| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
29 Jan 2013 20:02:38
  1.1_1
|
delphij  |
Document wordpress multiple vulnerabilities. |
25 Jan 2013 09:37:56
1.1_1
|
cs |
Fix last entry: version 2.3.4 is also affected |
25 Jan 2013 02:08:57
1.1_1
|
wxs |
Fix whitespace in previous commit. |
25 Jan 2013 01:26:37
1.1_1
|
cs |
XSS vulnerability in py-django-cms |
23 Jan 2013 12:52:49
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 24.0.1312.56
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
20 Jan 2013 20:58:13
1.1_1
|
flo |
- update www/drupal6 to 6.28
- update www/drupal7 to 7.19
Security: http://www.vuxml.org/freebsd/1827f213-633e-11e2-8d93-c8600054b392.html
Approved by: portmgr (beat) |
16 Jan 2013 19:16:10
1.1_1
|
rea |
VuXML: add newly-allocated CVE for SQUID-2012:1
New CVE was allocated for the underfixed DoS and added possible
infinite loop in Squid 3.2 and 3.1. |
16 Jan 2013 19:13:32
1.1_1
|
rea |
VuXML: document buffer overflow in ettercap (CVE-2013-0722)
Reviewed by: simon@ |
16 Jan 2013 19:11:43
1.1_1
|
rea |
VuXML: document recent security manager bypass in Java 7.x
Reviewed by: glewis@, simon@ |
16 Jan 2013 07:39:28
1.1_1
|
delphij |
Properly limit the match for PHP 5.3.x and 5.2.x versions.
Noticed by: remko |
15 Jan 2013 22:06:19
1.1_1
|
delphij |
Apply version ranges of php53 and php52 to php5 as well. |
11 Jan 2013 14:11:28
1.1_1
|
zi |
- Fix discovery date on nagios vulnerability (CVE-2012-6096) |
11 Jan 2013 09:53:42
1.1_1
|
rea |
www/squid3x: upgrade to 3.1.23 and 3.2.6
Squid 3.1.23 is effectively Squid 3.1.22_2 with the final fix for
CVE-2012-5643 applied.
Squid 3.2.6 also received that abovementioned fix, but in comparison
with 3.2.5 from ports it has another change that fixes handling the
"tcp_outgoing_tos" directive for BSD-like systems, including FreeBSD,
http://bugs.squid-cache.org/show_bug.cgi?id=3731
VuXML entry for SQUID:2012-1 (aka CVE-2012-5643) was also updated to
reflect the proper version specifications from the updated advisory,
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Approved by: Thomas-Martin Seck <tmseck@web.de>
Security: http://portaudit.freebsd.org/c37de843-488e-11e2-a5c9-0019996bc1f7.html
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid31/3.1.23
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid32/3.2.6 |
11 Jan 2013 01:16:14
1.1_1
|
zi |
- Document vulnerability in net-mgmt/nagios (CVE-2012-6096) |
11 Jan 2013 00:32:48
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 24.0.1312.52
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
09 Jan 2013 23:28:20
1.1_1
|
flo |
- update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2
- update firefox-esr, thunderbird-esr and libxul to 10.0.12
- update linux-seamonkey to 2.15
Security: http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html |
09 Jan 2013 15:03:02
1.1_1
|
sem |
Fix <topic> style: common dash style, remove softvare versions |
09 Jan 2013 03:53:16
1.1_1
|
swills |
- Update rubygem-rails to 3.2.11
- Update ports require by rubygem-rails
- Add vuxml entry for rails security issues
Security: ca5d3272-59e3-11e2-853b-00262d5ed8ee
Security: b4051b52-58fa-11e2-853b-00262d5ed8ee |
08 Jan 2013 23:46:02
1.1_1
|
zi |
- Properly copy namespace attributes/resolve make validate issues
Reviewed by: simon@, eadler@
Approved by: zi (with ports-secteam hat) |
08 Jan 2013 05:18:15
1.1_1
|
lwhsu |
Document Jenkins 2013-01-04 Security Advisory |
06 Jan 2013 20:37:24
1.1_1
|
rea |
VuXML: extend entry for MoinMoin vulnerabilities fixed in 1.9.6
Use more verbose descriptions from CVE entries and trim citation
from CHANGES to the relevant parts. |
06 Jan 2013 18:14:24
1.1_1
|
lwhsu |
Document Django 2012-12-10 vulnerabilty |
06 Jan 2013 13:24:39
1.1_1
|
rea |
VuXML: fix r309982
Use proper tags for CVE identifiers. I should run 'make validate'
_every_ time before committing.
