Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_4 16 Apr 2020 09:32:25 |
mandree |
document security/openvpn{,-mbedtls,-devel} illegal client float DoS
URL: https://community.openvpn.net/openvpn/ticket/1272
Reported by: Lev Stipakov
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f |
1.1_4 15 Apr 2020 13:30:03 |
tijl |
Document Mbed TLS CVE-2020-10932.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 |
1.1_4 15 Apr 2020 06:21:20 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 14 Apr 2020 20:53:37 |
leres |
security/vuxml: Mark zeek < 3.0.4 as vulnerable as per:
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
An attacker can crash Zeek remotely via crafted packet sequence via
a stack overflow in POP3 analyzer. |
1.1_4 12 Apr 2020 10:06:00 |
rene |
Document new vulnerabilities in www/chromium < 81.0.4044.92 |
1.1_4 02 Apr 2020 19:32:40 |
rene |
Document partial new vulnerabilities in www/chromium < 80.0.3987.162 |
1.1_4 02 Apr 2020 18:12:58 |
flo |
Add an entry for the HAproxy vulnerability announced today. The ports have
already been fixed.
PR: 245282
Discussed with: demon |
1.1_4 02 Apr 2020 12:21:59 |
sunpoet |
Fix rubygem-json entry (40194e1c-6d89-11ea-8082-80ee73419af3)
rubygem-json 2.3.0 was erroneously marked as vulnerable.
% cd /usr/ports/devel/rubygem-json
% make fetch
===> rubygem-json-2.3.0 has known vulnerabilities:
rubygem-json-2.3.0 is vulnerable:
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
CVE: CVE-2020-10663
WWW: https://vuxml.FreeBSD.org/freebsd/40194e1c-6d89-11ea-8082-80ee73419af3.html
1 problem(s) in 1 installed package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make: stopped in /usr/ports/devel/rubygem-json |
1.1_4 02 Apr 2020 07:23:32 |
joneum |
Add entry for Apache 2.4
Sponsored by: Netzkommune GmbH |
1.1_4 01 Apr 2020 22:06:18 |
woodsb02 |
Document multiple vulnerabilities in net-mgmt/cacti < 1.2.10
PR: 245205
Submitted by: Michael Muenz <m.muenz@gmail.com> |
1.1_4 31 Mar 2020 15:52:42 |
tijl |
Add entry for GNUTLS-SA-2020-03-31 (flaw in DTLS).
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 |
1.1_4 29 Mar 2020 19:50:00 |
girgen |
Fix validation error |
1.1_4 29 Mar 2020 19:46:16 |
girgen |
Add vuxml entry for CVE-2020-1720 |
1.1_4 27 Mar 2020 13:48:12 |
wen |
- Document mediawiki's multiple vulnerabilities |
1.1_4 26 Mar 2020 20:43:10 |
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 26 Mar 2020 20:27:30 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 26 Mar 2020 04:40:23 |
meta |
security/vuxml: Document CVE-2020-10663 (devel/rubygem-json)
PR: 245023 |
1.1_4 25 Mar 2020 18:25:15 |
lwhsu |
Document Jenkins Security Advisory 2020-03-25
Sponsored by: The FreeBSD Foundation |
1.1_4 25 Mar 2020 17:59:50 |
joneum |
Add entry for phpmyadmin
Sponsored by: Netzkommune GmbH |
1.1_4 23 Mar 2020 17:34:41 |
romain |
Add details for two Puppet-related CVEs |
1.1_4 19 Mar 2020 18:00:34 |
gordon |
Add details for today's SAs.
Approved by: so |
1.1_4 18 Mar 2020 07:23:22 |
koobs |
security/vuxml: Add www/py-bleach entry |
1.1_4 15 Mar 2020 22:31:28 |
leres |
security/vuxml: Mark zeek < 3.0.3 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/9dda3602a760f00d9532c6314ea79108106033fa/NEWS
There are a number of potential denial of service issues due to
memory leaks, buffer overflows, and a null pointer dereference.
Approved by: matthew (mentor, implicit) |
1.1_4 13 Mar 2020 05:48:23 |
tcberner |
scurity/vuxml: fix range |
1.1_4 13 Mar 2020 05:39:12 |
tcberner |
Document security issue in graphics/okular
https://kde.org/info/security/advisory-20200312-1.txt:
Overview
========
Okular can be tricked into executing local binaries via specially crafted
PDF files.
This binary execution can require almost no user interaction.
