| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
03 Nov 2009 21:18:59
  1.1_1
|
thierry  |
Add an entry for VideoLAN-SA-0901, about multimedia/vlc. |
02 Nov 2009 20:12:26
1.1_1
|
miwi |
- Document KDE -- multiple vulnerabilities
Reported by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
31 Oct 2009 12:52:22
1.1_1
|
miwi |
- Fix previous entry |
31 Oct 2009 12:41:44
1.1_1
|
itetcu |
Add two opera vulnerabilities
PR: 140101
Submitted by: Arjan van Leeuwen |
29 Oct 2009 21:59:06
1.1_1
|
miwi |
- Fix latest entrys |
29 Oct 2009 14:21:35
1.1_1
|
flz |
Document vulnerability in net-p2p/ctorrent < 3.3.2_2 (CVE-2009-1759).
PR: ports/139635
Submitted by: Eygene Ryabinkin
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759 |
28 Oct 2009 23:04:35
1.1_1
|
stas |
- Fix linux-opera vuxml entry (it uses different version numbering scheme) [1]
- Add entry for opera-devel as well.
PR: ports/140038 [1]
Submitted by: Sato Kuro <poyopoyo@puripuri.plala.or.jp> [1] |
28 Oct 2009 15:22:38
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: miwi (secteam) |
25 Oct 2009 14:53:33
1.1_1
|
gabor |
- Fix discovery date of a recent entry |
25 Oct 2009 14:23:33
1.1_1
|
stas |
- Document elinks < 0.11.4 buffer overflow vulnerability. |
22 Oct 2009 23:04:37
1.1_1
|
delphij |
Add CVE reference provided by author via maintainer for the squidguard
issue. |
22 Oct 2009 23:01:54
1.1_1
|
delphij |
Apply vendor fixes 20091015 and 20091019 to fix multiple vulnerabilities
of squidGuard 1.4.
Requested by: maintainer
Security: 692ab645-bf5d-11de-849b-00151797c2d4 |
20 Oct 2009 11:03:35
1.1_1
|
araujo |
- Add an entry for Xpdf -- Multiple Vulnerabilities. |
16 Oct 2009 17:42:23
1.1_1
|
lwhsu |
- Document django -- denial-of-service attack |
13 Oct 2009 22:12:16
1.1_1
|
miwi |
- Document phpmyadmin -- XSS and SQL injection vulnerabilities |
12 Oct 2009 17:22:19
1.1_1
|
wxs |
- Document php5 multiple security vulnerabilities.
PR: ports/139196
Submitted by: Mark Foster <mark@foster.cc> |
07 Oct 2009 10:18:17
1.1_1
|
miwi |
- Document virtualbox -- privilege escalation |
06 Oct 2009 09:37:49
1.1_1
|
remko |
Add FreeBSD-SA-09:14.devfs to the VuXML list.
Hat: secteam
Facilitated by: Snow B.V. |
06 Oct 2009 09:33:28
1.1_1
|
remko |
Add FreeBSD-SA-09:13.pipe to the VuXML list.
Hat: secteam
Facilitated by: Snow B.V. |
01 Oct 2009 12:01:16
1.1_1
|
stas |
- linux-f10-pango is affected by 4b172278-3f46-11de-becb-001cc0377035 too.
Reported by: "Edward Sanford Sutton, III" <mirror176@cox.net> |
30 Sep 2009 15:32:53
1.1_1
|
miwi |
- Document mybb -- multiple vulnerabilities
PR: based on 139197 |
22 Sep 2009 23:03:35
1.1_1
|
miwi |
- Document drupal -- Multiple Vulnerabilities
Submitted by: Nick Hillard (based on)
Feature safe: yes |
21 Sep 2009 22:23:27
1.1_1
|
miwi |
- Rework latest horde-base entry (ee23aa09-a175-11de-96c0-0011098ad87f)
Feature safe: yes |
20 Sep 2009 14:54:45
1.1_1
|
cy |
Fix a formatting issue.
Pointy hat to: myself
Noticed by: miwi
Feature safe: Yes |
20 Sep 2009 05:58:12
1.1_1
|
delphij |
Fix build.
