitted by: naddy (Christian Weisgerber)
Obtained from: Fedora
Feature safe: yes |
20 Apr 2013 09:24:30
1.1_1
|
matthew |
Document PMASA-2013-1
It turns out that release 3.5.8 (recently updated in ports) was the
cure to an XSS vulnerability.
Feature safe: yes |
19 Apr 2013 18:03:18
1.1_1
|
delphij |
Document roundcube arbitrary file disclosure vulnerability.
Reported by: Marcelo Gondim <gondim bsdinfo com br>
Feature safe: yes |
18 Apr 2013 04:03:08
1.1_1
|
dinoex |
- add jasper
Feature safe: yes |
16 Apr 2013 10:58:16
1.1_1
|
araujo |
- Update to 2.7.3 due a vulnerability that affect all versions 2.x. [1]
- Update MASTER_SITES.
- Convert to optionsNG.
- Trim header.
More info:
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
Reported by: olli hauer <ohauer@gmx.de> [1]
Approved by: portmgr (bdrewery)
Security: 2070c79a-8e1e-11e2-b34d-000c2957946c |
15 Apr 2013 12:28:58
1.1_1
|
bdrewery |
- Update to 0.85
- Convert to new options framework
sieve-connect was not actually verifying TLS certificate identities matched
the expected hostname. Changes with new version:
Fix TLS verification; find server by own hostname & SRV.
* TLS hostname verification was not actually happening.
* IO::Socket::SSL requirement bumped to 1.14 (was 0.97).
* By default, if no server specified, before falling back to localhost try to
use the current hostname and SRV records in DNS to figure out if Sieve is
available. Checks for sieve, imaps & imap protocol SRV records and honours (Only the first 15 lines of the commit message are shown above  ) |
13 Apr 2013 15:44:09
1.1_1
|
eadler |
Replace duplicate vids with a newly generated GUID.
Older duplicates kept their own number.
Approved by: portmgr (implicit)
With Hat: ports-secteam |
12 Apr 2013 16:19:38
1.1_1
|
des |
Oops, fix the cite URL.
Approved by: portmgr (tabthorpe) |
12 Apr 2013 16:14:22
1.1_1
|
des |
Edit OpenVPN 2.3.1 entry:
- Replace links to changelog and commit with a link to the official
announcement (which also links to the commit)
- Replace the description with a sentence lifted from the
announcement.
Approved by: portmgr (tabthorpe) |
11 Apr 2013 22:19:50
1.1_1
|
eadler |
Update flash to 11.2r202.280
Security: 15236023-a21b-11e2-a460-208984377b34
Reviewed by: delphij
Approved by: portmgr (bdrewery) |
11 Apr 2013 11:41:29
1.1_1
|
bdrewery |
- Add url reference to 1431f2d6-a06e-11e2-b9e0-001636d274f3
Approved by: portmgr (implicit)
Requested by: jgh |
11 Apr 2013 11:30:01
1.1_1
|
bdrewery |
- Update to 3.2.13 to fix security vulnerabilities
- Update rubygem-mail to 2.5.3 as rubygem-actionmailer-3.2.13 requires it
PR: ports/177709
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr>
With hat: ruby
Approved by: portmgr (implicit)
Reviewed by: miwi
Security: db0c4b00-a24c-11e2-9601-000d601460a4 |
09 Apr 2013 01:18:58
1.1_1
|
bdrewery |
- Document CVE-2013-0131 for nvidia-driver
Submitted by: danfe
Approved by: portmgr (implicit) |
08 Apr 2013 20:57:22
1.1_1
|
flo |
Typo fix for the typo fix. Validated with make validate this time.
