Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_3 30 Apr 2017 21:36:36 |
ler |
security/vuxml: Document dovecot2 vulnerability
PR: 218671
Approved by: adamw (mentor, implicit), ports-secteam (maintainer timeout)
Security: CVE-2017-2669 |
1.1_3 29 Apr 2017 17:33:51 |
brnrd |
security/libressl-devel: Mark vulnerabile 2.5.3 |
1.1_3 28 Apr 2017 09:23:30 |
brnrd |
security/vuxml: Document LibreSSL vulnerability
- CVE-2017-8301 TLS verification vulnerability |
1.1_3 27 Apr 2017 03:41:04 |
lwhsu |
Document Jenkins Security Advisory 2017-04-26 |
1.1_3 25 Apr 2017 02:34:59 |
junovitch |
Document security issues fixed in CodeIgniter 3.1.4
Security: https://vuxml.FreeBSD.org/freebsd/df0144fb-295e-11e7-970f-002590263bf5.html |
1.1_3 24 Apr 2017 20:12:59 |
brnrd |
security/vuxml: Document weechat vulnerability
PR: 218852
Submitted by: Jochen Neumeister <joneum@bsdproject.de> |
1.1_3 24 Apr 2017 10:40:58 |
mat |
and make validate for something I did not do.
Pointy hat: acm
Sponsored by: Absolight |
1.1_3 24 Apr 2017 10:37:24 |
mat |
I'm stupid.
Pointy hat: mat
Sponsored by: Absolight |
1.1_3 24 Apr 2017 10:26:59 |
mat |
This was fixed a while ago.
Sponsored by: Absolight |
1.1_3 21 Apr 2017 18:54:31 |
acm |
- Document new vulnerability in www/drupal8 < 8.3.1 |
1.1_3 21 Apr 2017 13:46:50 |
cpm |
Document new vulnerabilities in www/chromium < 58.0.3029.81
Obtained
from: https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html |
1.1_3 20 Apr 2017 18:48:10 |
jkim |
Add a separate entry for linux-c7-graphite2. It is not fixed yet. |
1.1_3 20 Apr 2017 18:43:15 |
jkim |
CVE-2017-5436 was fixed by r438984. |
1.1_3 20 Apr 2017 16:54:19 |
jbeich |
security/vuxml: back out r438981 as I've confused already extracted directory |
1.1_3 20 Apr 2017 16:49:21 |
jbeich |
security/vuxml: icu 59.1 doesn't have the fix |
1.1_3 20 Apr 2017 16:00:09 |
jbeich |
security/vuxml: oops, forgot PORTEPOCH from r418152 |
1.1_3 20 Apr 2017 15:56:03 |
jbeich |
security/vuxml: mark icu < 59.1 as vulnerable |
1.1_3 20 Apr 2017 15:29:21 |
jbeich |
security/vuxml: mark old sndfile/samplerate/tiff as vulnerable |
1.1_3 20 Apr 2017 14:25:23 |
sunpoet |
Document cURL vulnerability |
1.1_3 20 Apr 2017 08:39:53 |
jbeich |
security/vuxml: mark some firefox < 53 bundled deps as vulnerable |
1.1_3 20 Apr 2017 02:24:46 |
jbeich |
security/vuxml: mark firefox < 53 as vulnerable |
1.1_3 19 Apr 2017 19:11:11 |
brnrd |
security/vuxml: Document vulnerabilities from Oracle 2017Q2 update |
1.1_3 13 Apr 2017 10:15:14 |
mat |
Adjust the bind9-devel version it was fixed in.
