| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
02 May 2010 00:52:40
  1.1_1
|
sylvio  |
- VideoLAN has released 1.0.6 to address serveral vulnerabilities they discoverd
while working towards the 1.1.0 release. These vulnerabilities could potentially
allow for a specially crafted file to execute code.
PR: ports/146099
Submitted by: Joseph S. Atkinson <jsa@wickedmachine.net> (maintainer) |
30 Apr 2010 04:25:33
1.1_1
|
dinoex |
- fix version for apache+mod_ssl |
30 Apr 2010 04:24:30
1.1_1
|
dinoex |
- fix info for apache+mod_ssl |
28 Apr 2010 21:09:45
1.1_1
|
makc |
Mark kdebase3 as safe now. |
27 Apr 2010 05:46:00
1.1_1
|
niels |
- Documented multiple Joomla! vulnerabilities
- Added new reference to the recent cacti issue
Approved by: remko (secteam)
Security: http://developer.joomla.org/security/ |
24 Apr 2010 21:14:58
1.1_1
|
niels |
Documented vulnerabilities in moodle, tomcat55, tomcat66 and cacti
PR: ports/146021
PR: ports/146022
Approved by: remko (secteam)
Security: http://seclists.org/bugtraq/2010/Apr/200
Security: http://docs.moodle.org/en/Moodle_1.9.8_release_notes
Security: http://www.bonsai-sec.com/en/research/vulnerability.php |
23 Apr 2010 18:16:18
1.1_1
|
niels |
Documented emacs movemail vulnerability and marked the seperate
mail/movemail port vulnerable to an old format string vulnerability.
Approved by: remko (secteam)
Security: http://www.ubuntu.com/usn/USN-919-1 |
21 Apr 2010 20:19:12
1.1_1
|
niels |
Added krb5 double free vulnerability
Approved by: remko (secteam)
Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
Security: CVE-2010-1320 |
20 Apr 2010 21:03:51
1.1_1
|
niels |
Documented the following vulnerabilities:
- png: libpng decompression denial of service
- e107: code execution and XSS vulnerabilities
- pidgin: multiple remote denial of service vulnerabilities
- fetchmail: denial of service vulnerability
PR: ports/145885
PR: ports/145857
Approved by: remko (secteam)
Security: CVE-2010-0996
Security: CVE-2010-0997
Security: CVE-2010-1167
Security: CVE-2010-0277
Security: CVE-2010-0420
Security: CVE-2010-0423
Security: CVE-2010-0205 |
19 Apr 2010 19:06:23
1.1_1
|
niels |
Documented the following vulnerabilities:
- curl: libcurl buffer overflow vulnerability
- irssi: multiple vulnerabilities
- ejabberd: queue overload denial of service vulnerability
Approved by: remko (secteam)
Security: http://curl.haxx.se/docs/adv_20100209.html
Security: http://support.process-one.net/browse/EJAB-1173
Security: http://xforce.iss.net/xforce/xfdb/57790
Security: http://xforce.iss.net/xforce/xfdb/57791 |
19 Apr 2010 07:13:42
1.1_1
|
niels |
- Added three krb5 vulnerabilities
- Fixed indent on mahara entry
- Fixed title of KDM entry
Approved by: remko (secteam)
Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt |
18 Apr 2010 19:00:29
1.1_1
|
niels |
Document mahara sql injection vulnerability
Approved by: remko (secteam)
Security: http://www.debian.org/security/2010/dsa-2030 |
16 Apr 2010 02:25:07
1.1_1
|
wxs |
Correct CVE entry. The advisory from Todd[0] says CVE 2010-0426, which is
the entry assigned to the original sudoedit vulnerability[1]. The new
one (CVE-2010-1163) was just assigned. I believe the one assigned by CVE
folks is the proper one to use.
[0]: http://sudo.ws/sudo/alerts/sudoedit_escalate2.html
[1]: 018a84d0-2548-11df-b4a3-00e0815b8da8 |
15 Apr 2010 20:53:03
1.1_1
|
wxs |
- Document sudo privilege escalation bug. This is similar to
018a84d0-2548-11df-b4a3-00e0815b8da8. |
14 Apr 2010 21:46:52
1.1_1
|
avilla |
- Do not match x11/kdebase4 in latest KDM vulnerability.
Approved by: tabthorpe (mentor) |
14 Apr 2010 19:04:39
1.1_1
|
avilla |
- Document KDM local privilege escalation vulnerability.