Reported by: bz
Approved by: portmgr (implicit) |
08 Apr 2013 20:33:11
1.1_1
|
flo |
Fix a typo in the recent mozilla entry
Reported by: pluknet
Approved by: portmgr (tabthorpe) |
06 Apr 2013 16:51:41
1.1_1
|
dinoex |
- Security udpate to 12.15
Security: http://www.opera.com/docs/changelogs/unified/1215/
Security: http://www.opera.com/security/advisory/1046
Security: http://www.opera.com/security/advisory/1047
PR: 177654
Approved by: portmgr |
06 Apr 2013 16:43:28
1.1_1
|
ohauer |
- fix subversion range
Approved by: portmgr (implizit) |
06 Apr 2013 10:00:28
1.1_1
|
ohauer |
- Subversion 1.7.9 security update [1]
- Subversion 1.6.21 security update [2]
This release addesses the following issues security issues:
[1][2] CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
[1][2] CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity
URLs
[1][2] CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant
URLs
[1][2] CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity
URLs
[1] CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT
request
More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
http://subversion.apache.org/security/
PR: 177646
Submitted by: ohauer
Approved by: portmgr (tabthorpe, erwin), lev
Security: b6beb137-9dc0-11e2-882f-20cf30e32f6d |
05 Apr 2013 21:16:54
1.1_1
|
cs |
Vulnerability in OTRS
Approved by: portmgr
Security: eae8e3cf-9dfe-11e2-ac7f-001fd056c417 |
04 Apr 2013 13:21:23
1.1_1
|
girgen |
The PostgreSQL Global Development Group has released a security
update to all current versions of the PostgreSQL database system,
including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
fixes a high-exposure security vulnerability in versions 9.0 and
later. All users of the affected versions are strongly urged to apply
the update *immediately*.
A major security issue (for versions 9.x only) fixed in this release,
[CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899),
makes it possible for a connection request containing a database name
that begins with "-" to be crafted that can damage or destroy files
within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request. This issue was
discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source
Software Center. (Only the first 15 lines of the commit message are shown above ) |
03 Apr 2013 20:27:48
1.1_1
|
flo |
- update thunderbird, firefox-esr, linux-thunderbird and linux-firefox to
17.0.5
- update firefox to 20.0
- update seamonkey and linux-seamonkey to 2.17
- update nspr to 4.9.6
- remove mail/thunderbird-esr, Mozilla stopped providing 2 versions of
thunderbird
- prune support for old FreeBSD versions; users of 8.2, 7.4 or earlier
are advised to upgrade - http://www.freebsd.org/security/
- add vuln.xml entry
Security: 94976433-9c74-11e2-a9fc-d43d7e0c7c02
Approved by: portmgr (miwi)
In collaboration with: Jan Beich <jbeich@tormail.org> |
02 Apr 2013 20:21:28
1.1_1
|
delphij |
Document two latest FreeBSD security advisories.
Approved by: portmgr (bdrewery) |
31 Mar 2013 17:36:30
1.1_1
|
ohauer |
- update japanes/bugzilla templates
- update vuxml to reflect bugzilla templates
- fix typo in vuxml
Approved by: portmgr (miwi)
Sponsored by: |
31 Mar 2013 16:00:02
1.1_1
|
mandree |
security upgrade to OpenVPN 2.3.1; upstream release notes are
"This release adds supports for PolarSSL 1.2. It also adds a fix to
prevent potential side-channel attacks by switching to a constant-time
memcmp when comparing HMACs in the openvpn_decrypt function. In
addition, it contains several bugfixes and documentation updates, as
well as some minor enhancements."
Full ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>
The port upgrade also offers an option to use the GPLv2+-licensed
PolarSSL instead of OpenSSL (which brings in a license mix).
PR: ports/177517
Reviewed by: miwi
Approved by: portmgr (miwi)
Security: 92f30415-9935-11e2-ad4c-080027ef73ec |
29 Mar 2013 14:08:47
1.1_1
|
kwm |
Update to 2.8.0. [1]
Add patch to fix CVE-2013-0338 and CVE-2013-0339. [2]
Convert to OptionsNG, rename patches to standard form. [1]
Notified by: swills@ [2]
Obtained from: gnome team repo [1]
Security: 843a4641-9816-11e2-9c51-080027019be0 |
29 Mar 2013 10:04:43
1.1_1
|
flo |
Update asterisk ports to:
net/asterisk 1.8.20.2
net/asterisk10 10.12.2
net/asterisk11 11.2.2
Security: daf0a339-9850-11e2-879e-d43d7e0c7c02 |
27 Mar 2013 20:44:51
1.1_1
|
delphij |
Explicitly use -E for sed(1).
Submitted by: des
Reviewed by: eadler |
27 Mar 2013 10:29:25
1.1_1
|
erwin |
Add entry for latest Bind advisory CVE-2013-2266 |
26 Mar 2013 23:25:20
1.1_1
|
delphij |
In validate target, use unexpand and sed to make sure that we are using
consistent space style.