No parameters can be passed to those local binaries.
We have not been able to identify any binary that will cause actual damage,
be it in the hardware or software level, when run without parameters. (Only the first 15 lines of the commit message are shown above ) |
1.1_4 12 Mar 2020 10:05:33 |
mfechner |
Document gitlab-ce vulnerability. |
1.1_4 12 Mar 2020 01:31:29 |
wen |
- Document django's potential SQL injection vulnerability |
1.1_4 11 Mar 2020 10:58:20 |
decke |
Document py-matrix-synapse vulnerabilities
PR: 244279
Submitted by: Sascha Biberhofer <ports@skyforge.at> |
1.1_4 09 Mar 2020 21:54:54 |
bhughes |
security/vuxml: document recent Node.js vulnerabilities
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
While here, fix errors from `make validate` for the preceeding gitea
vulnerabilities.
Sponsored by: Miles AS |
1.1_4 07 Mar 2020 20:25:52 |
adamw |
Fix closing tag
Reported by: joneum |
1.1_4 07 Mar 2020 18:31:08 |
adamw |
Add entry for www/gitea
PR: 244025
Submitted by: maintainer |
1.1_4 07 Mar 2020 00:41:13 |
woodsb02 |
Document vulnerability in sysutils/py-salt
PR: 243908
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2019-17361 |
1.1_4 06 Mar 2020 07:25:43 |
mfechner |
Documment gitlab vulnerabilities. |
1.1_4 04 Mar 2020 15:23:15 |
cy |
Document the latest nwtime.org ntp security advisory found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele
No CVEs have been documented yet.
Security: http://support.ntp.org/bin/view/Main/NtpBug3610
http://support.ntp.org/bin/view/Main/NtpBug3596
http://support.ntp.org/bin/view/Main/NtpBug3592 |
1.1_4 02 Mar 2020 18:32:07 |
kwm |
Document librsvg2 vulnabilities.
Security: CVE-2019-20446 |
1.1_4 02 Mar 2020 08:56:46 |
0mp |
Document some audio/timidity++* vulnerabilities
PR: 244429
Reported by: pi
Security: CVE-2017-11546
Security: CVE-2017-11547
Security: CVE-2017-11549 |
1.1_4 29 Feb 2020 09:59:14 |
mfechner |
Document apache-solr vulnerabilities. |
1.1_4 27 Feb 2020 10:23:33 |
fluffy |
security/vuxml: fix vuxml entries for OpenSMTPd, remove duplicates with wrong
version and missed description
Approved by: ports-secteam (miwi) |
1.1_4 25 Feb 2020 03:07:17 |
fluffy |
Document OpenSMTPd vulnerability
LPE and RCE in OpenSMTPD's default install
Security: CVE-2020-8793, CVE-2020-8794 |
1.1_4 24 Feb 2020 21:15:43 |
cs |
CVE-2020-8794
Security: CVE-2020-8794 |
1.1_4 24 Feb 2020 21:11:35 |
cs |
CVE-2020-8793
Security: CVE-2020-8793 |
1.1_4 24 Feb 2020 17:21:37 |
tijl |
Document Mbed TLS vulnerabilities 2019-12 and 2020-02.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 |
1.1_4 23 Feb 2020 08:58:20 |
tcberner |
vuxml: correct range for avidemux2
- avidemux2 version 2.6.12 switched to ffmpeg 2.7.6 |
1.1_4 23 Feb 2020 05:02:29 |
cy |
Post 93v ksh is only affected by the code injection vulnerability. |
1.1_4 21 Feb 2020 18:46:23 |
brnrd |
security/vuxml: Document latest WeeChat vulns |
1.1_4 19 Feb 2020 18:06:45 |
kwm |
Document webkit2-gtk3 vulnabilities |
1.1_4 14 Feb 2020 01:16:13 |
philip |
security/vuxml: Add January FreeBSD SAs
SA-20:01.libfetch
SA-20:02.ipsec
SA-20:03.thrmisc
PR: 243702
Submitted by: Miroslav Lachman <000.fbsd@quip.cz> |
1.1_4 13 Feb 2020 21:41:47 |
mfechner |
Document gitlab vulnerability. |
1.1_4 13 Feb 2020 00:18:20 |
ler |
security/vuxml: dovecot vulnerabilities |
1.1_4 12 Feb 2020 16:18:46 |
cem |
security/vuxml: Document sysutils/grub2-bhyve escalations
Mitigated in r525916.
