Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_4 06 Sep 2020 10:49:32 |
tijl |
Document Mbed TLS 2020-09-1 and 2020-09-2.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 |
1.1_4 06 Sep 2020 10:22:45 |
tijl |
Document GNUTLS-SA-2020-09-04.
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 |
1.1_4 05 Sep 2020 21:44:38 |
sunpoet |
Update jasper vulnerability |
1.1_4 05 Sep 2020 21:35:39 |
sunpoet |
Document Django vulnerability |
1.1_4 04 Sep 2020 21:08:41 |
adamw |
security/vuxml: Fix gnupg version range specification
Thanks to swills for pointing me to the error here.
PR: 249110
Reported by: jjuanino gmail |
1.1_4 04 Sep 2020 05:25:46 |
lwhsu |
Fix format |
1.1_4 04 Sep 2020 02:13:17 |
adamw |
vuxml: Add entry for gnupg 2.2.21 - 2.2.22 |
1.1_4 03 Sep 2020 01:00:50 |
philip |
security/vuxml: add FreeBSD SA-20:26.dhclient |
1.1_4 03 Sep 2020 01:00:46 |
philip |
security/vuxml: add FreeBSD SA-20:25.sctp |
1.1_4 03 Sep 2020 01:00:36 |
philip |
security/vuxml: add FreeBSD SA-20:24.ipv6 |
1.1_4 02 Sep 2020 19:39:19 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 01 Sep 2020 19:28:26 |
dmgk |
security/vuxml: Document lang/go vulnerability |
1.1_4 28 Aug 2020 05:15:49 |
tcberner |
security/vuxml: document vulnerability in ark |
1.1_4 27 Aug 2020 20:50:21 |
leres |
security/vuxml: Mark php72, php73, and php74 vulnerable as per:
https://www.php.net/ChangeLog-7.php#PHP_7_4
https://www.php.net/ChangeLog-7.php#PHP_7_3
https://www.php.net/ChangeLog-7.php#PHP_7_2
The phar_parse_zipfile function had [a] use-after-free vulnerability
because of [a] mishandling of the actual_alias variable.
Security: CVE-2020-7068 |
1.1_4 26 Aug 2020 18:01:43 |
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.83 |
1.1_4 25 Aug 2020 19:00:36 |
sunpoet |
Document jasper vulnerability |
1.1_4 25 Aug 2020 17:26:32 |
zeising |
vuxml: Document xorg-server and libX11 vulns
Document newly announced vulnerabilities in libX11 and xorg-server. |
1.1_4 25 Aug 2020 13:12:31 |
mfechner |
Updated entry for gitlab to clarify that the previously reported version does
not fix the problem.
Please also see this upstream issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/233881 |
1.1_4 22 Aug 2020 10:08:38 |
mandree |
vuln.xml: add chrony < 3.5.1 pidfile symlink vulnerability
Security: 719f06af-e45e-11ea-95a1-c3b8167b8026
Security: CVE-2020-14367 |
1.1_4 20 Aug 2020 18:12:46 |
freqlabs |
security/vuxml: Document sysutils/openzfs-kmod issues
PR: 248787
Reported by: Andrew Walker
Reviewed by: wg
Approved by: wg (ports)
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D26121 |
1.1_4 20 Aug 2020 11:54:31 |
dmgk |
security/vuxml: Document textproc/elasticsearch6 vulnerability
PR: 248761
Submitted by: Juraj Lutter <juraj@lutter.sk> (maintainer) |
1.1_4 20 Aug 2020 10:39:16 |
zeising |
vuxml: Document dns/adns security issues
Document several securiy issues in dns/adns.
While here, fix whitespace in adjacent entries, as reported by make
validate. |
1.1_4 19 Aug 2020 17:29:51 |
lme |
Document icingaweb2 vulnerability |
1.1_4 19 Aug 2020 16:26:33 |
sunpoet |
Document curl vulnerability |
1.1_4 19 Aug 2020 15:59:56 |
wen |
- Update a cvename entry |
1.1_4 19 Aug 2020 15:30:09 |
wen |
- Document python37 and python36 multiple vulnerabilities
PR: 248751
Submitted by: mwalker@carbonhouse.com |
1.1_4 19 Aug 2020 08:24:45 |
zeising |
vuxml: Document security/trousers issues
Reapply r545263, but do it properly this time.
