Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_3 22 Sep 2016 12:51:09 |
feld |
Update range of vulnerable irssi versions |
1.1_3 22 Sep 2016 12:17:04 |
brnrd |
security/vuxml: Add new OpenSSL 1.0.2 and 1.1.0 vulnerabilities
- 2016-09-22 security advisory |
1.1_3 21 Sep 2016 21:03:46 |
feld |
Document that chinese/irssi is vulnerable as well |
1.1_3 21 Sep 2016 20:59:52 |
feld |
Document irssi vulnerabilities
PR: 212888
Security: CVE-2016-7044
Security: CVE-2016-7045 |
1.1_3 20 Sep 2016 17:01:30 |
jbeich |
Document recent Firefox vulnerabilities |
1.1_3 18 Sep 2016 14:17:58 |
brnrd |
security/vuxml: Fix curl version ranges |
1.1_3 16 Sep 2016 20:16:04 |
rene |
Document new vulnerabilities in www/chromium < 53.0.2785.113
Obtained
from: https://googlechromereleases.blogspot.nl/2016/09/stable-channel-update-for-desktop_13.html |
1.1_3 16 Sep 2016 16:17:48 |
riggs |
Document CVE 2016-6662: zero-day remote vulnerability in mysql ports
PR: 212612
Submitted by: mokhi64@gmail.com (mysql57-* maintainer)
Reported by: rootservice@gmail.com
Security: CVE 2016-6662 |
1.1_3 15 Sep 2016 07:46:55 |
matthew |
Document security problems in dropbear
PR: 212699
Submitted by: pkubaj@anongoth.pl |
1.1_3 14 Sep 2016 09:31:35 |
brnrd |
security/vuxml: Document www/h2o vulnerability
PR: 211892
Submitted by: Dave Cottlehuber <dch@skunkwerks.at> (maintainer)
Reviewed by: brnrd
MFH: 2016Q3
Security: 08664d42-7989-11e6-b7a8-74d02b9a84d5 |
1.1_3 14 Sep 2016 07:28:07 |
brnrd |
ftp/curl: Document integer overflow vuln |
1.1_3 13 Sep 2016 19:10:33 |
rene |
Add vulnerabilities for www/chromium < 53.0.2785.92
Obtained
from: https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop_31.html |
1.1_3 13 Sep 2016 17:59:22 |
rene |
Belatedly add vulnerabilities for www/chromium < 52.0.2743.116
Obtained
from: https://googlechromereleases.blogspot.nl/2016/08/stable-channel-update-for-desktop.html |
1.1_3 13 Sep 2016 08:05:42 |
delphij |
Document MySQL root code execution vulnerability. |
1.1_3 12 Sep 2016 20:22:00 |
gjb |
Fix build.
Sponsored by: The FreeBSD Foundation |
1.1_3 12 Sep 2016 20:05:47 |
johans |
Document WolfSSL vulnerabilities (< 3.6.8)
PR: 205936
Submitted by: Christoph Moench-Tegeder |
1.1_3 09 Sep 2016 13:31:30 |
tijl |
Add entry for GNUTLS-SA-2016-3. |
1.1_3 09 Sep 2016 11:02:05 |
cmt |
document mozilla vulnerabilities (<48, <45.3esr)
PR: 212463
Approved by: jbeich (maintainer), rene (mentor) |
1.1_3 08 Sep 2016 20:52:39 |
madpilot |
Document asterisk vulnerabilities. |
1.1_3 06 Sep 2016 17:08:31 |
tijl |
- Add linux-*-tiff information to existing tiff vulnerabilities.
- Like r419692, cancel a gif2tiff vulnerability that upstream marked
WONTFIX: http://bugzilla.maptools.org/show_bug.cgi?id=2536
PR: 211552 |
1.1_3 06 Sep 2016 14:22:55 |
feld |
Document vulnerability in irc/inspircd
No CVEs have been assigned at this time. |
1.1_3 06 Sep 2016 08:37:04 |
mandree |
Add CVE-2016-7123 for resolved mailman CSRF.
PR: 212378
Reported by: Sevan Janiyan
Security: CVE-2016-7123
Security: 9e50dcc3-740b-11e6-94a2-080027ef73ec |
1.1_3 05 Sep 2016 21:40:38 |
tijl |
Fix the version range for a linux-c6-nss vulnerability.
PR: 208385 |
1.1_3 01 Sep 2016 20:27:24 |
gjb |
Fix build.