Feature safe: yes |
20 Sep 2009 05:37:34
1.1_1
|
cy |
Document a security problem in fwbuilder/libfwbuilder 3.0.4 - 3.0.6.
Generated iptables scripts when used to generate static routing
configurations have a security issue.
Feature safe: Yes |
17 Sep 2009 13:28:23
1.1_1
|
skv |
Document "bugzilla" - two SQL injections, sensitive data exposure.
Feature safe: yes |
14 Sep 2009 21:57:10
1.1_1
|
thierry |
Adding an entry for three vulnerabilities fixed in the latest Horde
framework (i.e. the port www/horde-base). |
14 Sep 2009 20:06:29
1.1_1
|
stas |
- Fix formatting.
- Add link to the debian security advisory.
- Fix the description to be the actual citation from the official sources
instead of some wild interpretation. We do not know for sure if remote
code execution is possible at all and from looking to the source code it
seems unlikely as the buffer undeflown is allocated on the heap. Moreover,
it is not clear if this is exploitable in the default install.
Discussed with: az |
14 Sep 2009 19:48:49
1.1_1
|
wxs |
Document nginx DoS condition.
Submitted by: az@ (via IRC) |
13 Sep 2009 16:56:09
1.1_1
|
ume |
Add cvename and bid for cyrus-imapd potential buffer overflow
in Sieve. |
13 Sep 2009 16:06:09
1.1_1
|
brix |
Add ikiwiki vulnerability. |
13 Sep 2009 11:24:30
1.1_1
|
miwi |
- Cleanup previous commit |
13 Sep 2009 11:06:03
1.1_1
|
brix |
- Add xapian-omega cross-scripting vulnerability |
10 Sep 2009 17:28:31
1.1_1
|
miwi |
- Document mozilla firefox -- Multiple Vulnerabilities |
09 Sep 2009 15:13:18
1.1_1
|
ume |
Fix xml broke by my previous commit. |
09 Sep 2009 15:08:34
1.1_1
|
ume |
Document cyrus-imapd potential buffer overflow vulnerability in Sieve. |
08 Sep 2009 23:24:30
1.1_1
|
wxs |
- Document silc-toolkit format string vulnerabilities. Unfortunately little
information is provided publicly. |
04 Sep 2009 08:18:06
1.1_1
|
miwi |
- Mark seamonkey as safe |
04 Sep 2009 08:02:40
1.1_1
|
miwi |
- Update latest Opera entry,
* add missing linux-opera
* fix topic |
04 Sep 2009 07:26:23
1.1_1
|
jadawin |
- Fix vuxml build
Pointyhat to: me |
04 Sep 2009 07:12:24
1.1_1
|
jadawin |
- Fix vuxml build
Pointyhat to: itetcu |
04 Sep 2009 05:59:39
1.1_1
|
itetcu |
Add an atry for opera < 10.00
PR: 138449
Submitted by: maintainer |
02 Sep 2009 12:32:23
1.1_1
|
miwi |
- Fix cvenames |
02 Sep 2009 11:42:22
1.1_1
|
miwi |
- Document dnsmasq -- TFTP server remote code injection vulnerability
PR: 138418 (based on)
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
25 Aug 2009 08:20:28
1.1_1
|
kuriyama |
- I cannot confirm these vulns can be affected to 1.3.x and 2.0.x
lines. Limit this entry to 2.2.x until confirmed. |
25 Aug 2009 06:47:18
1.1_1
|
kuriyama |
Add apache-2.2.12 fixes. |
22 Aug 2009 11:48:56
1.1_1
|
beat |
- Mark thunderbird 2.0.0.23 and higher as safe
Approved by: secteam (miwi) |
20 Aug 2009 19:37:44
1.1_1
|
wxs |
- Document pidgin, libpurple, and finch memory corruption.
PR: ports/137997
Submitted by: Armin Pirkovitsch <armin@frozen-zone.org> |
17 Aug 2009 14:37:29
1.1_1
|
wxs |
- Document NUL byte problem in gnutls and gnutls-devel
- Document multiple vulnerabilities in older versions[1]
Note: These have all been fixed with the exception of the NUL byte problem
in gnutls-devel.