Document security issues in security/trousers. |
1.1_4 19 Aug 2020 03:30:06 |
gjb |
Revert r545263, which excludes the package name, version(s) affected,
and includes "INSERT BLOCKQUOTE URL HERE" for a URL, suggesting the
'make validate' target was clearly not executed. |
1.1_4 18 Aug 2020 23:17:17 |
zeising |
vuxml: Document security issues in security/trousers |
1.1_4 18 Aug 2020 19:36:51 |
rene |
Document new vulnerability in www/chromium < 84.0.4147.135 |
1.1_4 17 Aug 2020 20:10:04 |
flo |
Document ceph vulnerability
PR: 248673
Submitted by: Willem Jan Withagen <wjw@digiware.nl> |
1.1_4 17 Aug 2020 17:00:24 |
lwhsu |
Document Jenkins Security Advisory 2020-08-17
Sponsored by: The FreeBSD Foundation |
1.1_4 16 Aug 2020 17:45:41 |
rodrigo |
security/vuxml: Update rsync issues with zlib |
1.1_4 16 Aug 2020 13:27:17 |
swills |
Document py-ecdsa issue |
1.1_4 15 Aug 2020 14:10:33 |
dbaio |
security/vuxml: Document net-mgmt/snmptt issue
PR: 248162
Reported by: nistor@snickers.org |
1.1_4 14 Aug 2020 00:14:16 |
ler |
security/vuxml: mail/dovecot multiple vulnerabilities. |
1.1_4 13 Aug 2020 10:48:56 |
mandree |
graphics/ilmbase, graphics/openexr: mention security fixes in v2.5.3
No CVE numbers available at this time.
Security: b1d6b383-dd51-11ea-a688-7b12871ef3ad |
1.1_4 12 Aug 2020 13:31:47 |
lwhsu |
Document Jenkins Security Advisory 2020-08-12
Sponsored by: The FreeBSD Foundation |
1.1_4 11 Aug 2020 19:31:38 |
rene |
Document new vulnerabilities in www/chromium < 84.0.4147.125 |
1.1_4 11 Aug 2020 03:14:16 |
romain |
Document puppetdb5 vulnerability |
1.1_4 10 Aug 2020 13:30:09 |
danilo |
- Document ftp/bftpd vulnerabilities |
1.1_4 09 Aug 2020 08:00:28 |
pi |
security/vuxml: add www/trafficserver entry for CVE-2020-9494
PR: 247713
Submitted by: spam123@bitbert.com |
1.1_4 08 Aug 2020 18:52:06 |
brnrd |
security/vuxml: www/mod_http2 also vulnerable to latest Apache httpd vulns |
1.1_4 08 Aug 2020 09:53:49 |
brnrd |
security/vuxml: Add Apache httpd vulnerabilities |
1.1_4 06 Aug 2020 17:22:21 |
dmgk |
security/vuxml: Document lang/go vulnerability |
1.1_4 06 Aug 2020 07:35:38 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4 06 Aug 2020 03:43:17 |
philip |
security/vuxml: correct a typo in SA-20:22.sqlite
Pointy hat to: philip |
1.1_4 06 Aug 2020 03:31:27 |
philip |
security/vuxml: add FreeBSD SA-20:23.sendmsg |
1.1_4 06 Aug 2020 03:31:22 |
philip |
security/vuxml: add FreeBSD SA-20:21.usb_net |
1.1_4 06 Aug 2020 03:31:18 |
philip |
security/vuxml: add FreeBSD SA to sqlite3 entry
Reference FreeBSD-SA-20:22.sqlite and correct the fixed patch releases
in the recent sqlite3 entry. |
1.1_4 04 Aug 2020 09:30:44 |
joneum |
add entry for typo3-9 and typo3-10
PR: 248430 248429
Sponsored by: Netzkommune GmbH |
1.1_4 01 Aug 2020 13:50:09 |
zeising |
vuxml: Document vulns in xorg-server and libX11
Document two vulnerabilities, one in xorg-server and one in libX11.