Reviewed by: stas, simon |
26 Mar 2013 20:58:23
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 26.0.1410.43
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
26 Mar 2013 18:16:33
1.1_1
|
delphij |
Remove trailing space, no content change. |
26 Mar 2013 18:09:07
1.1_1
|
delphij |
unexpand vuln.xml. |
26 Mar 2013 05:31:07
1.1_1
|
acm |
firebird vulnerability entry (CVE-2013-2492)
Security: 6adca5e9-95d2-11e2-8549-68b599b52a02 |
26 Mar 2013 01:13:34
1.1_1
|
zi |
- Document vulnerability in graphics/optipng (CVE-2012-4432)
PR: ports/177206
Submitted by: Alexander Milanov <a@amilanov.com>
Security: 8818f7f-9182-11e2-9bdf-d48564727302 |
18 Mar 2013 20:46:52
1.1_1
|
flo |
Update to 5.3.23
Security: 1d23109a-9005-11e2-9602-d43d7e0c7c02 |
18 Mar 2013 12:12:59
1.1_1
|
zi |
- Document recent vulnerabilities in www/piwigo: CVE-2013-1468, CVE-2013-1469
Reported by: Ruslan Makhmatkhanov <cvs-src@yandex.ru>
Security: edd201a5-8fc3-11e2-b131-000c299b62e1 |
16 Mar 2013 22:12:54
1.1_1
|
remko (src,doc committer) |
Fix typo in the libpurple entry.
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> |
15 Mar 2013 13:52:09
1.1_1
|
zi |
- Perl vulnerability (CVE-2013-1667) also applies to perl-threaded
Reported by: Alexandre Krasnov <freebsd@tern.ru>
Security: 68c1f75b-8824-11e2-9996-c4850808617 |
14 Mar 2013 08:17:40
1.1_1
|
pclin |
- graphics/libexif:
* Update to 0.6.21
* Add LICENSE
* Switch to OptionsNG and PORTDOCS
- Document libexif 2012-07-12 vulnerabilty
- Bump PORTREVISION for libexif related ports
- Trim headers while here
PR: ports/175910
Approved by: swills (mentor)
Security: d881d254-70c6-11e2-862d-080027a5ec9a |
13 Mar 2013 04:04:48
1.1_1
|
eadler |
Update flash the latest (hopefully) secure version.
PR: ports/176904
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security: http://www.vuxml.org/freebsd/5ff40cb4-8b92-11e2-bdb6-001060e06fd4.html |
13 Mar 2013 03:35:54
1.1_1
|
swills |
- Update puppet to 3.1.1 resolving multiple security issues
- Update puppet27 to 2.7.21 resolving multiple security issues
- Document multiple puppet security issues
Security: cda566a0-2df0-4eb0-b70e-ed7a6fb0ab3c |
10 Mar 2013 19:04:01
1.1_1
|
rea |
Perl 5.x: fix CVE-2013-1667
Feature safe: wholeheartedly hope so |
10 Mar 2013 04:03:12
1.1_1
|
miwi |
- Fix previous entry |
10 Mar 2013 00:13:00
1.1_1
|
marcus |
Belatedly add an entry for libpurple's recent vulnerabilities. |
08 Mar 2013 22:27:39
1.1_1
|
flo |
- update thunderbird, firefox-esr, linux-thunderbird and linux-firefox to
17.0.4
- update firefox to 19.0.2
- add vuln.xml entry
Security: 630c8c08-880f-11e2-807f-d43d7e0c7c02 |
08 Mar 2013 09:06:27
1.1_1
|
rene |
Document a vulnerability in chromium < 25.0.1364.160
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
06 Mar 2013 15:57:00
1.1_1
|
culot |
- Document vulnerabilities in typo3.