Sponsored by: Absolight |
1.1_3 13 Apr 2017 03:58:32 |
delphij |
Document BIND multiple vulnerabilities. |
1.1_3 07 Apr 2017 14:26:14 |
kami |
security/vuxml: Add id Tech 3 remote code execution
PR: 217911
Reviewed by: delphij, #ports_secteam
Approved by: delphij, #ports_secteam
Security: CVE-2017-6903
Differential Revision: https://reviews.freebsd.org/D10244 |
1.1_3 06 Apr 2017 13:52:54 |
junovitch |
Document Xen Security Advisory (XSA 212)
Security: CVE-2017-7228
Security: https://vuxml.FreeBSD.org/freebsd/90becf7c-1acf-11e7-970f-002590263bf5.html |
1.1_3 06 Apr 2017 13:37:38 |
junovitch |
Update curl version. Patch backported in 437808 instead of version bump. |
1.1_3 05 Apr 2017 16:47:14 |
brnrd |
security/vuxml: Add missing topic
Reported by: Guido Falsi <madpilot@FreeBSD.org> |
1.1_3 05 Apr 2017 14:34:15 |
brnrd |
security/vuxml: Document curl vulnerability |
1.1_3 04 Apr 2017 18:10:17 |
miwi |
- Document django -- multible vulnerabilities |
1.1_3 04 Apr 2017 16:39:29 |
madpilot |
Document net/asterisk13 vulnerability. |
1.1_3 04 Apr 2017 02:27:15 |
danfe |
- Document recent NVIDIA GPU display driver vulnerabilities
- Spell "NVIDIA UNIX driver" consistently throughout the file
PR: 217341 |
1.1_3 30 Mar 2017 21:43:45 |
cpm |
Document new vulnerabilities in www/chromium < 57.0.2987.133
Obtained
from: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html |
1.1_3 30 Mar 2017 01:58:06 |
junovitch |
Document Xen Security Advisory (XSA 206)
CVE lists none (yet) assigned
While here, fix a typo on my last Xen entry
Security: https://vuxml.FreeBSD.org/freebsd/47873d72-14eb-11e7-970f-002590263bf5.html |
1.1_3 30 Mar 2017 01:47:42 |
junovitch |
Actually, let's refer to the original entries for these hostapd CVEs
Reflect CVE-2016-4476 / VID 967b852b-1e28-11e6-8dd3-002590263bf5 in cancelled
CVE-2015-5314 is in VID 976567f6-05c5-11e6-94fa-002590263bf5
PR: 217906
Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html |
1.1_3 29 Mar 2017 16:47:40 |
matthew |
phpMyAdmin: document PMASA-2017-8 -- bypass restrictions on 'no
password' accounts. |
1.1_3 28 Mar 2017 23:19:48 |
feld |
Document hostapd vulnerabilities
PR: 217906 |
1.1_3 25 Mar 2017 00:01:54 |
timur |
Add entry about Samba vulnerability CVE-2017-2619
Security: CVE-2017-2619 |
1.1_3 23 Mar 2017 01:51:39 |
junovitch |
Document Xen Security Advisory (XSA 211)
Security: CVE-2016-9603
Security: https://vuxml.FreeBSD.org/freebsd/af19ecd0-0f6a-11e7-970f-002590263bf5.html |
1.1_3 22 Mar 2017 19:14:32 |
riggs |
Add CVE ID for recent irssi vulnerability
PR: 217878
Submitted by: dor.bsd@xm0.uk (irssi mainainer) |
1.1_3 22 Mar 2017 03:01:06 |
junovitch |
Update hostapd on two older entries.
Fixes were not backported prior. Recent update is v2.6 as noted in advisory.
Security: CVE-2015-5310
Security: CVE-2015-5315
Security: CVE-2015-5316
Security: CVE-2016-4476
Security: CVE-2016-4477
Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html |
1.1_3 18 Mar 2017 13:57:40 |
riggs |
Document use-after-free vulnerability in irc/irssi
PR: 217878 |
1.1_3 18 Mar 2017 11:00:07 |
brnrd |
security/vuxml: Add DoS vuln for mysql-client
- Fix typo in 5f453b69-abab-4e76-b6e5-2ed0bafcaee3 while here |
1.1_3 18 Mar 2017 09:40:22 |
jbeich |
security/vuxml: mark firefox < 52.0.1 as vulnerable
Note, sandboxing isn't implemented on FreeBSD. |
1.1_3 18 Mar 2017 02:15:27 |
junovitch |
Document Moodle security advisories from January (MSA-17-0001 - MSF-17-0004)
and March releases (details not yet released).
Security: CVE-2017-2576
Security: CVE-2017-2578
Security: CVE-2016-10045
Security: https://vuxml.FreeBSD.org/freebsd/f72d98d1-0b7e-11e7-970f-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/df45b4bd-0b7f-11e7-970f-002590263bf5.html |
1.1_3 18 Mar 2017 01:47:28 |
junovitch |
Fix incorrect PKGNAME in www/tomcat6 entries. It's been tomcat since r238618.