Approved by: tabthorpe (mentor), delphij (secteam) |
06 Apr 2010 17:53:39
1.1_1
|
glarkin |
- Document dojo - cross-site scripting and other vulnerabilities
- Document ZendFramework - security issues in bundled Dojo library
Approved by: secteam (remko)
Security:
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
Security: http://framework.zend.com/security/advisory/ZF2010-07 |
06 Apr 2010 07:36:31
1.1_1
|
beat |
- Document firefox -- Re-use of freed object due to scope confusion
Submitted by: Florian Smeets <flo AT smeets.im>
Approved by: miwi |
30 Mar 2010 22:25:05
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: delphij |
25 Mar 2010 21:45:56
1.1_1
|
delphij |
Document postgresql bitsubstr overflow vulnerability |
24 Mar 2010 18:48:01
1.1_1
|
naddy |
Document a buffer overflow in gtar's rmt client functionality. |
23 Mar 2010 08:36:58
1.1_1
|
beat |
- Document firefox -- WOFF heap corruption due to integer overflow
Approved by: miwi |
22 Mar 2010 21:31:00
1.1_1
|
niels |
Updated the xzgv entry: 0.9 version (now in portstree) is not vulnerable
Approved by: itetcu (mentor), miwi (secteam)
Security:
http://www.vuxml.org/freebsd/a813a219-d2d4-11da-a672-000e0c2e438a.html
Security: http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml |
19 Mar 2010 10:16:04
1.1_1
|
miwi |
- Fix build |
19 Mar 2010 07:39:29
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities
- Fix a typo
Approved by: miwi |
12 Mar 2010 01:45:48
1.1_1
|
delphij |
Document eGroupware vulnerabilities.
Submitted by: wenheping |
08 Mar 2010 22:50:43
1.1_1
|
miwi |
- Document drupal -- multiple vulnerabilities
Feature safe: yep |
01 Mar 2010 17:47:05
1.1_1
|
wxs |
- Document sudo privilege escalation vulnerability when using
pseudo-command sudoedit
Feature safe: yes |
28 Feb 2010 20:25:10
1.1_1
|
nox |
Attempt to properly take care of the ooo3 -RC and -devel ports too (doh!)
Feature safe: yes |
28 Feb 2010 13:07:55
1.1_1
|
beat |
- Document thunderbird3 vulnerabilities
Approved by: miwi
Feature safe: yes |
26 Feb 2010 21:20:05
1.1_1
|
nox |
Document openoffice -- multiple vulnerabilities
Reviewed by: delphij
Feature safe: yes |
18 Feb 2010 10:02:51
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: miwi (secteam)
Feature safe: yes |
16 Feb 2010 18:06:33
1.1_1
|
delphij |
Document lighttpd remote DoS vulnerability.
Reported by: Dan Rowe <dan dracosplace com>
Feature safe: yes |
15 Feb 2010 06:29:30
1.1_1
|
delphij |
Update www/squid and www/squid30 to address Squid HTCP Packet Processing
NULL Pointer Dereference vulnerability (SQUID-2010:2) |
13 Feb 2010 21:55:50
1.1_1
|
nox |
Document linux-flashplugin -- multiple vulnerabilities.
Reviewed by: miwi |
13 Feb 2010 10:29:49
1.1_1
|
kwm |
Add CVE-2010-0414 and CVE-2010-0422 for gnome-screensaver.
Reviewed by: miwi@ |
12 Feb 2010 14:25:55
1.1_1
|
mandree |
Fix range for fetchmail CVE-2010-0562.
Approved by: miwi@ (mentor) |
12 Feb 2010 09:56:31
1.1_1
|
mandree |
Add CVE-2010-0562 entry for mail/fetchmail.
Approved by: miwi (mentor). |
10 Feb 2010 00:47:01
1.1_1
|
delphij |
Document wireshark lwres buffer overflow vulnerability.
Reported by: Andreas <akoga hawaii edu> |
08 Feb 2010 16:38:41
1.1_1
|
skv |
Document "otrs" - SQL injection. |
03 Feb 2010 23:25:16
1.1_1
|
pgollucci |
- add the rest of the apache 1.3.x packages to the list
that are vulnerable
- add a missing ) to the <topic>
Reviewed by: secteam (miwi) |
03 Feb 2010 22:24:54
1.1_1
|
pgollucci |
- document chunk-size integer overflow in apache 1.3.x |
03 Feb 2010 21:47:33
1.1_1
|
pgollucci |
- remove extraneou '>' as reported by make tidy |
02 Feb 2010 22:42:45
1.1_1
|
miwi |
- Mark squid30 now as safe |
02 Feb 2010 09:44:10
1.1_1
|
miwi |
- Update 296ecb59-0f6b-11df-8bab-0019996bc1f7 entry and makr squid3* as safe |
01 Feb 2010 20:25:58
1.1_1
|
delphij |
Security patch for Squid advisory 2010:1, denial of service.
