Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_4 31 May 2020 10:53:13 |
adamw |
VuXML: Add entry for gitea < 1.11.6
PR: 246892
Submitted by: maintainer |
1.1_4 29 May 2020 06:51:37 |
tagattie |
Correct vulnerable version range of powerdns-recursor
PR: 246655
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ehaupt (mentor) |
1.1_4 29 May 2020 02:07:53 |
sunpoet |
Fix r536871 |
1.1_4 29 May 2020 01:59:46 |
sunpoet |
Document rubygem-kaminari-core vulnerability |
1.1_4 28 May 2020 10:20:23 |
cmt |
document sane-backend vulnerabilities
CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864,
CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
PR: 246803 |
1.1_4 28 May 2020 06:19:22 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4 27 May 2020 16:20:11 |
pi |
security/vuxml: add two entries for mail/sympa
PR: 246701
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> |
1.1_4 27 May 2020 12:08:46 |
tagattie |
Document powerdns-recursor vulnerabilities
PR: 246655
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ehaupt (mentor) |
1.1_4 25 May 2020 18:04:40 |
pi |
security/vuxml: add three CVEs for qmail
PR: 245010
Submitted by: erdgeist@erdgeist.org |
1.1_4 24 May 2020 18:55:35 |
rene |
Document new vulnerabilities in www/chromium 83.0.4103.61.
The website is somewhat crippled and does not show the full text. |
1.1_4 23 May 2020 12:31:37 |
joneum |
Add entry for piwigo
PR: 245153
Sponsored by: Netzkommune GmbH |
1.1_4 23 May 2020 09:22:21 |
joneum |
Add entry for tomcat
PR: 246657
Sponsored by: Netzkommune GmbH |
1.1_4 22 May 2020 22:20:22 |
delphij |
Document unbound multiple vulnerabilities. |
1.1_4 22 May 2020 13:07:46 |
joneum |
Add entry for drual7
Sponsored by: Netzkommune GmbH |
1.1_4 20 May 2020 11:41:05 |
dbaio |
security/vuxml: Document net-mgmt/zabbix3 issue
Security: CVE-2020-11800 |
1.1_4 19 May 2020 23:35:17 |
sunpoet |
Document rails vulnerability |
1.1_4 19 May 2020 14:18:34 |
wen |
- Document CVE-2019-18348, CVE-2020-8492 for python38 |
1.1_4 18 May 2020 19:00:35 |
ler |
security/vuxml: Report multiple dovecot vulnerabilities. |
1.1_4 17 May 2020 20:42:25 |
zi |
- Document security/clamav vulnerabilities |
1.1_4 17 May 2020 20:18:31 |
sunpoet |
Update json-c vulnerability
- While I'm here, fix format
json-c 0.14 will land the ports tree along with the fix, thus I change it to
0.14.
PR: 246389 |
1.1_4 17 May 2020 18:33:09 |
sunpoet |
Document rails vulnerability |
1.1_4 16 May 2020 09:17:26 |
brnrd |
security/vuxml: MariaDB vulnerabilities |
1.1_4 16 May 2020 06:45:08 |
woodsb02 |
Add new sysutils/py-salt vulnerabilities
PR: 246061
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2020-11651
Security: CVE-2020-11652 |
1.1_4 14 May 2020 11:29:20 |
mandree |
devel/json-c: CVE-2020-12762 integer overflow, out of bounds write
Reported by: Daniel Engberg
Security: abc3ef37-95d4-11ea-9004-25fadb81abf4
Security: CVE-2020-12762 |
1.1_4 13 May 2020 20:44:18 |
sunpoet |
Document typo3 vulnerability |
1.1_4 13 May 2020 15:16:46 |
gordon |
Add proper links for the html output of vuln.xml.
Add freebsdsa as a proper type.
Correct link to CVEs.
Reviewed by: gjb, joneum
Approved by: ports-secteam (joneum)
Differential Revision: https://reviews.freebsd.org/D24824 |
1.1_4 12 May 2020 18:37:02 |
gordon |
Add data for today's SA batch.
