Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 18 Jan 2021 08:21:27 |
lwhsu |
Document CVE-2020-25074 and CVE-2020-15275 for www/moinmoin |
1.1_5 17 Jan 2021 22:23:34 |
0mp |
Document ghostscript9-agpl-base vulnerability committed in r544907
PR: 248580
Requested by: joneum (ports-secteam)
Reported by: VVD <vvd@unislabs.com>
MFH: 2021Q1
Security: CVE-2020-15900 |
1.1_5 14 Jan 2021 20:37:35 |
bhughes |
security/vuxml: document Node.js January 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
Sponsored by: Miles AS |
1.1_5 14 Jan 2021 12:03:01 |
mfechner |
Document gitlab vulnerability. |
1.1_5 14 Jan 2021 07:30:32 |
riggs |
Document integer overflow in wavpack (CVE-2020-35738). |
1.1_5 13 Jan 2021 17:32:00 |
lwhsu |
Document Jenkins Security Advisory 2021-01-13
Sponsored by: The FreeBSD Foundation |
1.1_5 12 Jan 2021 21:20:08 |
flo |
Document phpmyfaq vulnerability |
1.1_5 12 Jan 2021 04:27:21 |
cy |
Document sudo CVE-2021-23239. |
1.1_5 10 Jan 2021 08:26:39 |
sunpoet |
Document cairosvg vulnerability |
1.1_5 09 Jan 2021 20:06:20 |
mfechner |
Document gitlab vulnerabilities. |
1.1_5 07 Jan 2021 15:09:22 |
rene |
Document new vulnerabilities in www/chromium < 87.0.4280.141
Obtained
from: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html |
1.1_5 06 Jan 2021 14:11:35 |
pi |
security/vuxml: add dovecot CVE-2020-24386
PR: 252415
Submitted by: Evilham <contact@evilham.com>
Relnotes: https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html |
1.1_5 01 Jan 2021 16:05:45 |
adamw |
security/vuxml: Add entry for gitea < 1.13.1
PR: 252310
Submitted by: maintainer |
1.1_5 01 Jan 2021 04:31:37 |
jrm |
Document inspircd vulnerabilitiy
PR: 252291
Reported by: Sadie Powell <sadie@witchery.services> |
1.1_5 28 Dec 2020 13:15:58 |
riggs |
Document CVE-2020-0543 for Intel CPUs.
PR: 247197
Submitted by: spam123@bitbert.com |
1.1_5 22 Dec 2020 22:44:24 |
madpilot |
Document new asterisk vulnerabilities. |
1.1_5 22 Dec 2020 14:16:44 |
otis |
Document vulns for powerdns and postsrsd
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D27706 |
1.1_5 19 Dec 2020 13:16:16 |
riggs |
Correct entries for mantis and libX11 (missing PORTEPOCH in package string).
PR: 251168
Submitted by: zab@zltech.eu |
1.1_5 17 Dec 2020 21:09:37 |
swills |
Document vault issue |
1.1_5 15 Dec 2020 01:32:04 |
philip |
security/vuxml: Note FreeBSD 11.4 fix for CVE-2020-1971 |
1.1_5 13 Dec 2020 14:49:08 |
sunpoet |
Document jasper vulnerability |
1.1_5 13 Dec 2020 00:28:14 |
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 251768
Submitted by: contact@evilham.com
Security: CVE-2020-26257 |
1.1_5 12 Dec 2020 18:37:13 |
brnrd |
security/vuxml: Document p11-kit vulnerabilities |
1.1_5 12 Dec 2020 16:23:56 |
brnrd |
security/vuxml: Document Unbound/NSD vuln |
1.1_5 12 Dec 2020 15:38:35 |
brnrd |
security/vuxml: Update LibreSSL vuln
* for 2020Q4 branch which is on 3.1 |
1.1_5 11 Dec 2020 10:38:39 |
brnrd |
security/vuxml: Document LibreSSL vulnerability |
1.1_5 11 Dec 2020 10:32:08 |
fluffy |
security/vuxml: add 19 CVE entries related to www/glpi
PR: 251754
Submitted by: Mathias Monnerville |
1.1_5 10 Dec 2020 09:59:00 |
philip |
security/vuxml: FreeBSD 11.4 is vulnerable to CVE-2020-1971
As noted in FreeBSD-SA-20:33.openssl, this vulnerability is also known
to affect OpenSSL versions included in FreeBSD 11.4. However, the
OpenSSL project is only giving patches for that version to premium
support contract holders. The FreeBSD project does not have access to