The one in libX11 is a heap corruption vulnerability. [1]
The one in xorg-server (and slave ports) is a uninitialized memory
disclosure. [2]
Security: CVE-2020-14344[1], CVE-2020-14347 [2] |
1.1_4 31 Jul 2020 13:57:37 |
wen |
- Document python38 multiple vulnerabilities |
1.1_4 30 Jul 2020 17:10:27 |
tcberner |
security/vuxml: fix randomly introduced typo
Pointy hat: tcberner
Reported by: kevans |
1.1_4 30 Jul 2020 15:54:21 |
tcberner |
Document vulnerability in archivers/ark
- fixed in r543704 (head), r543705 (2020Q3) |
1.1_4 28 Jul 2020 17:42:47 |
rene |
Document new vulnerabilities in www/chromium < 84.0.4147.105
Obtained
from: https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html |
1.1_4 28 Jul 2020 12:19:48 |
riggs |
Document out-of-bounds-read in libsndfile (CVE-2019-3832).
PR: 248268 |
1.1_4 28 Jul 2020 04:38:20 |
kevans |
security/vuxml: document new vulnerability in net/freerdp < 2.2.0
PR: 248198 |
1.1_4 28 Jul 2020 01:00:20 |
leres |
security/vuxml: Mark zeek < 3.0.8 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.8
Two potential stack overflows. |
1.1_4 27 Jul 2020 08:48:47 |
joneum |
Add entry for Cacti
PR: 248140
Sponsored by: Netzkommune GmbH |
1.1_4 24 Jul 2020 19:08:54 |
sunpoet |
Document wagtail vulnerability |
1.1_4 23 Jul 2020 18:37:12 |
joneum |
Fix typo
Reported by: cmt
Sponsored by: Netzkommune GmbH |
1.1_4 23 Jul 2020 17:32:16 |
joneum |
Add entry for pango
Sponsored by: Netzkommune GmbH |
1.1_4 23 Jul 2020 14:43:55 |
joneum |
Fix typo
Sponsored by: Netzkommune GmbH |
1.1_4 23 Jul 2020 14:42:25 |
joneum |
modified the tomcat entry and add CVE-2020-11996
PR: 247555
Sponsored by: Netzkommune GmbH |
1.1_4 23 Jul 2020 11:54:53 |
joneum |
Add entry for www/tomcat{7,85,9,-devel}
PR: 247975
Sponsored by: Netzkommune GmbH |
1.1_4 22 Jul 2020 17:17:02 |
cy |
Fixup affected versions, imprecisely.
Reported by: mat |
1.1_4 20 Jul 2020 08:10:53 |
wen |
- Document multiple vulnerabilities of python38
- Fix 2 typos in my last commit |
1.1_4 19 Jul 2020 09:11:26 |
madpilot |
Document multiple vulnerabilities in VirtualBox>
PR: 244212
Submitted by: Nikita Stepanov <nikitastepan0v@bk.ru> |
1.1_4 17 Jul 2020 05:44:10 |
pi |
security/vuxml: Document multiple vulnerabilities in clamav
- CVE-2020-3350, CVE-2020-3327, CVE-2020-3481
PR: 248027
Submitted by: Yasuhiro KIMURA <yasu@utahime.org> |
1.1_4 16 Jul 2020 12:02:38 |
mandree |
vuln db: record OpenEXR/ilmbase < 2.5.2 vulnerabilities
Security: 714e6c35-c75b-11ea-aa29-d74973d1f9f3 |
1.1_4 15 Jul 2020 18:13:56 |
rene |
Document new vulnerabilities in www/chromium < 84.0.4147.89
Obtained
from: https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html |
1.1_4 15 Jul 2020 16:58:53 |
lwhsu |
Document Jenkins Security Advisory 2020-07-15
Sponsored by: The FreeBSD Foundation |
1.1_4 11 Jul 2020 11:40:09 |
brnrd |
security/vuxml: Add MySQL vulns from pre-announce |
1.1_4 10 Jul 2020 05:30:24 |
philip |
security/vuxml: update CVE-2020-1266[23] entry
Note vulnerable FreeBSD releases and add a reference to
FreeBSD-SA-20:19.unbound. |
1.1_4 10 Jul 2020 05:30:19 |
philip |
security/vuxml: add FreeBSD SA-20:20.ipv6 |
1.1_4 10 Jul 2020 05:30:12 |
philip |
security/vuxml: add FreeBSD SA-20:18.posix_spawnp |
1.1_4 09 Jul 2020 21:52:27 |
joneum |
Add entry for www/mybb
Sponsored by: Netzkommune GmbH |
1.1_4 09 Jul 2020 17:09:28 |
cy |
Correct FreeBSD versions vulnerable to the latest sqlite3
vulnerabilities. This will be updated by so@ at a future date.