Approved by: so |
1.1_4 09 May 2020 16:02:59 |
novel |
security/vuxml: log www/qutebrowser CVE-2020-11054 |
1.1_4 09 May 2020 10:08:14 |
wen |
- Document python27 CVE-2019-18348 |
1.1_4 09 May 2020 08:23:42 |
joneum |
add entry for www/glpi
PR: 244971
Sponsored by: Netzkommune GmbH |
1.1_4 07 May 2020 19:56:01 |
mandree |
mail/mailman: extend content injection vuln via private archive login
This led up to mailman 2.1.33 today.
https://bugs.launchpad.net/mailman/+bug/1877379
https://launchpadlibrarian.net/478684932/private.diff
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
Approved by: ports-secteam@ (blanket for security fixes)
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 06 May 2020 23:26:49 |
leres |
security/vuxml: Mark zeek < 3.0.6 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
Various issues including buffer over-reads, uninitialized field
access, memory leak, and stack overflows. |
1.1_4 06 May 2020 15:02:40 |
salvadore |
security/vuxml: Update discovery date for CVE-2020-1730
Update discovery date for CVE-2020-1730 based on information obtained from
the libssh team.
Approved by: gerald (mentor) |
1.1_4 06 May 2020 05:14:42 |
sunpoet |
Document wagtail vulnerability |
1.1_4 05 May 2020 22:55:22 |
mandree |
Permit mail/mailman vulnerability to be fixed in 2.1.30_3 already
...not in 2.1.31 only. We can't just easily backport 2.1.31 to 2020Q2.
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 05 May 2020 17:51:49 |
mandree |
new mailman < 2.1.31 content injection vulnerability
similar to CVE-2018-13796 (not sure if they'll reuse that no. so
not including in Security: tags below)
https://bugs.launchpad.net/mailman/+bug/1873722
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 05 May 2020 05:32:48 |
fjoe |
Fix version range for 97fcc60a-6ec0-11ea-a84a-4c72b94353b5:
phpMyAdmin 4.9.5 is not vulnerable
PR: 245096 |
1.1_4 04 May 2020 23:23:15 |
dbaio |
security/vuxml: Document net-mgmt/cacti issue
PR: 246164
Submitted by: Michael Muenz <m.muenz@gmail.com>
Security: CVE-2020-7106 |
1.1_4 03 May 2020 21:28:58 |
pi |
security/vuxml: add squid 4.10 CVEs
PR: 245433
Submitted by: Michael Muenz <m.muenz@gmail.com> |
1.1_4 03 May 2020 07:46:28 |
tcberner |
Document audio/taglib vulnerability |
1.1_4 01 May 2020 09:44:40 |
mfechner |
Documented gitlab vulnerabilities. |
1.1_4 29 Apr 2020 22:31:08 |
dbaio |
security/vuxml: Add other flavors of py-yaml |
1.1_4 29 Apr 2020 18:48:51 |
tcberner |
Document multimedia/vlc vulnerabilities
Security: CVE-2019-19721 CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077
CVE-2020-6078 CVE-2020-6079 |
1.1_4 29 Apr 2020 15:03:41 |
timur |
Add an entry about CVE-2020-10700, CVE-2020-10704 in samba410 and 411.
Security: CVE-2020-10700
CVE-2020-10704 |
1.1_4 29 Apr 2020 06:08:20 |
fluffy |
net/ceph14: document CVE-2020-1759, CVE-2020-1760 |
1.1_4 29 Apr 2020 01:35:22 |
delphij |
Document OpenLDAP CVE-2020-12243.
PR: 213895
Submitted by: rob2g2 <spam123 bitbert com> |
1.1_4 27 Apr 2020 19:47:27 |
jpaetzel |
Add entry for py-yaml vulnerability |
1.1_4 26 Apr 2020 17:39:27 |
dbaio |
security/vuxml: Document www/py-bleach issue
PR: 245943
Security: CVE-2020-6817 |
1.1_4 23 Apr 2020 12:25:39 |
brnrd |
security/vuxml: MySQL Server 2020Q2 vulnerabilities |
1.1_4 23 Apr 2020 12:23:50 |
brnrd |
security/vuxml: MySQL client 2020Q2 vulnerabilities |
1.1_4 23 Apr 2020 11:48:08 |
brnrd |
security/vuxml: Register Nextcloud vulnerabilities |
1.1_4 23 Apr 2020 01:17:13 |
dbaio |
security/vuxml: Document lang/python issue
PR: 245819
Security: CVE-2020-8492 |
1.1_4 22 Apr 2020 21:33:18 |
sunpoet |
Document wagtail vulnerability |
1.1_4 22 Apr 2020 20:29:14 |
gordon |
11.3 isn't vulenrable to the recent OpenSSL vulnerability.
