| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_3
30 Apr 2017 21:36:36
   |
ler  |
security/vuxml: Document dovecot2 vulnerability
PR: 218671
Approved by: adamw (mentor, implicit), ports-secteam (maintainer timeout)
Security: CVE-2017-2669 |
1.1_3
29 Apr 2017 17:33:51
|
brnrd |
security/libressl-devel: Mark vulnerabile 2.5.3 |
1.1_3
28 Apr 2017 09:23:30
|
brnrd |
security/vuxml: Document LibreSSL vulnerability
- CVE-2017-8301 TLS verification vulnerability |
1.1_3
27 Apr 2017 03:41:04
|
lwhsu |
Document Jenkins Security Advisory 2017-04-26 |
1.1_3
25 Apr 2017 02:34:59
|
junovitch |
Document security issues fixed in CodeIgniter 3.1.4
Security: https://vuxml.FreeBSD.org/freebsd/df0144fb-295e-11e7-970f-002590263bf5.html |
1.1_3
24 Apr 2017 20:12:59
|
brnrd |
security/vuxml: Document weechat vulnerability
PR: 218852
Submitted by: Jochen Neumeister <joneum@bsdproject.de> |
1.1_3
24 Apr 2017 10:40:58
|
mat |
and make validate for something I did not do.
Pointy hat: acm
Sponsored by: Absolight |
1.1_3
24 Apr 2017 10:37:24
|
mat |
I'm stupid.
Pointy hat: mat
Sponsored by: Absolight |
1.1_3
24 Apr 2017 10:26:59
|
mat |
This was fixed a while ago.
Sponsored by: Absolight |
1.1_3
21 Apr 2017 18:54:31
|
acm |
- Document new vulnerability in www/drupal8 < 8.3.1 |
1.1_3
21 Apr 2017 13:46:50
|
cpm |
Document new vulnerabilities in www/chromium < 58.0.3029.81
Obtained
from: https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html |
1.1_3
20 Apr 2017 18:48:10
|
jkim |
Add a separate entry for linux-c7-graphite2. It is not fixed yet. |
1.1_3
20 Apr 2017 18:43:15
|
jkim |
CVE-2017-5436 was fixed by r438984. |
1.1_3
20 Apr 2017 16:54:19
|
jbeich |
security/vuxml: back out r438981 as I've confused already extracted directory |
1.1_3
20 Apr 2017 16:49:21
|
jbeich |
security/vuxml: icu 59.1 doesn't have the fix |
1.1_3
20 Apr 2017 16:00:09
|
jbeich |
security/vuxml: oops, forgot PORTEPOCH from r418152 |
1.1_3
20 Apr 2017 15:56:03
|
jbeich |
security/vuxml: mark icu < 59.1 as vulnerable |
1.1_3
20 Apr 2017 15:29:21
|
jbeich |
security/vuxml: mark old sndfile/samplerate/tiff as vulnerable |
1.1_3
20 Apr 2017 14:25:23
|
sunpoet |
Document cURL vulnerability |
1.1_3
20 Apr 2017 08:39:53
|
jbeich |
security/vuxml: mark some firefox < 53 bundled deps as vulnerable |
1.1_3
20 Apr 2017 02:24:46
|
jbeich |
security/vuxml: mark firefox < 53 as vulnerable |
1.1_3
19 Apr 2017 19:11:11
|
brnrd |
security/vuxml: Document vulnerabilities from Oracle 2017Q2 update |
1.1_3
13 Apr 2017 10:15:14
|
mat |
Adjust the bind9-devel version it was fixed in.