Pointy hat to: junovitch (for most of them) |
1.1_3 17 Mar 2017 15:34:34 |
acm |
- Document multiple vulnerabilities in www/drupal8
Security: CVE-2017-6377
Security: CVE-2017-6379
Security: CVE-2017-6381
Security: 2730c668-0b1c-11e7-8d52-6cf0497db129 |
1.1_3 16 Mar 2017 23:00:08 |
mandree |
Document PuTTY < 0.68 agent forwarding vuln.
Security: CVE-2017-6542
Security: 9b973e97-0a99-11e7-ace7-080027ef73ec |
1.1_3 16 Mar 2017 11:37:14 |
tijl |
Document latest Flash Player vulnerabilities.
Security: https://helpx.adobe.com/security/products/flash-player/apsb17-07.html |
1.1_3 14 Mar 2017 19:47:38 |
gjb |
Attempt to fix vuxml build.
Sponsored by: The FreeBSD Foundation |
1.1_3 14 Mar 2017 19:43:17 |
brnrd |
security/vuxml: modify most recent mariadb entries
- ChangeLog of 10.0.30 and 10.1.22 refer to CVE-2017-3313
Security: 4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf
Security: CVE-2017-3313 |
1.1_3 12 Mar 2017 21:49:19 |
tijl |
Document mbed TLS Security Advisory 2017-01
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01 |
1.1_3 12 Mar 2017 20:18:59 |
cpm |
Document new vulnerabilities in www/chromium < 57.0.2987.98
Obtained
from: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html |
1.1_3 11 Mar 2017 23:24:14 |
eugen |
Document several security defects in the Bouncy Castle Crypto APIs
PR: 215507
Approved by: vsevolod (mentor)
Obtained from: https://www.bouncycastle.org/releasenotes.html
Security:
https://vuxml.FreeBSD.org/freebsd/89cf8cd2-0698-11e7-aa3f-001b216d295b |
1.1_3 11 Mar 2017 21:42:07 |
rakuco |
Add entry for CVE-2016-7787 in x11/kde4-runtime.
Security announcement:
https://www.kde.org/info/security/advisory-20160621-1.txt |
1.1_3 11 Mar 2017 21:09:58 |
rakuco |
Add entry for KTNEF directory traversal issue in deskutils/kdepimlibs4.
There is no CVE assigned at the moment.
More information: https://www.kde.org/info/security/advisory-20170227-1.txt |
1.1_3 11 Mar 2017 10:28:22 |
tcberner |
Adress CVE-2017-6410 in devel/kf5-kio and x11/kdelibs4
Using a malicious PAC file, and then using exfiltration methods in the PAC
function FindProxyForURL() enables the attacker to expose full https URLs.
This is a security issue since https URLs may contain sensitive
information in the URL authentication part (user:password@host), and in the
path and the query (e.g. access tokens).
This attack can be carried out remotely (over the LAN) since proxy settings
allow ``Detect Proxy Configuration Automatically''
This setting uses WPAD to retrieve the PAC file, and an attacker who has access
to the victim's LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP)
and inject his/her own malicious PAC instead of the legitimate one.