Security: b9a347ac-8671-11e2-b73c-0019d18c446a
Obtained from:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/ |
06 Mar 2013 00:19:09
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 25.0.1364.152
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
03 Mar 2013 20:17:59
1.1_1
|
zi |
- Document recent vulerability in security/stunnel (CVE-2013-1762)
Security: c97219b6-843d-11e2-b131-000c299b62e1 |
02 Mar 2013 20:07:42
1.1_1
|
ohauer |
- document apache22 issues
- tim trailing tabs |
01 Mar 2013 02:08:31
1.1_1
|
wxs |
Document two sudo problems. |
28 Feb 2013 01:46:41
1.1_1
|
swills |
- Update to 0.9.14 to fix CVE-2013-1756
Security: aa7764af-0b5e-4ddc-bc65-38ad697a484f |
27 Feb 2013 13:40:47
1.1_1
|
eadler |
Update to 11.2r202.273
Security: http://www.vuxml.org/freebsd/dbdac023-80e1-11e2-9a29-001060e06fd4.html |
26 Feb 2013 17:27:07
1.1_1
|
sunpoet |
- Update affected ettercap versions: CVE-2012-0722 was fixed in
0.7.5.2-Assimilation |
26 Feb 2013 01:38:58
1.1_1
|
bdrewery |
- Document 3 OTRS vulnerabilities from 2012
- CVE-2012-4751
- CVE-2012-4600
- CVE-2012-2582 |
24 Feb 2013 18:21:03
1.1_1
|
swills |
- Document Ruby REXML DoS |
24 Feb 2013 17:51:49
1.1_1
|
swills |
- Document rubygem-ruby_parser issue |
24 Feb 2013 14:23:46
1.1_1
|
pclin |
- Document Django 2013-02-21 vulnerabilty
Approved by: araujo (mentor) |
22 Feb 2013 23:49:45
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 25.0.1364.97
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
22 Feb 2013 20:28:22
1.1_1
|
cy |
Document security/krb5 1.11 and prior null pointer dereference in the
KDC PKINIT code [CVE-2013-1415].
Security: CVE-2013-1415 |
22 Feb 2013 08:07:27
1.1_1
|
remko (src,doc committer) |
Convert the ! back into a 1.
Noticed by: crees |
21 Feb 2013 21:38:16
1.1_1
|
remko (src,doc committer) |
Add the latest two FreeBSD Security Advisories. |
21 Feb 2013 07:11:50
1.1_1
|
flo |
Document drupal7 Denial of service |
20 Feb 2013 13:58:20
1.1_1
|
rm |
- add an entry for net/nss-pam-ldapd stack-based buffer overflow
According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11,
but since we never had this version in the ports tree, mark everything
< 0.8.12 as vulnerable.
PR: 176293
Submitted by: pluknet |
20 Feb 2013 07:16:31
1.1_1
|
flo |
Fix up the latest gecko update by:
- reapplying the workaround for svn:eol-style and svn:keywords
- fixing version matching in vuln.xml, 17.0.3 is NOT vulnerable |
20 Feb 2013 06:16:01
1.1_1
|
ohauer |
- update bugzilla ports to latest version
Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.10 contains several
useful bug fixes and 3.6.13 contains only security fixes.
Security: CVE-2013-0785
CVE-2013-0786 |
19 Feb 2013 23:53:08
1.1_1
|
flo |
- update firefox to 19.0
- update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3
- update linux-seamonkey to 2.16
- update nspr to 4.9.5
- update nss to 3.14.3
- add DuckDuckGo search plugin to firefox [1]
- mark kompozer deprecated
- clang fixes for www/libxul19 [2]
Security: http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html
Submitted by: DuckDuckGo [1], dim [2]
In collaboration with: Jan Beich <jbeich@tormail.org> |
19 Feb 2013 00:19:14
1.1_1
|
zi |
- Fix version range for recent ruby vulnerabilities
(d3e96508-056b-4259-88ad-50dc8d1978a6 and c79eb109-a754-45d7-b552-a42099eb2265)
due to missing port epoch in package range
Submitted by: Matthias Andree <mandree@FreeBSD.org> |
17 Feb 2013 19:58:29
1.1_1
|
eadler |
Combine ranges into one entry to prevent false positives |
17 Feb 2013 16:47:06
1.1_1
|
swills |
- Document rubygem-rack issue |
17 Feb 2013 16:33:19
1.1_1
|
swills |
- Document activemodel issue |
17 Feb 2013 10:28:54
1.1_1
|
lwhsu |
Document Jenkins Security Advisory 2013-02-16 |
16 Feb 2013 17:03:28
1.1_1
|
rm |
- add entry for dns/poweradmin
PR: 175704
Submitted by: Edmondas Girkantas <eg@fbsd.lt> (maintainer of dns/poweradmin) |
16 Feb 2013 14:41:44
1.1_1
|
swills |
- Document ruby json issue |
16 Feb 2013 04:29:14
1.1_1
|
swills |
- Document vulnerability in rdoc |
If you buy from Amazon USA, please support us by using this link.