Sponsored by: Absolight |
1.1_3
13 Apr 2017 03:58:32
|
delphij |
Document BIND multiple vulnerabilities. |
1.1_3
07 Apr 2017 14:26:14
|
kami |
security/vuxml: Add id Tech 3 remote code execution
PR: 217911
Reviewed by: delphij, #ports_secteam
Approved by: delphij, #ports_secteam
Security: CVE-2017-6903
Differential Revision: https://reviews.freebsd.org/D10244 |
1.1_3
06 Apr 2017 13:52:54
|
junovitch |
Document Xen Security Advisory (XSA 212)
Security: CVE-2017-7228
Security: https://vuxml.FreeBSD.org/freebsd/90becf7c-1acf-11e7-970f-002590263bf5.html |
1.1_3
06 Apr 2017 13:37:38
|
junovitch |
Update curl version. Patch backported in 437808 instead of version bump. |
1.1_3
05 Apr 2017 16:47:14
|
brnrd |
security/vuxml: Add missing topic
Reported by: Guido Falsi <madpilot@FreeBSD.org> |
1.1_3
05 Apr 2017 14:34:15
|
brnrd |
security/vuxml: Document curl vulnerability |
1.1_3
04 Apr 2017 18:10:17
|
miwi |
- Document django -- multible vulnerabilities |
1.1_3
04 Apr 2017 16:39:29
|
madpilot |
Document net/asterisk13 vulnerability. |
1.1_3
04 Apr 2017 02:27:15
|
danfe |
- Document recent NVIDIA GPU display driver vulnerabilities
- Spell "NVIDIA UNIX driver" consistently throughout the file
PR: 217341 |
1.1_3
30 Mar 2017 21:43:45
|
cpm |
Document new vulnerabilities in www/chromium < 57.0.2987.133
Obtained
from: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html |
1.1_3
30 Mar 2017 01:58:06
|
junovitch |
Document Xen Security Advisory (XSA 206)
CVE lists none (yet) assigned
While here, fix a typo on my last Xen entry
Security: https://vuxml.FreeBSD.org/freebsd/47873d72-14eb-11e7-970f-002590263bf5.html |
1.1_3
30 Mar 2017 01:47:42
|
junovitch |
Actually, let's refer to the original entries for these hostapd CVEs
Reflect CVE-2016-4476 / VID 967b852b-1e28-11e6-8dd3-002590263bf5 in cancelled
CVE-2015-5314 is in VID 976567f6-05c5-11e6-94fa-002590263bf5
PR: 217906
Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html |
1.1_3
29 Mar 2017 16:47:40
|
matthew |
phpMyAdmin: document PMASA-2017-8 -- bypass restrictions on 'no
password' accounts. |
1.1_3
28 Mar 2017 23:19:48
|
feld |
Document hostapd vulnerabilities
PR: 217906 |
1.1_3
25 Mar 2017 00:01:54
|
timur |
Add entry about Samba vulnerability CVE-2017-2619
Security: CVE-2017-2619 |
1.1_3
23 Mar 2017 01:51:39
|
junovitch |
Document Xen Security Advisory (XSA 211)
Security: CVE-2016-9603
Security: https://vuxml.FreeBSD.org/freebsd/af19ecd0-0f6a-11e7-970f-002590263bf5.html |
1.1_3
22 Mar 2017 19:14:32
|
riggs |
Add CVE ID for recent irssi vulnerability
PR: 217878
Submitted by: dor.bsd@xm0.uk (irssi mainainer) |
1.1_3
22 Mar 2017 03:01:06
|
junovitch |
Update hostapd on two older entries.
Fixes were not backported prior. Recent update is v2.6 as noted in advisory.
Security: CVE-2015-5310
Security: CVE-2015-5315
Security: CVE-2015-5316
Security: CVE-2016-4476
Security: CVE-2016-4477
Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html |
1.1_3
18 Mar 2017 13:57:40
|
riggs |
Document use-after-free vulnerability in irc/irssi
PR: 217878 |
1.1_3
18 Mar 2017 11:00:07
|
brnrd |
security/vuxml: Add DoS vuln for mysql-client
- Fix typo in 5f453b69-abab-4e76-b6e5-2ed0bafcaee3 while here |
1.1_3
18 Mar 2017 09:40:22
|
jbeich |
security/vuxml: mark firefox < 52.0.1 as vulnerable
Note, sandboxing isn't implemented on FreeBSD. |
1.1_3
18 Mar 2017 02:15:27
|
junovitch |
Document Moodle security advisories from January (MSA-17-0001 - MSF-17-0004)
and March releases (details not yet released).
Security: CVE-2017-2576
Security: CVE-2017-2578
Security: CVE-2016-10045
Security: https://vuxml.FreeBSD.org/freebsd/f72d98d1-0b7e-11e7-970f-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/df45b4bd-0b7f-11e7-970f-002590263bf5.html |
1.1_3
18 Mar 2017 01:47:28
|
junovitch |
Fix incorrect PKGNAME in www/tomcat6 entries. It's been tomcat since r238618.