Reviewed by: mat, rakuco
Approved by: rakuco (mentor), mat (mentor)
Obtained from: https://marc.info/?l=kde-announce&m=148831226706885&w=2
MFH: 2017Q1
Security: CVE-2017-6410
Differential Revision: https://reviews.freebsd.org/D9908 |
1.1_3 08 Mar 2017 13:19:21 |
tz |
Document wordpress security issues
PR: 217608, 217598
Security:
https://vuxml.FreeBSD.org/freebsd/82752070-0349-11e7-b48d-00e04c1ea73d.html |
1.1_3 07 Mar 2017 18:13:23 |
jbeich |
security/vuxml: mark firefox < 52 as vulnerable |
1.1_3 05 Mar 2017 16:39:13 |
junovitch |
Document security issues fixed in CodeIgniter 3.1.3
Security: https://vuxml.FreeBSD.org/freebsd/71ebbc50-01c1-11e7-ae1b-002590263bf5.html |
1.1_3 05 Mar 2017 16:15:40 |
junovitch |
Fix PORTEPOCH on Chicken VuXML entry; also additional CVE affecting Chicken
PR: 216661
Reported by: sevan, Vitaly Magerya
Security: CVE-2016-9954
Security: https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html |
1.1_3 05 Mar 2017 03:25:10 |
junovitch |
Add missing reference to last commit for ikiwiki vulnerabilities
PR: 216665
Reported by: sevan
Security: CVE-2016-9646
Security: https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html |
1.1_3 05 Mar 2017 03:18:05 |
junovitch |
Document ikiwiki vulnerabilities
PR: 216665
Reported by: sevan
Security: CVE-2016-9645
Security: CVE-2016-10026
Security: CVE-2017-0356
Security: https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/7b35a77a-0151-11e7-ae1b-002590263bf5.html |
1.1_3 28 Feb 2017 18:35:34 |
olivierd |
Document multiple memory failure in potrace
PR: 217347
Reported by: lightside |
1.1_3 26 Feb 2017 08:41:24 |
riggs |
Document buffer overflows in audio/musicpd http output module |
1.1_3 22 Feb 2017 16:34:26 |
tijl |
Add linux-*-openssl to recent openssl vulnerabilities.
Security: https://rhn.redhat.com/errata/RHSA-2017-0286.html |
1.1_3 22 Feb 2017 11:21:27 |
brnrd |
security/vuxml: curl only vulnerable >= 7.52.0 |
1.1_3 22 Feb 2017 11:09:11 |
brnrd |
security/vuxml: Document cURL vulnerability |
1.1_3 22 Feb 2017 04:48:12 |
junovitch |
Document Xen Security Advisory (XSA 209)
Reported by: royger
Security: CVE-2017-2620
Security: https://vuxml.FreeBSD.org/freebsd/8cbd9c08-f8b9-11e6-ae1b-002590263bf5.html |
1.1_3 21 Feb 2017 11:18:11 |
amdmi3 |
Document information disclosure vulnerability on fbsdmon
PR: 217099
Submitted by: asomers |
1.1_3 20 Feb 2017 02:58:24 |
jbeich |
security/vuxml: chase r434427
$ svn ci -F libevent-rename.msg
[...]
svn: E165001: Commit failed (details follow):
svn: E165001: Commit blocked by pre-commit hook (exit code 1) with output:
Commit to security/vuxml/vuln.xml first, and then other files
PR: 216777 |
1.1_3 18 Feb 2017 15:00:23 |
riggs |
Document multiple vulnerabilities in audio/wavpack
PR: 216847
Submitted by: pkubaj@anongoth.pl |
1.1_3 16 Feb 2017 21:40:34 |
madpilot |
Document multiple vulnerabilities in optipng.
PR: 216955
Submitted by: Thomas Hurst <tom@hur.st> (affected port maintainer) |
1.1_3 16 Feb 2017 12:51:20 |
sunpoet |
Complete PKGNAMEPREFIX of py-diffoscope |
1.1_3 16 Feb 2017 12:42:51 |
brnrd |
security/vuxml: Document openssl-devel vulnerability
- While here fix whitespace on 077bbadf-f2f4-11e6-92a7-902b34361349 |
1.1_3 15 Feb 2017 18:38:34 |
emaste |
Document arbitrary file write in diffoscope < 76
Reported by: koobs (via Debian bug report)
Reviewed by: delphij
Approved by: delphij
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D9598 |
1.1_3 12 Feb 2017 12:19:36 |
riggs |
Document heap overflow in multimedia/ffmpeg < 3.2.4 |
1.1_3 11 Feb 2017 11:09:12 |
kwm |
Document gtk-vnc bounds checking vulnabilities
Security: CVE-2017-5884, CVE-2017-5885 |
1.1_3 11 Feb 2017 02:10:57 |
junovitch |
Document Xen Security Advisory (XSA 208)
Reported by: royger
Security: CVE-2017-2615
Security: https://vuxml.FreeBSD.org/freebsd/a73aba9a-effe-11e6-ae1b-002590263bf5.html |
1.1_3 07 Feb 2017 11:43:10 |
tijl |
List all linux package names in latest libtiff vulnerability. |
1.1_3 06 Feb 2017 18:13:40 |
tijl |
Undocument a linux-*-curl vulnerability that has low impact and Red Hat
"will not fix".