these patches and recommends FreeBSD 11.4 users to either upgrade to
FreeBSD 12.x or leverage up to date versions of OpenSSL in the ports/pkg
system. The FreeBSD Project may update this advisory to include FreeBSD
11.4 should patches become publicly available. |
1.1_5 10 Dec 2020 06:02:22 |
philip |
security/vuxml: add FreeBSD SA to OpenSSL entry
Reference FreeBSD-SA-20:33.openssl and note the fixed patch releases in
the recent OpenSSL entry. |
1.1_5 09 Dec 2020 10:36:09 |
brnrd |
security/vuxml: cURL vulnerabilities |
1.1_5 08 Dec 2020 16:21:52 |
brnrd |
security/vuxml: Document OpenSSL NULL pointer dereference |
1.1_5 07 Dec 2020 23:53:41 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_5 06 Dec 2020 22:01:12 |
swills |
Document consul issue
PR: 251418
Submitted by: brd |
1.1_5 05 Dec 2020 11:43:31 |
rene |
Document new vulnerabilities in www/chromium < 87.0.4280.88 |
1.1_5 04 Dec 2020 17:26:41 |
zi |
- Unbreak build after previous commit |
1.1_5 04 Dec 2020 16:56:32 |
adamw |
security/vuxml: Add entry for gitea < 1.13.0
PR: 251577
Submitted by: maintainer |
1.1_5 02 Dec 2020 10:03:15 |
philip |
security/vuxml: add FreeBSD SA-20:32.rtsold |
1.1_5 02 Dec 2020 10:03:10 |
philip |
security/vuxml: add FreeBSD SA-20:31.icmp6 |
1.1_5 01 Dec 2020 19:37:28 |
zeising |
vuxml: document xorg-server vulnerabilities
Document new vulnerabilities in xorg-server and sub ports:
CVE-2020-14360 and CVE-2020-25712
These issues can lead to privileges elevations for authorized clients
on systems where the X server is running privileged. |
1.1_5 27 Nov 2020 00:34:50 |
brd |
vuxml: Add entry for nomad < 0.12.6 |
1.1_5 22 Nov 2020 15:48:55 |
adamw |
vuxml: Add entry for gitea < 1.12.6 |
1.1_5 21 Nov 2020 22:14:16 |
bhughes |
security/vuxml: document Node.js November 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
Sponsored by: Miles AS |
1.1_5 21 Nov 2020 14:41:33 |
riggs |
Document CVE-2020-28896 for mutt 2.0.2.
PR: 251278
Submitted by: dereks@lifeofadishwasher.com
Security: CVE-2020-28896 |
1.1_5 16 Nov 2020 11:13:15 |
fluffy |
VuXML: document mozjpeg and libjpeg-turbo recent vulnerabilities
PR: 250190
Submitted by: daniel.engberg.lists@pyret.net |
1.1_5 14 Nov 2020 21:02:17 |
pi |
security/vuxml: add entries for databases/mantis
PR: 251141
Submitted by: Zoltan Alexanderson Besse <zab@zltech.eu> |
1.1_5 12 Nov 2020 21:26:35 |
dmgk |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 12 Nov 2020 06:14:51 |
rhurlin |
security/vuxml: New entry for sysutils/py-salt vulnerabilities
There are three security vulnerabilities described for sysutils/py-salt
in version 3002[1]: CVE-2020-16846, CVE-2020-17490, and VE-2020-25592.
[1] https://docs.saltstack.com/en/latest/topics/releases/3002.1.html
It is planned to update the port sysutils/py-salt soon, see PR 251013
Reported by: michael.glaus@hostpoint.ch (in PR 251013)
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D27189 |
1.1_5 10 Nov 2020 23:56:31 |
truckman |
Document vulnerability in editors/openoffice-4 < 4.1.8 and openoffice-devel
CVE-2020-13958 Unrestricted actions leads to arbitrary code execution
in crafted documents
A vulnerability in Apache OpenOffice scripting events allows an
attacker to construct documents containing hyperlinks pointing to
an executable on the target users file system. These hyperlinks can
be triggered unconditionally. In fixed versions no internal protocol
may be called from the document event handler and other hyperlinks
require a control-click.