Sponsored by: The FreeBSD Foundation |
1.1_3 01 Sep 2016 20:21:00 |
bdrewery |
Document OpenSSH CVE-2015-8325 and CVE-2016-6210 fixed in OpenSSH 7.3p1.
PR: 212275
Reported by: <Sevan Janiyan> venture37@geeklan.co.uk
Security: CVE-2015-8325
Security: CVE-2016-6210 |
1.1_3 29 Aug 2016 19:00:37 |
mandree |
Document mailman < 2.1.23 CVE-2016-6893, insufficient CSRF protection. |
1.1_3 28 Aug 2016 17:53:49 |
kwm |
Document libxml2 vulnabilities. |
1.1_3 27 Aug 2016 19:20:16 |
tcberner |
Document kdelibs KArchive directory traversal vulnerability.
Approved by: rakuco (mentor)
Security: CVE-2016-6232 |
1.1_3 22 Aug 2016 17:20:59 |
kwm |
Docuement eog out of bounds write.
Security: CVE-2016-6855 |
1.1_3 22 Aug 2016 12:20:59 |
mat |
Some more cleanup to Perl vulnerabilities.
Sponsored by: Absolight |
1.1_3 21 Aug 2016 19:12:35 |
kwm |
Document fontconfig insufficiently cache file validation
Security: CVE-2016-5384 |
1.1_3 19 Aug 2016 15:05:35 |
feld |
Fix ruby version range which was missing the important portepoch
Add postgres and mysql to the EoL port list
PR: 211975 |
1.1_3 19 Aug 2016 14:02:11 |
feld |
Fix PKGNAME matching for old ruby in vuxml
PR: 211975 |
1.1_3 19 Aug 2016 13:01:25 |
mat |
Fixup Perl package names in the EoL vuln.
Sponsored by: Absolight |
1.1_3 18 Aug 2016 22:27:48 |
jgh |
unbreak build (validation and tests pass)
Reported by: feld
With hat: ports-secteam |
1.1_3 18 Aug 2016 21:44:35 |
feld |
Add a number of old expired and End of Life ports to vuxml
PR: 211975 |
1.1_3 18 Aug 2016 19:22:47 |
jkim |
Fix CVE name for security/gnupg and security/libgcrypt. There was a typo in
the official release announcement. |
1.1_3 18 Aug 2016 00:41:25 |
kuriyama |
Register recent gnupg1/libgcrypt vuln. |
1.1_3 17 Aug 2016 11:02:43 |
matthew |
Document 26 new security advisories from phpmadmin. Some of these are
described as 'critical'. |
1.1_3 15 Aug 2016 09:26:54 |
mat |
Note where the XSLoader thing is being fixed in Perl 5.18 and 5.20.
Sponsored by: Absolight |
1.1_3 15 Aug 2016 04:18:36 |
koobs |
security/vuxml: Fix/Improve a few entry titles (<topic)
- TeamSpeak 3 Server: Use standard "Product -- Description" title format
- TeamSpeak 3 Server: Include RCE in title so people dont miss it. Importante.
- puppet-agent MCollective: Remove duplicate name in title, use software name
- FreeBSD ntp entry: Fix grammo |
1.1_3 14 Aug 2016 22:19:31 |
pi |
audio/teamspeak3-server: Document remote code execution
PR: 211846
Security: http://seclists.org/fulldisclosure/2016/Aug/61
Submitted by: Ultima1252@gmail.com |
1.1_3 14 Aug 2016 17:12:27 |
junovitch |
Fix PKGNAME for collectd5
PR: 211613 |
1.1_3 14 Aug 2016 08:33:15 |
romain |
Add entry for CVE-2015-7331
mcollective-puppet-agent -- Remote Code Execution in mcollective-puppet-agent
plugin |
1.1_3 13 Aug 2016 21:44:31 |
mat |
Fix the perl5* section for the two recent vuln.
For some reason, perl5-devel was having a wrongly special treatment, and
it was failing to take into account the fact that we've had 5.21 and
5.23 in the tree.
Also, correct the version at which the XSLoader thing was solved in 5.25.
Sponsored by: Absolight |
1.1_3 12 Aug 2016 10:56:12 |
matthew |
The perl5 release candidate versions also address the XSLoader local
arbitrary code execution vulnerability (CVE-2016-6185), as documented
in perldelta(1)
So perl5.22-5.22.3.r2 and perl5.24-5.24.1.r2 are not vulnerable.