PR: 247865
Submitted by: Yasuhiro KIMURA <yasu at utahime.org>
Reported by: Yasuhiro KIMURA <yasu at utahime.org>
Approved by: ports-secteam (jonenum) |
1.1_4 08 Jul 2020 19:20:01 |
sunpoet |
Document rubygem-kramdown vulnerability |
1.1_4 07 Jul 2020 11:49:48 |
tijl |
Document Mbed TLS security advisory 2020-07.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 |
1.1_4 07 Jul 2020 10:14:35 |
mfechner |
Document gitlab vulnerability. |
1.1_4 06 Jul 2020 02:02:21 |
wen |
- Document python37 multiple vulnerabilities |
1.1_4 05 Jul 2020 00:45:52 |
timur |
Add entry about Samba vulnerabilities CVE-2020-10730, CVE-2020-10745,
CVE-2020-10760, CVE-2020-14303
PR: 247725
Security: CVE-2020-10730
CVE-2020-10745
CVE-2020-10760
CVE-2020-14303 |
1.1_4 04 Jul 2020 15:37:58 |
joneum |
Add entry for anydesk
PR: 247406
Sponsored by: Netzkommune GmbH |
1.1_4 03 Jul 2020 07:04:06 |
lwhsu |
Document net-im/py-matrix-synapse security issue before 1.15.2
PR: 247720
Submitted by: Sascha Biberhofer <ports@skyforge.at> |
1.1_4 03 Jul 2020 06:02:40 |
tcberner |
Document vulnerability in dbus < 2.12.18
* See [1] for details.
* The port is already updated to 2.12.18.
[1] https://gitlab.freedesktop.org/dbus/dbus/-/issues/294
PR: 247340
Submitted by: rob2g2 <spam123@bitbert.com>
Security: CVE-2020-12049 |
1.1_4 02 Jul 2020 19:21:58 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 02 Jul 2020 17:33:32 |
yuri |
security/vuxml update: coturn CVE-2020-4067 for net/coturn |
1.1_4 02 Jul 2020 08:58:43 |
joneum |
Add entrx for dns/powerdns-recursor
PR: 247707
Submitted by: Ralf van der Enden <tremere@cainites.net>
Sponsored by: Netzkommune GmbH |
1.1_4 01 Jul 2020 08:50:56 |
joneum |
Add entry for Drupal 7
Sponsored by: Netzkommune GmbH |
1.1_4 30 Jun 2020 08:04:16 |
meta |
Document xrdp CVE-2020-4044 vulnerability |
1.1_4 29 Jun 2020 16:58:02 |
pi |
security/vuxml: add mongodb CVE entry
- See also: https://jira.mongodb.org/browse/SERVER-45472
PR: 247392
Submitted by: Ronald Klop <ronald-lists@klop.ws> |
1.1_4 28 Jun 2020 21:47:34 |
naddy |
Document libvorbis vulnerabilities CVE-2017-14160 and CVE-2018-10392. |
1.1_4 28 Jun 2020 13:52:19 |
mandree |
security/putty: two security vulnerabilities in versions < 0.74
Security: 6190c0cd-b945-11ea-9401-2dcf562daa69
Security: CVE-2020-14002
Security: FZI-2020-5 |
1.1_4 25 Jun 2020 19:26:23 |
zeising |
vuln.xml: Adjust sqlite version in sqlite entry
Update the sqlite versions affected in the latest sqlite entry. The entry
failed to take PORTEPOCH into account, and without this fix pkg audit fails
to mark sqlite as vulnerable when it's not updated to the latest version,
since any version with PORTEPOCH set will always be greater than any version
without.
PR: 247149 |
1.1_4 24 Jun 2020 21:53:59 |
gjb |
Fix build, again...
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 24 Jun 2020 21:30:42 |
rene |
Document new vulnerablities in www/chromium < 83.0.4103.116 |
1.1_4 24 Jun 2020 20:30:36 |
zeising |
Update VuXML with security issues in mail/mutt
PR: 247399
Submitted by: Derek Schrock |
1.1_4 24 Jun 2020 17:59:39 |
sunpoet |
Document curl vulnerability |