<https://www.openoffice.org/security/cves/CVE-2020-13958.html> |
1.1_5 09 Nov 2020 17:08:12 |
tcberner |
Prefer graphics/ligvrsvg2-rust over graphics/librsvg2
- switch to the more modern version of librsvg2 on architectures
supporting rust
- this will fix some graphical issues on these architectures
PR: 250276
Exp-run by: antoine
Submitted by: tobik
Differential Revision: https://reviews.freebsd.org/D18878 |
1.1_4 09 Nov 2020 14:05:41 |
lwhsu |
Fix CVE name for 07c7ae7a-224b-11eb-aa6e-e0d55e2a8bf9
Sponsored by: The FreeBSD Foundation |
1.1_4 09 Nov 2020 05:28:06 |
tcberner |
Document vulnerability in textproc/raptor2
From [1], [2], [3]:
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML
writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
[2] https://www.debian.org/security/2020/dsa-4785
[3] https://www.openwall.com/lists/oss-security/2017/06/07/1
PR: 250971
Security: CVE-2017-18926 |
1.1_4 08 Nov 2020 12:47:38 |
dbaio |
security/vuxml: Document www/py-notebook issue
Fix open redirect vulnerability GHSA-c7vm-f5p4-8fqh (CVE to be assigned). |
1.1_4 07 Nov 2020 17:40:34 |
brnrd |
security/vuxml: Document addl. MariaDB vulns |
1.1_4 05 Nov 2020 22:38:13 |
madpilot |
Document asterisk vulnerabilities. |
1.1_4 03 Nov 2020 19:50:03 |
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.183
Obtained
from: https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html |
1.1_4 02 Nov 2020 20:23:35 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 02 Nov 2020 19:07:13 |
joneum |
Add entry for wordpress
Sponsored by: Netzkommune GmbH |
1.1_4 31 Oct 2020 21:26:52 |
timur |
Add an entry about recent Samba vulnerabilities
Security: CVE-2020-14318
CVE-2020-14323
CVE-2020-14383 |
1.1_4 31 Oct 2020 02:38:09 |
fluffy |
security/vuxml: Document stack overflow in tmux
PR: 250737 |
1.1_4 28 Oct 2020 10:25:25 |
fernape |
security/vuxml: Add entry for multimedia/motion
Follow up commit for 553525.
For some reason, "Use MHD function for url decoding" actually means fixing
CVE-2020-26566
PR: 250660 |
1.1_4 22 Oct 2020 08:38:22 |
tcberner |
print/freetype2: document vulnerability
PR: 250375
Security: CVE-2020-15999 |
1.1_4 21 Oct 2020 17:32:05 |
brnrd |
security/vuxml: Document 2020Q4 MySQL vulnerabilities |
1.1_4 21 Oct 2020 08:22:19 |
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.111
Obtained
from: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html |
1.1_4 19 Oct 2020 09:24:05 |
dch |
security/vuxml: add powerdns-recursor
PR: 250318
Submitted by: Ralf van der Enden <tremere@cainites.net>
Reported by: michael.glaus@hostpoint.ch
Sponsored by: SkunkWerks, GmbH |
1.1_4 18 Oct 2020 15:38:26 |
brnrd |
security/vuxml: Document MariaDB vulnerabilities |
1.1_4 17 Oct 2020 14:17:23 |
dbaio |
security/vuxml: Update entry date for the last issue added (r552574) |
1.1_4 17 Oct 2020 13:50:26 |
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 249948
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Security: CVE-2020-26891 |
1.1_4 17 Oct 2020 13:08:24 |
joneum |
Add entry for drupal7
Sponsored by: Netzkommune GmbH |
1.1_4 13 Oct 2020 22:35:45 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html |
1.1_4 10 Oct 2020 18:01:51 |
sunpoet |
Document rails vulnerability |
1.1_4 09 Oct 2020 05:32:21 |
pi |
security/vuxml: add CVEs for www/payara
- CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw
via either loc/con parameters
- CVE-2019-12086 A Polymorphic Typing issue was discovered in
FasterXML jackson-databind 2.x before 2.9.9
- some more
PR: 250207
Submitted by: Dmytro Bilokha <dmytro@posteo.net> |
1.1_4 07 Oct 2020 21:21:58 |
leres |
security/vuxml: Mark zeek < 3.0.11 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.11
A memory leak in multipart MIME code has potential for remote
exploitation and cause for Denial of Service via resource exhaustion.
While we're here fix missing cite for "zeek < 3.0.10" entry. |
1.1_4 07 Oct 2020 10:53:24 |
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.75
Obtained
from: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html |
1.1_4 05 Oct 2020 17:25:55 |
sunpoet |
Document libexif vulnerability |
1.1_4 04 Oct 2020 06:03:48 |
tcberner |
vuxml: fix version check in r551354 |
1.1_4 04 Oct 2020 05:49:10 |
tcberner |
vuxml: document deskutils/kdeconnect-kde vulnerability
KDE Project Security Advisory
=============================
Title: KDE Connect: packet manipulation can be exploited in a Denial
of Service attack
Risk Rating: Important
CVE: CVE-2020-26164
Versions: kdeconnect <= 20.08.1
Author: Albert Vaca Cintora <albertvaka@gmail.com>
Date: 2 October 2020
Overview
========
(Only the first 15 lines of the commit message are shown above ) |
1.1_4 03 Oct 2020 17:21:33 |
tcberner |
vuxml: document vulnerability in devel/upnp
Security: CVE-2020-13848 |
1.1_4 02 Oct 2020 07:30:37 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 30 Sep 2020 20:29:18 |
thierry |
Add recent tt-rss issues.