Pointy hat to: junovitch (for most of them) |
1.1_3
17 Mar 2017 15:34:34
|
acm |
- Document multiple vulnerabilities in www/drupal8
Security: CVE-2017-6377
Security: CVE-2017-6379
Security: CVE-2017-6381
Security: 2730c668-0b1c-11e7-8d52-6cf0497db129 |
1.1_3
16 Mar 2017 23:00:08
|
mandree |
Document PuTTY < 0.68 agent forwarding vuln.
Security: CVE-2017-6542
Security: 9b973e97-0a99-11e7-ace7-080027ef73ec |
1.1_3
16 Mar 2017 11:37:14
|
tijl |
Document latest Flash Player vulnerabilities.
Security: https://helpx.adobe.com/security/products/flash-player/apsb17-07.html |
1.1_3
14 Mar 2017 19:47:38
|
gjb |
Attempt to fix vuxml build.
Sponsored by: The FreeBSD Foundation |
1.1_3
14 Mar 2017 19:43:17
|
brnrd |
security/vuxml: modify most recent mariadb entries
- ChangeLog of 10.0.30 and 10.1.22 refer to CVE-2017-3313
Security: 4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf
Security: CVE-2017-3313 |
1.1_3
12 Mar 2017 21:49:19
|
tijl |
Document mbed TLS Security Advisory 2017-01
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01 |
1.1_3
12 Mar 2017 20:18:59
|
cpm |
Document new vulnerabilities in www/chromium < 57.0.2987.98
Obtained
from: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html |
1.1_3
11 Mar 2017 23:24:14
|
eugen |
Document several security defects in the Bouncy Castle Crypto APIs
PR: 215507
Approved by: vsevolod (mentor)
Obtained from: https://www.bouncycastle.org/releasenotes.html
Security:
https://vuxml.FreeBSD.org/freebsd/89cf8cd2-0698-11e7-aa3f-001b216d295b |
1.1_3
11 Mar 2017 21:42:07
|
rakuco |
Add entry for CVE-2016-7787 in x11/kde4-runtime.
Security announcement:
https://www.kde.org/info/security/advisory-20160621-1.txt |
1.1_3
11 Mar 2017 21:09:58
|
rakuco |
Add entry for KTNEF directory traversal issue in deskutils/kdepimlibs4.
There is no CVE assigned at the moment.
More information: https://www.kde.org/info/security/advisory-20170227-1.txt |
1.1_3
11 Mar 2017 10:28:22
|
tcberner |
Adress CVE-2017-6410 in devel/kf5-kio and x11/kdelibs4
Using a malicious PAC file, and then using exfiltration methods in the PAC
function FindProxyForURL() enables the attacker to expose full https URLs.
This is a security issue since https URLs may contain sensitive
information in the URL authentication part (user:password@host), and in the
path and the query (e.g. access tokens).
This attack can be carried out remotely (over the LAN) since proxy settings
allow ``Detect Proxy Configuration Automatically''
This setting uses WPAD to retrieve the PAC file, and an attacker who has access
to the victim's LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP)
and inject his/her own malicious PAC instead of the legitimate one.