Security: https://access.redhat.com/security/cve/CVE-2016-0755 |
1.1_3 06 Feb 2017 18:09:29 |
tijl |
Document libtiff vulnerabilities.
Security: http://simplesystems.org/libtiff/v4.0.7.html |
1.1_3 04 Feb 2017 18:08:47 |
feld |
Document mantis vulnerability
PR: 216662
Security: CVE-2016-6837 |
1.1_3 04 Feb 2017 17:53:21 |
feld |
Document vulnerabilities in guile2
PR: 216663
Security: CVE-2016-8605 CVE-2016-8606 |
1.1_3 04 Feb 2017 17:39:45 |
feld |
Document vulnerabilities in chicken
PR: 216661
Security: CVE-2016-6830 CVE-2016-6831 |
1.1_3 04 Feb 2017 17:31:21 |
feld |
Document libebml vulnerabilities
PR: 216659
Security: CVE-2015-8789
Security: CVE-2015-8790
Security: CVE-2015-8791 |
1.1_3 04 Feb 2017 17:21:09 |
feld |
Document freeimage vulnerability
PR: 216657
Security: CVE-2016-5684 |
1.1_3 02 Feb 2017 22:48:50 |
woodsb02 |
Add additional vulnerability for wordpress 4.7.1 that was initially kept
quiet by the wordpress team [1].
[1]
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
Security: https://vuxml.FreeBSD.org/freebsd/54e50cd9-c1a8-11e6-ae1b-002590263bf5.html |
1.1_3 01 Feb 2017 17:05:28 |
cmt |
document shotwell vulnerability |
1.1_3 01 Feb 2017 16:54:03 |
lwhsu |
Document Jenkins Security Advisory 2017-02-01 |
1.1_3 30 Jan 2017 14:27:04 |
feld |
Fix openssl vuxml entry
PR: 216524 |
1.1_3 29 Jan 2017 03:13:21 |
woodsb02 |
Document Wordpress security issues in 4.7.1.
PR: 216540
PR: 216515
Reported by: Jochen Neumeister <joneum@bsdproject.de>
Reported by: Mikhail Timofeev <9267096@gmail.com>
Security: CVE-2017-5610
Security: CVE-2017-5611
Security: CVE-2017-5612
Security: https://vuxml.FreeBSD.org/freebsd/14ea4458-e5cd-11e6-b56d-38d547003487.html |
1.1_3 27 Jan 2017 22:58:11 |
feld |
Document vulnerability in net-mgmt/nfsen |
1.1_3 26 Jan 2017 17:44:29 |
cpm |
Document new vulnerabilities in www/chromium < 56.0.2924.76
Obtained
from: https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html |
1.1_3 26 Jan 2017 14:44:18 |
brnrd |
security/vuxml: Document new OpenSSL vulnerabilities |
1.1_3 24 Jan 2017 22:50:18 |
jbeich |
security/vuxml: mark Gecko < 51.0/45.7esr as vulnerable |
1.1_3 24 Jan 2017 08:28:53 |
matthew |
Document security vulnerabilities fixed in phpMyAdmin 4.6.6 |
1.1_3 23 Jan 2017 17:53:02 |
swills |
Document nvmupdate security issue
Submitted by: kozlov.sergey.404@gmail.com (maintainer)
Reviewed by: sbruno
Sponsored by: Intel
Differential Revision: https://reviews.freebsd.org/D9121 |
1.1_3 23 Jan 2017 02:36:50 |
junovitch |
Update OpenSSL impacted version
The reference cites 1.0.1u and prior as impacted. security/openssl would
have resolved in r381789. security/openssl-devel would have not have been
impacted as that port had been the newer 1.1.x branch since inception.
Reported by: Thomas Schemme (via email)
Security: CVE-2016-7056
Security: https://vuxml.FreeBSD.org/freebsd/7caebe30-d7f1-11e6-a9a5-b499baebfeaf.html |
1.1_3 20 Jan 2017 02:41:31 |
junovitch |
Include php56 in today's PHP vulnerability
Security: https://vuxml.FreeBSD.org/freebsd/709e025a-de8b-11e6-a9a5-b499baebfeaf.html |