PR: 249472
Submitted by: Derek Schrock (tt-rss's maintainer)
MFC after: 1 day
Security: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 |
1.1_4 28 Sep 2020 11:23:28 |
pi |
security/vuxml: Add CVE-2020-1945: Apache Ant insecure temporary file
vulnerability
PR: 248098
Submitted by: mikael |
1.1_4 28 Sep 2020 09:42:55 |
pi |
security/vuxml: add entry dns/powerdns below 4.3.1
- CVE-2020-17482
PR: 249560
Submitted by: Ralf van der Enden <tremere@cainites.net>
Relnotes: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html |
1.1_4 26 Sep 2020 13:10:26 |
zeising |
vuxml: Update pango entry for CVE-2019-1010238
Update the pango entry for CVE-2019-1010238.
Since the fix to pango wasn't applied properly the first time around, the
pango version with the fix needed to be bumpt in the vuxml entry. |
1.1_4 22 Sep 2020 19:00:08 |
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.121
Obtained
from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html |
1.1_4 22 Sep 2020 17:23:51 |
tcberner |
security/vuxml: document libxml2 vulnerabilities
PR: 249386 |
1.1_4 21 Sep 2020 21:07:57 |
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 249375
Submitted by: Denis Kasak <dkasak@termina.org.uk>
Submitted by: Sascha Biberhofer <ports@skyforge.at> (earlier version) |
1.1_4 20 Sep 2020 11:36:50 |
fluffy |
- Document python35 multiple vulnerabilities
PR: 249187 |
1.1_4 20 Sep 2020 00:36:02 |
timur |
Add an entry about CVE-2020-1472 - Unauthenticated domain takeover via netlogon
("ZeroLogon")
Security: CVE-2020-1472 |
1.1_4 19 Sep 2020 12:22:27 |
brnrd |
security/vuxml: Document Nextcloud 19.0.1 vuln |
1.1_4 18 Sep 2020 09:26:23 |
mandree |
www/webkit2-gtk3: Multiple Vulnerabilities (vuxml entry)
PR: 247892
Submitted by: rob2g2 <spam123@bitbert.com>
Security: CVE-2020-9802
Security: CVE-2020-9803
Security: CVE-2020-9805
Security: CVE-2020-9806
Security: CVE-2020-9807
Security: CVE-2020-9843
Security: CVE-2020-9850
Security: CVE-2020-13753 |
1.1_4 16 Sep 2020 20:47:51 |
bhughes |
security/vuxml: document Node.js September 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Sponsored by: Miles AS |
1.1_4 16 Sep 2020 06:44:34 |
philip |
security/vuxml: add FreeBSD SA-20:30.ftpd |
1.1_4 16 Sep 2020 06:44:29 |
philip |
security/vuxml: add FreeBSD SA-20:29.bhyve_svm |
1.1_4 16 Sep 2020 06:44:24 |
philip |
security/vuxml: add FreeBSD SA-20:28.bhyve_vmcs |
1.1_4 16 Sep 2020 06:44:19 |
philip |
security/vuxml: add FreeBSD SA-20:27.ure |
1.1_4 12 Sep 2020 12:11:03 |
sunpoet |
Document rails vulnerability |
1.1_4 10 Sep 2020 00:10:25 |
leres |
security/vuxml: Mark zeek < 3.0.10 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.10
Memory leak has potential for remote DOS via resource exhaustion. |
1.1_4 09 Sep 2020 16:01:10 |
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.102
Obtained
from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html |
1.1_4 07 Sep 2020 18:04:21 |
delphij |
Sigh, fix previous entry as it's already documented, combine the information
into previous entry. |
1.1_4 07 Sep 2020 18:02:55 |
delphij |
Document mpd multiple vulnerabilities. |
1.1_4 06 Sep 2020 20:03:11 |
eugen |
Document remotely exploitable crash in the mpd5.
Reported by: chennan at SourceForge
Obtained from: http://mpd.sourceforge.net/doc5/mpd4.html#4 |