Pointyhat to: rea |
06 Jan 2013 13:10:10
1.1_1
|
rea |
VuXML for MoinMoin issues: add CVE references |
05 Jan 2013 12:54:28
1.1_1
|
crees |
Freetype 2.4.8 vulnerabilities were already documented.
While here, correct pkgname
Noticed by: kwm |
05 Jan 2013 11:29:01
1.1_1
|
crees |
Mark moinmoin vulnerable
Security: http://www.debian.org/security/2012/dsa-2593
document freetype vulnerabilities
Security: CVE-2012-(1126-1144) |
04 Jan 2013 07:30:10
1.1_1
|
erwin |
Bump copyright to 2013. |
03 Jan 2013 19:46:51
1.1_1
|
flo |
Add correct version numbers to the recent asterisk entry
Pointy hat to: flo |
03 Jan 2013 19:41:31
1.1_1
|
flo |
- update net/asterisk to 1.8.19.1
- update net/asterisk10 to 10.11.1
- update net/asterisk11 to 10.1.2
- add vuln.xml entry
Security: f7c87a8a-55d5-11e2-a255-c8600054b392 |
02 Jan 2013 12:28:47
1.1_1
|
crees |
Note charybdis and ircd-ratbox vulnerabilities
PR: ports/174878
Security: http://www.ratbox.org/ASA-2012-12-31.txt |
30 Dec 2012 23:13:04
1.1_1
|
anders |
Separate entries for Puppet 2.6 and 2.7. |
30 Dec 2012 20:10:42
1.1_1
|
cs |
Add OTRS vulnerabilities |
29 Dec 2012 19:53:47
1.1_1
|
rea |
VuXML entries for Tomcat: split into three distinct ones
They affect different Tomcat versions from 7.x branch, so don't let
users of VuXML be fooled on the affected software for each vulnerability.
Feature safe: yes |
28 Dec 2012 18:17:22
1.1_1
|
rea |
VuXML: add entry for DoS in Squid's cachemgr.cgi
Feature safe: yes
Submitted by: Thomas-Martin Seck <tmseck@web.de> |
18 Dec 2012 16:34:14
1.1_1
|
bdrewery |
Remove invalid entry |
18 Dec 2012 16:28:57
1.1_1
|
dinoex |
- add entry for opera 12.11 |
14 Dec 2012 09:09:16
1.1_1
|
delphij |
Fix typo.
Noticed by: mandree |
14 Dec 2012 03:51:08
1.1_1
|
jgh |
- add url block in references for 1657a3e6-4585-11e2-a396-10bf48230856 |
14 Dec 2012 00:41:42
1.1_1
|
delphij |
Update linux-f10-flashpulgin11 to 11.2r202.258 to address multiple
vulnerabilities that could cause a crash and potentially allow an
attacker to take control of the affected system.
Submitted by: Tsurutani Naoki <turutani scphys kyoto-u ac jp> |
12 Dec 2012 11:33:17
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 23.0.1271.97
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
05 Dec 2012 23:52:36
1.1_1
|
zi |
- Fix recent vulnerability entry for www/tomcat[67]
Reported by: Victor Balada Diaz <victor@bsdes.net>
Feature safe: yes |
05 Dec 2012 18:47:24
1.1_1
|
zi |
- Document recent vulnerabilities in www/tomcat6 and www/tomcat7
Requested by: Victor Balada Diaz <victor@bsdes.net>
Feature safe: yes |
05 Dec 2012 07:46:03
1.1_1
|
erwin |
Update to the latest patch level from ISC:
BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
vulnerable to a software defect that allows a crafted query to
crash the server with a REQUIRE assertion failure. Remote
exploitation of this defect can be achieved without extensive
effort, resulting in a denial-of-service (DoS) vector against
affected servers.
Security: 2892a8e2-3d68-11e2-8e01-0800273fe665
CVE-2012-5688
Feature safe: yes |
03 Dec 2012 22:49:43
1.1_1
|
mandree |
Add URL for recent bogofilter heap vuln', CVE-2012-5468, aka. vuln vid=
f524d8e0-3d83-11e2-807a-080027ef73ec
Feature safe: yes |
03 Dec 2012 20:16:21
1.1_1
|
mandree |
Update bogofilter to new upstream release 1.2.3.
Security update to fix a heap corruption bug with invalid base64 input,
reported and fixed by Julius Plenz, FU Berlin, Germany.