admbugs: 948
Reported by: Reno Robert <renorobert AT gmail.com>
Approved by: bapt
MFH: 2020Q1 (bapt) |
1.1_4 12 Feb 2020 00:19:38 |
dbaio |
security/vuxml: Document graphics/libexif issue
PR: 244060
Reported by: tj@mrsk.me (email)
Security: CVE-2019-9278 |
1.1_4 11 Feb 2020 15:13:47 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-06.html |
1.1_4 11 Feb 2020 08:53:51 |
joneum |
Fix entry for NGINX
Sponsored by: Netzkommune GmbH |
1.1_4 10 Feb 2020 17:42:47 |
joneum |
Fix NGINX entry
Sponsored by: Netzkommune GmbH |
1.1_4 09 Feb 2020 11:10:36 |
joneum |
Add entry for nginx
PR: 243952
Sponsored by: Netzkommune GmbH |
1.1_4 07 Feb 2020 19:38:45 |
cy |
Document ksh93 CVE-2019-14868: certain environment variables interpreted
as arithmetic expressions on startup, leading to code injection.
Reported by: Siteshwar Vashisht <svashisht@redhat.com>
MFH: 2020Q1
Security: CVE-2019-14868
https://bugzilla.redhat.com/show_bug.cgi?id=1757324
https://access.redhat.com/security/cve/CVE-2019-14868 |
1.1_4 06 Feb 2020 21:02:19 |
pi |
security/vuxml: Document Denial-of-Service vulnerability in ClamAV
- CVE-2020-3123
PR: 243913
Submitted by: Yasuhiro KIMURA <yasu@utahime.org> |
1.1_4 04 Feb 2020 18:17:29 |
sunpoet |
Document Django vulnerability |
1.1_4 02 Feb 2020 20:14:40 |
brnrd |
security/vuxml: Properly document MariaDB vuln
PR: 243660
Reported by: <ari ish com au> |
1.1_4 02 Feb 2020 07:20:49 |
woodsb02 |
Fix typo in SpamAssassin vuxml entry from 2020-01-31 |
1.1_4 02 Feb 2020 07:15:44 |
woodsb02 |
vuxml: Add entry for libssh CVE-2019-14889
Security: CVE-2019-14889 |
1.1_4 31 Jan 2020 20:22:22 |
cy |
Remove my older entry for CVE-2020-1931. The subequent entry by
zeising@ is better.
Whitespace adjustment. |
1.1_4 31 Jan 2020 16:02:45 |
zeising |
vuxml: Add entries for spamassasin vulnerabilities. |
1.1_4 31 Jan 2020 14:00:22 |
cy |
Document sudo CVE-2019-18634:
Buffer overflow when pwfeedback is set in sudoers.
Security: CVE-2019-18634 |
1.1_4 31 Jan 2020 10:09:57 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 30 Jan 2020 13:51:14 |
cy |
Document:
[CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration
(.cf) files can be configured to run system commands with warnings
Security: CVE-2020-1931
Security: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/\
build/announcements/3.4.4.txt
Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931 |
1.1_4 30 Jan 2020 06:25:48 |
fluffy |
Document mail/opensmtpd LPE and RCE vulnerabilities
PR: 243686
Security: CVE-2020-7247 |
1.1_4 29 Jan 2020 15:29:30 |
lwhsu |
Document Jenkins Security Advisory 2020-01-29
Sponsored by: The FreeBSD Foundation |
1.1_4 29 Jan 2020 13:23:59 |
bapt |
Document libfetch vulnerability which affects pkg. |
1.1_4 27 Jan 2020 01:38:10 |
timur |
Add an entry about CVE-2019-14902, CVE-2019-14907, CVE-2019-19344
vulnerabilities in the Samba 4.1[01] versions.