Submitted by: maintainer (Thomas-Martin Seck <tmseck web de>) |
01 Feb 2010 16:45:21
1.1_1
|
skv |
Document "bugzilla" - information leak. |
28 Jan 2010 21:20:45
1.1_1
|
miwi |
- Correct fixed version from previous entry |
28 Jan 2010 21:15:20
1.1_1
|
miwi |
- Document irc-ratbox -- multiple vulnerabilities
PR: based on 143242
Submitted by: moggie <moggie@elasticmind.net> |
21 Jan 2010 19:52:23
1.1_1
|
beat |
- Document thunderbird3 vulnerabilities
Reviewed by: miwi |
18 Jan 2010 17:45:55
1.1_1
|
delphij |
Document dokuwiki multiple vulnerabilities. |
14 Jan 2010 03:32:42
1.1_1
|
glarkin |
- Added entry for multiple vulnerabilities in www/zend-framework
- Cleaned up some entries reported by "make tidy"
Reviewed by: secteam (delphij via email)
Approved by: secteam (delphij via email)
Security: http://framework.zend.com/security/advisory/ZF2010-06
Security: http://framework.zend.com/security/advisory/ZF2010-05
Security: http://framework.zend.com/security/advisory/ZF2010-04
Security: http://framework.zend.com/security/advisory/ZF2010-03
Security: http://framework.zend.com/security/advisory/ZF2010-02
Security: http://framework.zend.com/security/advisory/ZF2010-01
Security: http://framework.zend.com/security/advisory/ZF2009-02
Security: http://framework.zend.com/security/advisory/ZF2009-01 |
09 Jan 2010 10:55:09
1.1_1
|
delphij |
Document powerdns-recursor multiple vulnerabilities. |
04 Jan 2010 23:23:32
1.1_1
|
delphij |
Document pear-Net_Ping and pear-Net_Traceroute arbitrary command execution
vulnerability. |
02 Jan 2010 16:29:33
1.1_1
|
erwin |
Bump copyright year to 2010 |
25 Dec 2009 19:19:35
1.1_1
|
miwi |
- Document drupal -- multiple cross-site scripting |
21 Dec 2009 21:48:57
1.1_1
|
stas |
- Document sysutils/fuser privileges check vulnerability. |
21 Dec 2009 18:19:54
1.1_1
|
delphij |
Document monkey remote DoS vulnerability. |
21 Dec 2009 10:45:26
1.1_1
|
miwi |
- Fix a typo (s/opensll/openssl)
Reported by: pluknet <pluknet@gmail.com> |
17 Dec 2009 22:40:17
1.1_1
|
delphij |
Document php multiple vulnerabilities.
Sponsored by: iXsystems, Inc. |
17 Dec 2009 00:24:21
1.1_1
|
delphij |
Document PostgreSQL multiple vulnerabilities.
Sponsored by: iXsystems, Inc. |
17 Dec 2009 00:04:43
1.1_1
|
delphij |
Add tptest pwd remote buffer overflow vulnerability.
Submitted by: Mark Foster <mark foster cc>
PR: ports/131938 |
16 Dec 2009 10:44:01
1.1_1
|
miwi |
- Document mozilla -- multiple vulnerabilities |
15 Dec 2009 02:27:13
1.1_1
|
delphij |
Make the problem more visible by choosing a more descriptive subject. |
15 Dec 2009 00:39:19
1.1_1
|
delphij |
Document freeradius remote packet of death exploit (CVE 2009-3111)
Submitted by: "Danilo G. Baio" <dbaio bs2 com br>
PR: ports/141318 |
14 Dec 2009 16:12:57
1.1_1
|
beat |
- Mark Seamonkey 2.0 as safe
Reviewed by: miwi |
12 Dec 2009 18:12:17
1.1_1
|
beat |
- Mark linux-firefox-devel as safe
Reviewed by: miwi |
12 Dec 2009 11:08:15
1.1_1
|
miwi |
- Fix build |
12 Dec 2009 10:58:59
1.1_1
|
wen |
- Document pligg -- Cross-Site Scripting and Cross-Site Request Forgery |
11 Dec 2009 15:27:17
1.1_1
|
miwi |
- Document piwik -- php code execution
Requested by: wen |
11 Dec 2009 15:14:31
1.1_1
|
miwi |
- Fix previous entrys (formating etc) |
10 Dec 2009 15:27:42
1.1_1
|
wxs |
- Document dovecot insecure directory permissions |
10 Dec 2009 00:32:13
1.1_1
|
nox |
Document linux-flashplugin -- multiple vulnerabilities.