Reviewed by: mat, rakuco
Approved by: rakuco (mentor), mat (mentor)
Obtained from: https://marc.info/?l=kde-announce&m=148831226706885&w=2
MFH: 2017Q1
Security: CVE-2017-6410
Differential Revision: https://reviews.freebsd.org/D9908 |
1.1_3
08 Mar 2017 13:19:21
|
tz |
Document wordpress security issues
PR: 217608, 217598
Security:
https://vuxml.FreeBSD.org/freebsd/82752070-0349-11e7-b48d-00e04c1ea73d.html |
1.1_3
07 Mar 2017 18:13:23
|
jbeich |
security/vuxml: mark firefox < 52 as vulnerable |
1.1_3
05 Mar 2017 16:39:13
|
junovitch |
Document security issues fixed in CodeIgniter 3.1.3
Security: https://vuxml.FreeBSD.org/freebsd/71ebbc50-01c1-11e7-ae1b-002590263bf5.html |
1.1_3
05 Mar 2017 16:15:40
|
junovitch |
Fix PORTEPOCH on Chicken VuXML entry; also additional CVE affecting Chicken
PR: 216661
Reported by: sevan, Vitaly Magerya
Security: CVE-2016-9954
Security: https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html |
1.1_3
05 Mar 2017 03:25:10
|
junovitch |
Add missing reference to last commit for ikiwiki vulnerabilities
PR: 216665
Reported by: sevan
Security: CVE-2016-9646
Security: https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html |
1.1_3
05 Mar 2017 03:18:05
|
junovitch |
Document ikiwiki vulnerabilities
PR: 216665
Reported by: sevan
Security: CVE-2016-9645
Security: CVE-2016-10026
Security: CVE-2017-0356
Security: https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/7b35a77a-0151-11e7-ae1b-002590263bf5.html |
1.1_3
28 Feb 2017 18:35:34
|
olivierd |
Document multiple memory failure in potrace
PR: 217347
Reported by: lightside |
1.1_3
26 Feb 2017 08:41:24
|
riggs |
Document buffer overflows in audio/musicpd http output module |
1.1_3
22 Feb 2017 16:34:26
|
tijl |
Add linux-*-openssl to recent openssl vulnerabilities.
Security: https://rhn.redhat.com/errata/RHSA-2017-0286.html |
1.1_3
22 Feb 2017 11:21:27
|
brnrd |
security/vuxml: curl only vulnerable >= 7.52.0 |
1.1_3
22 Feb 2017 11:09:11
|
brnrd |
security/vuxml: Document cURL vulnerability |
1.1_3
22 Feb 2017 04:48:12
|
junovitch |
Document Xen Security Advisory (XSA 209)
Reported by: royger
Security: CVE-2017-2620
Security: https://vuxml.FreeBSD.org/freebsd/8cbd9c08-f8b9-11e6-ae1b-002590263bf5.html |
1.1_3
21 Feb 2017 11:18:11
|
amdmi3 |
Document information disclosure vulnerability on fbsdmon
PR: 217099
Submitted by: asomers |
1.1_3
20 Feb 2017 02:58:24
|
jbeich |
security/vuxml: chase r434427
$ svn ci -F libevent-rename.msg
[...]
svn: E165001: Commit failed (details follow):
svn: E165001: Commit blocked by pre-commit hook (exit code 1) with output:
Commit to security/vuxml/vuln.xml first, and then other files
PR: 216777 |
1.1_3
18 Feb 2017 15:00:23
|
riggs |
Document multiple vulnerabilities in audio/wavpack
PR: 216847
Submitted by: pkubaj@anongoth.pl |
1.1_3
16 Feb 2017 21:40:34
|
madpilot |
Document multiple vulnerabilities in optipng.
PR: 216955
Submitted by: Thomas Hurst <tom@hur.st> (affected port maintainer) |
1.1_3
16 Feb 2017 12:51:20
|
sunpoet |
Complete PKGNAMEPREFIX of py-diffoscope |
1.1_3
16 Feb 2017 12:42:51
|
brnrd |
security/vuxml: Document openssl-devel vulnerability
- While here fix whitespace on 077bbadf-f2f4-11e6-92a7-902b34361349 |
1.1_3
15 Feb 2017 18:38:34
|
emaste |
Document arbitrary file write in diffoscope < 76
Reported by: koobs (via Debian bug report)
Reviewed by: delphij
Approved by: delphij
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D9598 |
1.1_3
12 Feb 2017 12:19:36
|
riggs |
Document heap overflow in multimedia/ffmpeg < 3.2.4 |
1.1_3
11 Feb 2017 11:09:12
|
kwm |
Document gtk-vnc bounds checking vulnabilities
Security: CVE-2017-5884, CVE-2017-5885 |
1.1_3
11 Feb 2017 02:10:57
|
junovitch |
Document Xen Security Advisory (XSA 208)
Reported by: royger
Security: CVE-2017-2615
Security: https://vuxml.FreeBSD.org/freebsd/a73aba9a-effe-11e6-ae1b-002590263bf5.html |
1.1_3
07 Feb 2017 11:43:10
|
tijl |
List all linux package names in latest libtiff vulnerability. |
1.1_3
06 Feb 2017 18:13:40
|
tijl |
Undocument a linux-*-curl vulnerability that has low impact and Red Hat
"will not fix".