Security: CVE-2019-14902
CVE-2019-14907
CVE-2019-19344 |
1.1_4 26 Jan 2020 17:51:44 |
kwm |
Document webkit-gtk3 vulnabilities. |
1.1_4 24 Jan 2020 22:20:00 |
kai |
security/vuxml: Document graphics/py-pillow issues
PR: 243336
Security: CVE-2019-19911
CVE-2020-5310
CVE-2020-5311
CVE-2020-5312
CVE-2020-5313 |
1.1_4 20 Jan 2020 11:07:29 |
joneum |
Add entry for www/gitea
PR: 243437
Reported by: stb@lassitu.de
Sponsored by: Netzkommune GmbH |
1.1_4 15 Jan 2020 20:23:39 |
brnrd |
security/vuxml: Document 2020Q1 Oracle MySQL Vulns |
1.1_4 15 Jan 2020 13:54:43 |
zeising |
vuxml: Document recent intel GPU vulnerability |
1.1_4 14 Jan 2020 13:57:11 |
adamw |
VuXML: Add entry for p5-Template-Toolkit directory traversal bug |
1.1_4 14 Jan 2020 07:28:53 |
mfechner |
Document gitlab vulnerability. |
1.1_4 11 Jan 2020 18:32:15 |
mandree |
mark e2fsprogs vulnerable, CVE-2019-5188
Security: 8b61308b-322a-11ea-b34b-1de6fb24355d
Security: CVE-2019-5188 |
1.1_4 11 Jan 2020 08:19:40 |
mfechner |
Document phpMyAdmin vulnerability. |
1.1_4 06 Jan 2020 17:27:47 |
kai |
security/vuxml: Document net-mgmt/cacti issues
PR: 242834
Submitted by: Michael Muenz <m.muenz@gmail.com> (based on)
Security: CVE-2019-17357
CVE-2019-17358 |
1.1_4 03 Jan 2020 09:18:21 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 29 Dec 2019 12:58:29 |
sunpoet |
Document rubygem-rack vulnerability |
1.1_4 29 Dec 2019 12:11:09 |
mandree |
Document graphics/ilmbase graphics/openexr vulnerabilities.
Security: e4d9dffb-2a32-11ea-9693-e1b3f6feec79
Security: CVE-2018-18443
Security: CVE-2018-18444 |
1.1_4 26 Dec 2019 10:03:18 |
joneum |
Add entry for wordpress
Sponsored by: Netzkommune GmbH |
1.1_4 25 Dec 2019 12:25:56 |
joneum |
Add entry for typo3
PR: 242707 242708
Sponsored by: Netzkommune GmbH |
1.1_4 21 Dec 2019 11:04:12 |
mandree |
Add vulnerability of e2fsprogs quota code < 1.45.4
Security: ad3451b9-23e0-11ea-8b36-f1925a339a82
Security: CVE-2019-5094 |
1.1_4 21 Dec 2019 02:36:58 |
acm |
- Re-add py-matrix-synapse entry |
1.1_4 21 Dec 2019 02:28:27 |
acm |
- Add drupal[78] entry |
1.1_4 20 Dec 2019 21:05:44 |
decke |
Document py-matrix-synapse vulnerabilities
PR: 242702
Submitted by: Sascha Biberhofer <ports@skyforge.at> |
1.1_4 20 Dec 2019 15:04:42 |
brnrd |
security/vuxml: Document OpenSSL 1.0.2 vuln |
1.1_4 13 Dec 2019 20:34:37 |
swills |
Fix typo
PR: 242627
Submitted by: lightside <lightside@gmx.com> |
1.1_4 13 Dec 2019 20:03:39 |
cy |
Document two new spamassassin 3.4.2 vulnerabilities.
CVE-2019-12420 for Multipart Denial of Service Vulnerability
CVE-2018-11805 for nefarious CF files can be configured to run system
commands without any output or errors. |
1.1_4 13 Dec 2019 16:11:07 |
timur |
Add entry for Samba4 CVE-2019-14861 and CVE-2019-14870
Security: CVE-2019-14861
CVE-2019-14870 |
1.1_4 13 Dec 2019 14:40:53 |
ler |
security/vuxml: dovecot vulnerability |
1.1_4 10 Dec 2019 21:06:04 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 10 Dec 2019 17:16:26 |
sunpoet |
Update libidn2 vulnerability
Reported by: Stephen Wall <stephen.wall@redcom.com>, jkim |
1.1_4 09 Dec 2019 20:54:17 |
tijl |
Document Ghostscript vulnerabilities.
Security: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817 |
1.1_4 06 Dec 2019 20:22:53 |
joneum |
Add entry for phpmyadmin
Sponsored by: Netzkommune GmbH |
1.1_4 04 Dec 2019 20:32:39 |
zeising |
vuxml: Add drm-fbsd11.2-kmod to drm vulnerability
Add drm-fbsd11.2-kmod to the list of packages vulnerable to the
drm graphics drivers -- Local privilege escalation and denial of serivce
entry. |
1.1_4 03 Dec 2019 03:04:35 |
wen |
- Document Django multiple vulnerabilities |