Feature safe: yes
Security: CVE-2012-5468
Security: f524d8e0-3d83-11e2-807a-080027ef73ec |
30 Nov 2012 09:13:32
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 23.0.1271.95
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
29 Nov 2012 20:33:20
1.1_1
|
ohauer |
www/yahoo-ui
- fix CVE-2012-5881
security/vuxml
- adjust version (we have only 2.8.2 in the tree)
Feature safe: yes
Approved by: glarkin (maintainer) explicit |
28 Nov 2012 14:37:24
1.1_1
|
wxs |
Fix date in yahoo-ui entry.
Noticed by: dvl@
Feature safe: yes |
27 Nov 2012 20:09:35
1.1_1
|
ohauer |
- document www/yahoo-ui security issue and mark port forbidden [1]
pet portlint (maintainer is already notified)
- adjust CVE entries for bugzilla (CVE-2012-5475 was rejected) [2]
Feature safe: yes
Security: CVE-2012-5881 [1][2]
CVE-2012-5882 [1][2]
CVE-2012-5883 [2]
Approved by: glarkin (implicit) [1] |
27 Nov 2012 10:02:25
1.1_1
|
rene |
Describe new vulnerabilities in www/chromium < 23.0.1271.91
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
25 Nov 2012 15:42:23
1.1_1
|
flo |
- Update backports patch to 20121114
- Bump PORTREVISION
Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function
Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len
- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer (Only the first 15 lines of the commit message are shown above  ) |
25 Nov 2012 04:02:29
1.1_1
|
wxs |
Add entries for the following advisories:
FreeBSD-SA-12:08.linux
FreeBSD-SA-12:07.hostapd
FreeBSD-SA-12:06.bind
Feature safe: yes |
22 Nov 2012 20:27:45
1.1_1
|
dinoex |
- opera -- execution of arbitrary code
Feature safe: yes |
21 Nov 2012 14:35:31
1.1_1
|
mm |
Document new vulnerability in www/lighttpd 1.4.31
Feature safe: yes |
20 Nov 2012 23:01:15
1.1_1
|
flo |
- Update firefox and thunderbird to 17.0
- Update seamonkey to 2.14
- Update ESR ports and libxul to 10.0.11
- support more h264 codecs when using GSTREAMER with YouTube
- Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024 [1]
- Buildsystem is not python 3 aware, use python up to 2.7 [2]
PR: ports/173679 [1]
Submitted by: swills [1], demon [2]
In collaboration with: Jan Beich <jbeich@tormail.org>
Security: d23119df-335d-11e2-b64c-c8600054b392
Approved by: portmgr (beat)
Feature safe: yes |
18 Nov 2012 12:51:26
1.1_1
|
jase |
- Fix copy and paste error in latest weechat entry
(81826d12-317a-11e2-9186-406186f3d89d)
Feature safe: yes |
18 Nov 2012 12:46:40
1.1_1
|
jase |
- Document new vulnerability in irc/weechat and irc/weechat-devel
Feature safe: yes |
14 Nov 2012 19:29:42
1.1_1
|
ohauer |
- bugzilla security updates to version(s)
3.6.11, 4.0.8, 4.2.4
Summary
=======
The following security issues have been discovered in Bugzilla:
* Confidential product and component names can be disclosed to
unauthorized users if they are used to control the visibility of
a custom field.
* When calling the 'User.get' WebService method with a 'groups'
argument, it is possible to check if the given group names exist
or not. (Only the first 15 lines of the commit message are shown above ) |
13 Nov 2012 18:17:13
1.1_1
|
jase |
- Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c)
- Document assigned CVE Identifier
- Document workaround for vulnerable versions
Feature safe: yes |
12 Nov 2012 21:47:27
1.1_1
|
rene |
Document vulnerabilities in two typo3 components.
Obtained
from: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
Feature safe: yes |
12 Nov 2012 13:07:31
1.1_1
|
madpilot |
Fix typo.
Feature safe: yes |
12 Nov 2012 13:04:37
1.1_1
|
madpilot |
- Update to 2.7.1
- Convert to new options framework
- Document US-CERT VU#268267
- Trim Makefile headers
PR: ports/173226
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> (maintainer)
Feature safe: yes |
10 Nov 2012 15:17:31
1.1_1
|
swills |
- Improve latest ruby entry slightly
Feature safe: yes |
10 Nov 2012 14:45:55
1.1_1
|
jase |
- Modify recent e02c572f-2af0-11e2-bb44-003067b2972c entry
- Add constraints to vulnerable versions
- Add additional references
- Improve topic
- Correct description
Feature safe: yes |
10 Nov 2012 04:55:47
1.1_1
|
eadler |
Apply an upstream patch that fixes a security hole
when receiving a special colored message.
The maintainer was contacted but due to the nature of
the issue apply the patch ASAP.