Approved by: so
X-Pointy-Hat to: gordon |
1.1_4 22 Apr 2020 20:02:55 |
leres |
security/vuxml: Restore openssl port version range to the 2020-04-21 entry
I tested that this passes "make validate" and correctly flags
openssl-1.1.1f,1 as vulnerable.
Approved by: gjb |
1.1_4 22 Apr 2020 11:11:17 |
gjb |
Revert r532466, adding back 'FreeBSD' to the topic.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:09:17 |
gjb |
The vuxml build is now fixed. Remove the 'ignore' block and its
contents.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:07:32 |
gjb |
Comment the second name tag, which I believe is what is causing the
vuxml build to fail. If I am wrong, I will revert this commit.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:03:50 |
gjb |
Um, ok. Third attempt to try to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 10:44:59 |
gjb |
Attempt number 2 to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 10:36:57 |
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 09:38:05 |
brnrd |
security/vuxml: Fix OpenSSL port commit |
1.1_4 22 Apr 2020 08:20:12 |
brnrd |
security/vuxml: Mark OpenSSL 1.1.1f from ports vulnerable too |
1.1_4 21 Apr 2020 19:48:03 |
sunpoet |
Document libntlm vulnerability |
1.1_4 21 Apr 2020 18:29:59 |
gordon |
Add new entries for SA-20:10 and SA-20:11. |
1.1_4 21 Apr 2020 12:25:01 |
dbaio |
security/vuxml: Document devel/py-twisted vulnerabilities
PR: 245252
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Reported by: contact@evilham.com |
1.1_4 19 Apr 2020 12:58:21 |
salvadore |
security/vuxml: Add CVE-2020-1730 affecting security/libssh
Approved by: gerald (mentor)
Differential Revision: https://reviews.freebsd.org/D24377 |
1.1_4 18 Apr 2020 11:35:25 |
kwm |
Document webkit2-gtk3 vulnability |
1.1_4 18 Apr 2020 04:13:41 |
acm |
- Add www/drupal8 entry |
1.1_4 17 Apr 2020 22:29:36 |
bofh |
sysutils/ansible*: Add multiple Vulnerabilities
- Add vuxml entry for CVE-2020-1737, CVE-2020-1739 and CVE-2020-1740
Security: CVE-2020-1737
Security: CVE-2020-1739
Security: CVE-2020-1740 |
1.1_4 16 Apr 2020 16:16:25 |
rene |
Document new vulnerabilities in www/chromium < 81.0.4044.113
Obtained from: Google Chrome Releases |
1.1_4 16 Apr 2020 09:32:25 |
mandree |
document security/openvpn{,-mbedtls,-devel} illegal client float DoS
URL: https://community.openvpn.net/openvpn/ticket/1272
Reported by: Lev Stipakov
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f |
1.1_4 15 Apr 2020 13:30:03 |
tijl |
Document Mbed TLS CVE-2020-10932.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 |
1.1_4 15 Apr 2020 06:21:20 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 14 Apr 2020 20:53:37 |
leres |
security/vuxml: Mark zeek < 3.0.4 as vulnerable as per:
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
An attacker can crash Zeek remotely via crafted packet sequence via
a stack overflow in POP3 analyzer. |
1.1_4 12 Apr 2020 10:06:00 |
rene |
Document new vulnerabilities in www/chromium < 81.0.4044.92 |
1.1_4 02 Apr 2020 19:32:40 |
rene |
Document partial new vulnerabilities in www/chromium < 80.0.3987.162 |
1.1_4 02 Apr 2020 18:12:58 |
flo |
Add an entry for the HAproxy vulnerability announced today. The ports have
already been fixed.