Reviewed by: miwi |
09 Dec 2009 23:39:49
1.1_1
|
stas |
- Document ruby 1.9.1 heap overflow vulnerability. |
09 Dec 2009 15:07:46
1.1_1
|
skreuzer |
Document session fixation vulnerability in RequestTracker < 3.8.6
Reviewed by: simon@, wxs@ |
08 Dec 2009 01:44:59
1.1_1
|
kuriyama |
- Add two CVE entries for expat2. |
01 Dec 2009 20:09:39
1.1_1
|
miwi |
- Document opera -- multiple vulnerabilities
Request by: itetcu |
28 Nov 2009 22:48:13
1.1_1
|
kwm |
Fix the libtool entry to include 2.2.6a as vulnerable. |
28 Nov 2009 21:03:01
1.1_1
|
kwm |
Document libtool vulnerability.
Reviewed by: miwi@ |
26 Nov 2009 14:51:01
1.1_1
|
miwi |
- Cleanup (whitespaces/tabs) |
24 Nov 2009 21:34:58
1.1_1
|
naddy |
document: libvorbis -- multiple vulnerabilities |
23 Nov 2009 18:07:14
1.1_1
|
skv |
Document "bugzilla" - information leak. |
23 Nov 2009 15:47:15
1.1_1
|
sem |
- Report a XSS vulnerability in net-mgmt/cacti port |
14 Nov 2009 12:41:44
1.1_1
|
miwi |
- fix german wordpress name |
14 Nov 2009 12:20:25
1.1_1
|
miwi |
- Document wordpress -- multiple vulnerabilities |
09 Nov 2009 17:14:54
1.1_1
|
delphij |
Mark php5-gd 5.2.11_2 as safe. |
08 Nov 2009 23:33:43
1.1_1
|
wxs |
- Note that CVE-2009-3546 has been fixed in graphics/gd.
Noticed by: N.J. Mann <njm@njm.me.uk> |
06 Nov 2009 09:43:39
1.1_1
|
miwi |
- Fix previous commit |
06 Nov 2009 08:22:46
1.1_1
|
jadawin |
- Document HTML-Parser denial of service |
05 Nov 2009 21:40:57
1.1_1
|
delphij |
Document remote buffer overflow vulnerability in gd. |
05 Nov 2009 21:25:24
1.1_1
|
delphij |
Document typo3 multiple vulnerabilities.
Notified by: Wennrich, Markus <Markus Wennrich f-i-ts de> |
03 Nov 2009 21:18:59
1.1_1
|
thierry |
Add an entry for VideoLAN-SA-0901, about multimedia/vlc. |
02 Nov 2009 20:12:26
1.1_1
|
miwi |
- Document KDE -- multiple vulnerabilities
Reported by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
31 Oct 2009 12:52:22
1.1_1
|
miwi |
- Fix previous entry |
31 Oct 2009 12:41:44
1.1_1
|
itetcu |
Add two opera vulnerabilities
PR: 140101
Submitted by: Arjan van Leeuwen |
29 Oct 2009 21:59:06
1.1_1
|
miwi |
- Fix latest entrys |
29 Oct 2009 14:21:35
1.1_1
|
flz |
Document vulnerability in net-p2p/ctorrent < 3.3.2_2 (CVE-2009-1759).
PR: ports/139635
Submitted by: Eygene Ryabinkin
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759 |
28 Oct 2009 23:04:35
1.1_1
|
stas |
- Fix linux-opera vuxml entry (it uses different version numbering scheme) [1]
- Add entry for opera-devel as well.
PR: ports/140038 [1]
Submitted by: Sato Kuro <poyopoyo@puripuri.plala.or.jp> [1] |
28 Oct 2009 15:22:38
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: miwi (secteam) |
25 Oct 2009 14:53:33
1.1_1
|
gabor |
- Fix discovery date of a recent entry |
If you buy from Amazon USA, please support us by using this link.