PR: [1]: ports/134785
Submitted by: [1]: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by: miwi |
17 Aug 2009 13:26:56
1.1_1
|
mnag |
- memcached -- memcached stats maps Information Disclosure Weakness
PR: 134206
Submitted by: Mark Foster <mark___foster.cc> |
13 Aug 2009 09:55:14
1.1_1
|
miwi |
- Update latest wordpress entry
* add wordpress-mu which was also affected
- Mark latest fetchmail entry as safe |
12 Aug 2009 14:57:25
1.1_1
|
skreuzer |
Document remote admin password reset vulnerability in wordpress <= 3.8.3
Reviewed by: simon |
11 Aug 2009 14:54:15
1.1_1
|
amdmi3 |
- Document fetchmail -- improper SSL certificate subject verification |
11 Aug 2009 13:35:16
1.1_1
|
skreuzer |
Fix typo in affected version number for vid
739b94a4-838b-11de-938e-003048590f9e
Submitted by: Roberto Nunnari <robi@nunnisoft.ch> (Private eMail)
Reviewed by: simon |
07 Aug 2009 21:24:48
1.1_1
|
skreuzer |
- Fix improper formatting reported by miwi
- Add additioinal reference url for vid 739b94a4-838b-11de-938e-003048590f9e
reported by miwi
Reviewed by: miwi |
07 Aug 2009 20:06:24
1.1_1
|
skreuzer |
Document com_mailto Timeout Issue in www/joomla15 |
07 Aug 2009 16:30:31
1.1_1
|
simon |
Cleanup whitespace and XML format using 'make tidy' and a bit manual
editing. |
07 Aug 2009 16:25:53
1.1_1
|
simon |
When running the tidy target:
- Pipe ouput into vuln.xml.tidy instead of stdout.
- Don't hide what command we are running so it's clear where the tidy
version of the output went. |
07 Aug 2009 13:18:43
1.1_1
|
simon |
Various affects fixes to the last 3 Mozilla/Firefox entries to make then
match correctly against package names. In particular the port name
instead of package name was used in a couple of places. For Seamonkey
and Thunderbird where no known fixes exist don't include a fixed
version. |
07 Aug 2009 10:48:56
1.1_1
|
miwi |
- Update previous subversion entry,
add missing p5-subversion and py-subversion |
07 Aug 2009 09:31:30
1.1_1
|
miwi |
- Fix latest firefox entry.
Reported by: b.f <bf1793@gmail.com> |
06 Aug 2009 21:41:57
1.1_1
|
simon |
Document subversion -- heap overflow vulnerability. |
05 Aug 2009 23:23:27
1.1_1
|
simon |
Add a few CVE names to the 'squid -- several remote denial of service
vulnerabilities' entry. |
05 Aug 2009 23:19:37
1.1_1
|
simon |
Document bugzilla -- product name information leak. |
04 Aug 2009 23:15:12
1.1_1
|
miwi |
- Mark squid 3.1.0.12 as safe |
04 Aug 2009 22:57:02
1.1_1
|
miwi |
- Document mozilla -- multiple vulnerabilities |
04 Aug 2009 18:20:18
1.1_1
|
wxs |
- Add bind9-sdb-ldap and bind9-sdb-postgresql to recent BIND DoS.
Reviewed by: miwi |
04 Aug 2009 18:06:59
1.1_1
|
wxs |
- Document silc-client and silc-irssi-plugin format string vulnerability.
Reviewed by: miwi |
02 Aug 2009 14:11:24
1.1_1
|
thierry |
Mark mail/squirrelmail-multilogin-plugin as FORBIDDEN and add the
corresponding entry in VuXML.
Security: VuXML: 0d0237d0-7f68-11de-984d-0011098ad87f |
01 Aug 2009 14:25:45
1.1_1
|
wxs |
- White space fixes and correct the entry date in
vid 83725c91-7c7e-11de-9672-00e0815b8da8 |
01 Aug 2009 14:17:30
1.1_1
|
wxs |
s/package/system/ for vid fbc8413f-2f7a-11de-9a3f-001b77d09812.
Reviewed by: remko
Approved by: secteam (remko) |
01 Aug 2009 14:13:24
1.1_1
|
wxs |
- Document BIND DoS in base and ports.