PR: 245282
Discussed with: demon |
1.1_4 02 Apr 2020 12:21:59 |
sunpoet |
Fix rubygem-json entry (40194e1c-6d89-11ea-8082-80ee73419af3)
rubygem-json 2.3.0 was erroneously marked as vulnerable.
% cd /usr/ports/devel/rubygem-json
% make fetch
===> rubygem-json-2.3.0 has known vulnerabilities:
rubygem-json-2.3.0 is vulnerable:
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
CVE: CVE-2020-10663
WWW: https://vuxml.FreeBSD.org/freebsd/40194e1c-6d89-11ea-8082-80ee73419af3.html
1 problem(s) in 1 installed package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make: stopped in /usr/ports/devel/rubygem-json |
1.1_4 02 Apr 2020 07:23:32 |
joneum |
Add entry for Apache 2.4
Sponsored by: Netzkommune GmbH |
1.1_4 01 Apr 2020 22:06:18 |
woodsb02 |
Document multiple vulnerabilities in net-mgmt/cacti < 1.2.10
PR: 245205
Submitted by: Michael Muenz <m.muenz@gmail.com> |
1.1_4 31 Mar 2020 15:52:42 |
tijl |
Add entry for GNUTLS-SA-2020-03-31 (flaw in DTLS).
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 |
1.1_4 29 Mar 2020 19:50:00 |
girgen |
Fix validation error |
1.1_4 29 Mar 2020 19:46:16 |
girgen |
Add vuxml entry for CVE-2020-1720 |
1.1_4 27 Mar 2020 13:48:12 |
wen |
- Document mediawiki's multiple vulnerabilities |
1.1_4 26 Mar 2020 20:43:10 |
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 26 Mar 2020 20:27:30 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 26 Mar 2020 04:40:23 |
meta |
security/vuxml: Document CVE-2020-10663 (devel/rubygem-json)
PR: 245023 |
1.1_4 25 Mar 2020 18:25:15 |
lwhsu |
Document Jenkins Security Advisory 2020-03-25
Sponsored by: The FreeBSD Foundation |
1.1_4 25 Mar 2020 17:59:50 |
joneum |
Add entry for phpmyadmin
Sponsored by: Netzkommune GmbH |
1.1_4 23 Mar 2020 17:34:41 |
romain |
Add details for two Puppet-related CVEs |
1.1_4 19 Mar 2020 18:00:34 |
gordon |
Add details for today's SAs.
Approved by: so |
1.1_4 18 Mar 2020 07:23:22 |
koobs |
security/vuxml: Add www/py-bleach entry |
1.1_4 15 Mar 2020 22:31:28 |
leres |
security/vuxml: Mark zeek < 3.0.3 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/9dda3602a760f00d9532c6314ea79108106033fa/NEWS
There are a number of potential denial of service issues due to
memory leaks, buffer overflows, and a null pointer dereference.
Approved by: matthew (mentor, implicit) |
1.1_4 13 Mar 2020 05:48:23 |
tcberner |
scurity/vuxml: fix range |
1.1_4 13 Mar 2020 05:39:12 |
tcberner |
Document security issue in graphics/okular
https://kde.org/info/security/advisory-20200312-1.txt:
Overview
========
Okular can be tricked into executing local binaries via specially crafted
PDF files.
This binary execution can require almost no user interaction.
No parameters can be passed to those local binaries.
We have not been able to identify any binary that will cause actual damage,
be it in the hardware or software level, when run without parameters. (Only the first 15 lines of the commit message are shown above ) |
1.1_4 12 Mar 2020 10:05:33 |
mfechner |
Document gitlab-ce vulnerability. |
1.1_4 12 Mar 2020 01:31:29 |
wen |
- Document django's potential SQL injection vulnerability |
1.1_4 11 Mar 2020 10:58:20 |
decke |
Document py-matrix-synapse vulnerabilities
PR: 244279
Submitted by: Sascha Biberhofer <ports@skyforge.at> |
1.1_4 09 Mar 2020 21:54:54 |
bhughes |
security/vuxml: document recent Node.js vulnerabilities
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
While here, fix errors from `make validate` for the preceeding gitea
vulnerabilities.
Sponsored by: Miles AS |