Security: https://access.redhat.com/security/cve/CVE-2016-0755 |
1.1_3
06 Feb 2017 18:09:29
|
tijl |
Document libtiff vulnerabilities.
Security: http://simplesystems.org/libtiff/v4.0.7.html |
1.1_3
04 Feb 2017 18:08:47
|
feld |
Document mantis vulnerability
PR: 216662
Security: CVE-2016-6837 |
1.1_3
04 Feb 2017 17:53:21
|
feld |
Document vulnerabilities in guile2
PR: 216663
Security: CVE-2016-8605 CVE-2016-8606 |
1.1_3
04 Feb 2017 17:39:45
|
feld |
Document vulnerabilities in chicken
PR: 216661
Security: CVE-2016-6830 CVE-2016-6831 |
1.1_3
04 Feb 2017 17:31:21
|
feld |
Document libebml vulnerabilities
PR: 216659
Security: CVE-2015-8789
Security: CVE-2015-8790
Security: CVE-2015-8791 |
1.1_3
04 Feb 2017 17:21:09
|
feld |
Document freeimage vulnerability
PR: 216657
Security: CVE-2016-5684 |
1.1_3
02 Feb 2017 22:48:50
|
woodsb02 |
Add additional vulnerability for wordpress 4.7.1 that was initially kept
quiet by the wordpress team [1].
[1]
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
Security: https://vuxml.FreeBSD.org/freebsd/54e50cd9-c1a8-11e6-ae1b-002590263bf5.html |
1.1_3
01 Feb 2017 17:05:28
|
cmt |
document shotwell vulnerability |
1.1_3
01 Feb 2017 16:54:03
|
lwhsu |
Document Jenkins Security Advisory 2017-02-01 |
1.1_3
30 Jan 2017 14:27:04
|
feld |
Fix openssl vuxml entry
PR: 216524 |
1.1_3
29 Jan 2017 03:13:21
|
woodsb02 |
Document Wordpress security issues in 4.7.1.
PR: 216540
PR: 216515
Reported by: Jochen Neumeister <joneum@bsdproject.de>
Reported by: Mikhail Timofeev <9267096@gmail.com>
Security: CVE-2017-5610
Security: CVE-2017-5611
Security: CVE-2017-5612
Security: https://vuxml.FreeBSD.org/freebsd/14ea4458-e5cd-11e6-b56d-38d547003487.html |
1.1_3
27 Jan 2017 22:58:11
|
feld |
Document vulnerability in net-mgmt/nfsen |
1.1_3
26 Jan 2017 17:44:29
|
cpm |
Document new vulnerabilities in www/chromium < 56.0.2924.76
Obtained
from: https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html |
1.1_3
26 Jan 2017 14:44:18
|
brnrd |
security/vuxml: Document new OpenSSL vulnerabilities |
1.1_3
24 Jan 2017 22:50:18
|
jbeich |
security/vuxml: mark Gecko < 51.0/45.7esr as vulnerable |
1.1_3
24 Jan 2017 08:28:53
|
matthew |
Document security vulnerabilities fixed in phpMyAdmin 4.6.6 |
1.1_3
23 Jan 2017 17:53:02
|
swills |
Document nvmupdate security issue
Submitted by: kozlov.sergey.404@gmail.com (maintainer)
Reviewed by: sbruno
Sponsored by: Intel
Differential Revision: https://reviews.freebsd.org/D9121 |
1.1_3
23 Jan 2017 02:36:50
|
junovitch |
Update OpenSSL impacted version
The reference cites 1.0.1u and prior as impacted. security/openssl would
have resolved in r381789. security/openssl-devel would have not have been
impacted as that port had been the newer 1.1.x branch since inception.
Reported by: Thomas Schemme (via email)
Security: CVE-2016-7056
Security: https://vuxml.FreeBSD.org/freebsd/7caebe30-d7f1-11e6-a9a5-b499baebfeaf.html |
1.1_3
20 Jan 2017 02:41:31
|
junovitch |
Include php56 in today's PHP vulnerability
Security: https://vuxml.FreeBSD.org/freebsd/709e025a-de8b-11e6-a9a5-b499baebfeaf.html |
As an Amazon Associate I earn from qualifying purchases.