Reviewed by: remko
Approved by: secteam (remko) |
29 Jul 2009 16:17:18
1.1_1
|
miwi |
- Close tag |
29 Jul 2009 16:00:53
1.1_1
|
miwi |
- Document Mono XML Signature HMAC Truncation Spoofing |
27 Jul 2009 19:39:34
1.1_1
|
delphij |
Document squid remote denial of service vulnerabilities.
Submitted by: Thomas-Martin Seck <tmseck@web.de>
PR: ports/137184 |
22 Jul 2009 00:11:48
1.1_1
|
jpaetzel |
Fix security advsory with patches from Ubuntu project.
http://vuxml.FreeBSD.org/c444c8b7-7169-11de-9ab7-000c29a67389.html
PR: ports/136891
Submitted by: wxs@
Reviewed by: simon@
Approved by: itetcu@ (mentor) |
17 Jul 2009 10:18:30
1.1_1
|
miwi |
- Fix a typo |
17 Jul 2009 07:58:06
1.1_1
|
miwi |
- Document firefox35 -- corrupt JIT state after deep return from native function |
15 Jul 2009 18:34:19
1.1_1
|
wxs |
- Document isc-dhcp*-client stack overflow. |
14 Jul 2009 03:17:17
1.1_1
|
wxs |
- Tweak nagios version information a bit for the command injection
vulnerability. Patches for net-mgmt/nagios and net-mgmt/nagios2 coming
shortly. |
13 Jul 2009 19:01:17
1.1_1
|
miwi |
- Document drupal -- multiple vulnerabilities
Submitted by: Nick Hilliard (based on) |
12 Jul 2009 13:51:05
1.1_1
|
beat |
- Mark linux-firefox 3.0.11 and higher as safe
Approved by: secteam (miwi) |
03 Jul 2009 01:35:18
1.1_1
|
wxs |
- Document remote command execution in net-mgmt/nfsen
PR: ports/136070
Submitted by: Bjoern Engels <engels@openit.de> |
02 Jul 2009 20:38:11
1.1_1
|
wxs |
- Add syslog-ng package to the list of vulnerable versions for the chroot
vulnerability. |
01 Jul 2009 13:01:54
1.1_1
|
wxs |
- Add newly created CVE for nagios command injection vulnerability.
- Add the other two nagios packages to the list.
- Add modified entry accordingly. |
30 Jun 2009 19:10:50
1.1_1
|
delphij |
Document phpMyAdmin XSS vulnerability |
30 Jun 2009 14:13:03
1.1_1
|
wxs |
- Document nagios command injection vulnerability. |
24 Jun 2009 16:54:17
1.1_1
|
wxs |
- s/secunia reports/Secnuia reports/
- Fix whitespace
Approved by: secteam (miwi) |
23 Jun 2009 13:03:52
1.1_1
|
wxs |
- Document tor-devel DNS resolution issue.
PR: ports/135925
Submitted by: bf <bf1783@gmail.com> |
16 Jun 2009 20:59:01
1.1_1
|
miwi |
- Document cscope -- multiple buffer overflows
PR: 135097
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
16 Jun 2009 20:52:44
1.1_1
|
miwi |
- Document cscope -- buffer overflow
PR: based on 135097
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
16 Jun 2009 20:45:46
1.1_1
|
miwi |
- Fix a typo from previous commit |
16 Jun 2009 20:10:47
1.1_1
|
skreuzer |
Document joomla -- multiple vulnerabilities
Approved by: wxs (mentor) |
16 Jun 2009 20:04:13
1.1_1
|
miwi |
- Document pidgin -- multiple vulnerabilities
PR: 135239 (based on)
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
15 Jun 2009 13:57:19
1.1_1
|
wxs |
- Document git-daemon DoS. |
12 Jun 2009 22:46:49
1.1_1
|
stas |
- Fix the latest ruby entry: 1.9 branch is not vulnerable. |
12 Jun 2009 22:07:41
1.1_1
|
stas |
- Document ruby denial of sevice vulnerability in BigDecimal. |
12 Jun 2009 15:40:58
1.1_1
|
beat |
- Fix firefox3 version in da185955-5738-11de-b857-000f20797ede
Approved by: miwi (secteam) |
12 Jun 2009 14:55:51
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: miwi (secteam) |
If you buy from Amazon USA, please support us by using this link.