Approved by: secteam-ports (swills)
Security: e02c572f-2af0-11e2-bb44-003067b2972c
Feature safe: yes |
10 Nov 2012 04:00:41
1.1_1
|
swills |
- Update lang/ruby19 to 1.9.3p327
- Document security issue in earlier versions
Security: 5e647ca3-2aea-11e2-b745-001fd0af1a4c
Feature safe: yes |
09 Nov 2012 23:02:15
1.1_1
|
jgh |
- clarification that ASF reported issue for:
- 152e4c7e-2a2e-11e2-99c7-00a0d181e71d
- 4ca26574-2a2c-11e2-99c7-00a0d181e71d
Feature safe: yes |
09 Nov 2012 19:09:32
1.1_1
|
jgh |
- document tomcat vulnerabilities
Feature safe: yes |
09 Nov 2012 04:31:14
1.1_1
|
eadler |
Update latest version and document security issues
PR: ports/173487
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security: 4b8b748e-2a24-11e2-bb44-003067b2972c
Feature safe: yes |
07 Nov 2012 10:15:19
1.1_1
|
rene |
Document new vulnerabilities in www/chromium < 23.0.1271.64
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
06 Nov 2012 20:45:14
1.1_1
|
crees |
Document opera vulnerabilities
Feature safe: yes |
05 Nov 2012 17:55:45
1.1_1
|
eadler |
Fix minor typo
Feature safe: yes |
05 Nov 2012 17:53:51
1.1_1
|
eadler |
Update latest version and document security issues
PR: ports/172619
Submitted by: tijl
Security: 36533a59-2770-11e2-bb44-003067b2972c
Feature safe: yes |
03 Nov 2012 11:59:52
1.1_1
|
crees |
Correct plural of "vulnerability"
Feature safe: yes |
02 Nov 2012 18:45:32
1.1_1
|
ohauer |
- update apache22 to version 2.22.23
- trim vuxml/Makefile header
with hat apache@
Feature safe: yes
Security: CVE-2012-2687 |
02 Nov 2012 18:08:19
1.1_1
|
olgeni |
Add entry for webmin < 1.600_1 (potential XSS attack).
Feature safe: yes |
02 Nov 2012 03:17:18
1.1_1
|
bdrewery |
- Document ruby vulnerabilities:
* CVE-2012-4464 + CVE-2012-4466
$SAFE escaping vulnerability about Exception#to_s / NameError#to_s
* CVE-2012-4522
Unintentional file creation caused by inserting an illegal NUL character
Reviewed by: eadler
Feature safe: yes |
01 Nov 2012 14:10:55
1.1_1
|
flo |
Update to 3.8.15
Security: 4b738d54-2427-11e2-9817-c8600054b392
Feature safe: yes |
30 Oct 2012 21:01:17
1.1_1
|
rm |
- update to 7.16 [1]
while here:
- trim Makefile header
- remove indefinite article in COMMENT
- remove IGNORE_WITH_PHP and IGNORE_WITH_PGSQL since
we have not this versions in the tree anymore
- fix pkg-plist
- add vuxml entry
PR: 173211
Submitted by: Rick van der Zwet <info at rickvanderzwet dot nl> [1]
Approved by: Nick Hilliard <nick at foobar dot org> (maintainer)
Security: 2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5
Feature safe: yes |
28 Oct 2012 17:03:29
1.1_1
|
flo |
- Update www/firefox{,-i18n} to 16.0.2
- Update seamonkey to 2.13.2
- Update ESR ports and libxul to 10.0.10
- Update nspr to 4.9.3
- Update nss to 3.14
- with GNOMEVFS2 option build its extension, too [1]
- make heap-committed and heap-dirty reporters work in about:memory
- properly mark QT4 as experimental (needs love upstream)
- *miscellaneous cleanups and fixups*
mail/thunderbird will be updated once the tarballs are available.
PR: ports/173052 [1]
Security: 6b3b1b97-207c-11e2-a03f-c8600054b392
Feature safe: yes
In collaboration with: Jan Beich <jbeich@tormail.org> |
26 Oct 2012 08:46:40
1.1_1
|
rea |
mail/exim: upgrade to 4.80.1
This is bugfix-only release, it eliminates remote code execution
in the DKIM code.
Security: http://www.vuxml.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html
QA page: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1
Feature safe: yes |
25 Oct 2012 19:31:50
1.1_1
|
rm |
- add CVE reference (still in reserved state) for recent django vulnerabilty
Feature safe: yes |
25 Oct 2012 10:12:42
1.1_1
|
rm |
- update django ports to 1.3.4 and 1.4.2, that fixing couple of security issues.
All users are encouraged to upgrade immediately.
- add vuxml entry
changes common for both ports:
- trim Makefile header
- strict python version to 2.x only
- utilize options framework multiple choice feature to let user to choose
database backends needed. Make SQLITE option default
- shorten description of HTMLDOCS_DESC to make it fit into dialog screen
- SITELIBDIR -> PKGNAMEPREFIX change in dependencies
- convert NOPORTDOCS condition to optionsng
- tab -> space change in pkg-descr
PR: 173017
Submitted by: rm (myself)
Approved by: lwhsu (maintainer, by mail)
Security: 5f326d75-1db9-11e2-bc8f-d0df9acfd7e5
Feature safe: yes |
22 Oct 2012 02:37:08
1.1_1
|
wxs |
Document multiple wireshark vulnerabilities.
Feature safe: yes |
18 Oct 2012 04:13:28
1.1_1
|
jgh |
- clarify end-user impact for 57652765-18aa-11e2-8382-00a0d181e71d
Suggested by: simon@
Feature safe: yes |
17 Oct 2012 23:47:28
1.1_1
|
jgh |
- document xlockmore issue, 57652765-18aa-11e2-8382-00a0d181e71d, CVE-2012-4524
Feature safe: yes |
17 Oct 2012 17:22:51
1.1_1
|
sem |
- xinetd vulnerability
Feature safe: yes |
16 Oct 2012 14:37:50
1.1_1
|
glarkin |
- Updated ZF advisory to include similar XEE vulnerability
Feature safe: yes |
16 Oct 2012 14:26:07
1.1_1
|
glarkin |
- Document Zend Framework XXE injection vulnerability
Feature safe: yes |
15 Oct 2012 22:31:39
1.1_1
|
eadler |
Update the distinfo as upstream has changed.
I verfied this to be same content as the old version modulo the copyright.
Approved by: secteam (implicit)
Feature safe: yes |
15 Oct 2012 16:31:40
1.1_1
|
eadler |
Add the CVE for the gitolite vuln.
Feature safe: yes |
15 Oct 2012 16:02:13
1.1_1
|
swills |
- Actually commit the VuXML entry
PR: ports/172565
Feature safe: yes
Pointyhat to: swills |
14 Oct 2012 21:05:33
1.1_1
|
matthew |
Document the latest security vulnerabilities for phpMyAdmin.
Fix was already committed to the port 6 days ago.
Feature safe: yes |
14 Oct 2012 15:30:47
1.1_1
|
zi |
- Add in additional package names for recent bind vulnerability
Feature safe: yes |
11 Oct 2012 19:15:12
1.1_1
|
flo |
- update to 16.0.1
- update vuln.xml entry
Feature safe: yes |
10 Oct 2012 22:07:00
1.1_1
|
rene |
Document a new vulnerability in www/chromium < 22.0.1229.94
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
10 Oct 2012 21:13:07
1.1_1
|
flo |
- Update firefox-esr, thunderbird-esr, linux-firefox and linux-thunderbird to
10.0.8
- Update firefox and thunderbird to 16.0
- Update seamonkey to 2.13
- Update all -i18n ports respectively
- switch firefox 16.0 and seamonkey 2.13 to ALSA by default for better
latency during pause and seeking with HTML5 video
- remove fedisableexcept() hacks, obsolete since FreeBSD 4.0
- support system hunspell dictionaries [1]
- unbreak -esr ports with clang3.2 [2]
- unbreak nss build when CC contains full path [3]
- remove GNOME option grouping [4]
- integrate enigmail into thunderbird/seamonkey as an option [5]
- remove mail/enigmail* [6]
- enable ENIGMAIL, LIGHTNING and GIO options by default
- add more reporters in about:memory: page-faults-hard, page-faults-soft, (Only the first 15 lines of the commit message are shown above ) |
10 Oct 2012 11:54:44
1.1_1
|
erwin |
Upgrade to the latest BIND patch level:
A deliberately constructed combination of records could cause named
to hang while populating the additional section of a response.
Security:
http://www.vuxml.org/freebsd/57a700f9-12c0-11e2-9f86-001d923933b6.html |
03 Oct 2012 12:51:12
1.1_1
|
rm |
- correct the range in last entry (le/lt typo) |
03 Oct 2012 12:33:39
1.1_1
|
rm |
- update to 2.8.10
- add vuxml entry
This release fixes SQL injection vulnerability.
PR: 172114
Submitted by: rm (myself)
Approved by: ports-secteam (eadler)
Security: dee44ba9-08ab-11e2-a044-d0df9acfd7e5 |
If you buy from Amazon USA, please support us by using this link.