I can't confirm if the updates to perl5.18 and perl5.20 also solve the
XSLoader bug or not but by inspection of the source code, I don't
believe that to be the case. |
1.1_3 11 Aug 2016 22:54:01 |
feld |
Correct the syntax for the <freebsdsa> entries.
They should not be prefixed with FreeBSD- |
1.1_3 11 Aug 2016 21:50:02 |
feld |
Correct old vuxml entries for FreeBSD that use <ge>0</ge> or a <ge> without an
<le>
One entry has been cancelled in preference of a much newer entry referring to
the same CVE as it has more detail. |
1.1_3 11 Aug 2016 21:34:00 |
feld |
Add missing FreeBSD SA entries from 2016 to vuxml |
1.1_3 11 Aug 2016 21:27:28 |
feld |
Add missing FreeBSD SA entries from 2015 to vuxml |
1.1_3 11 Aug 2016 21:19:09 |
feld |
Add missing FreeBSD SA entries from 2014 to vuxml |
1.1_3 11 Aug 2016 18:53:51 |
gjb |
Fix vuxml build.
Approved by: ports-secteam (implicit)
Sponsored by: The FreeBSD Foundation |
1.1_3 11 Aug 2016 16:40:21 |
koobs |
security/vuxml: Make PostgreSQL entry more explicit
Be more explicit in the title of the PostgreSQL entry as to the nature
of the vulnerabilities. Remove possibly subjective description of the
severity (minor) from the title, err on the side of allow users to make
the assessment based on their environments instead.
Approved by: feld (ports-secteam) |
1.1_3 11 Aug 2016 15:49:20 |
feld |
Add missing FreeBSD SA to vuxml
Security: SA-14:01.bsnmpd |
1.1_3 11 Aug 2016 14:51:44 |
girgen |
Add security info for upcoming PostgreSQL updates.
Security: CVE-2016-5424, CVE-2016-5423 |
1.1_3 11 Aug 2016 13:33:05 |
mat |
Fixup Perl versions for CVE-2016-1238.
Sponsored by: Absolight |
1.1_3 10 Aug 2016 09:21:41 |
tz |
www/piwik: Document XSS issues
PR: 211590
Security:
https://vuxml.freebsd.org/freebsd/28bf62ef-5e2c-11e6-a15f-00248c0c745d.html
Approved by: pi (mentor) |
1.1_3 10 Aug 2016 01:27:44 |
junovitch |
Document denial of service vector via oversized AXFR, IXFR, or Dynamic DNS
updates in BIND, Knot, NSD, and PowerDNS
Security: CVE-2016-6170
Security: CVE-2016-6171
Security: CVE-2016-6172
Security: CVE-2016-6173
Security: https://vuxml.FreeBSD.org/freebsd/7d08e608-5e95-11e6-b334-002590263bf5.html |
1.1_3 09 Aug 2016 22:25:53 |
feld |
Add missing FreeBSD SA vuxml entries for 2013
Entries that only affected BETA/RC releases were ignored
Security: SA-13:10.sctp
Security: SA-13:09.ip_multicast
Security: SA-13:08.nfsserver |
1.1_3 09 Aug 2016 21:18:18 |
feld |
Change all FreeBSD SA entries in vuxml from <system> to <package> |
1.1_3 09 Aug 2016 21:04:51 |
feld |
Add FreeBSD SA information to recent libarchive vuxml entry
Security: SA-16:22.libarchive
Security: SA-16:23.libarchive |
1.1_3 09 Aug 2016 21:00:05 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-16:17.openssl |
1.1_3 09 Aug 2016 20:57:19 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:16.ntp |
1.1_3 09 Aug 2016 20:53:04 |
feld |
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-16:14.openssh |
1.1_3 09 Aug 2016 20:36:34 |
feld |
Update many historical vuxml entries for FreeBSD with incorrect ranges
PR: 208522 |
1.1_3 09 Aug 2016 19:43:25 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-16:11.openssl |
1.1_3 09 Aug 2016 19:39:28 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:09.ntp |
1.1_3 09 Aug 2016 18:21:05 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Security: SA-16:08.bind |
1.1_3 09 Aug 2016 18:18:42 |
feld |
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-16:07.openssh |
1.1_3 09 Aug 2016 18:14:59 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:02.ntp |
1.1_3 09 Aug 2016 18:12:21 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:27.bind |
1.1_3 09 Aug 2016 18:10:03 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:26.openssl |
1.1_3 09 Aug 2016 18:07:10 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-15:25.ntp |
1.1_3 09 Aug 2016 18:03:49 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Also correct range of affected FreeBSD versions
Security: SA-15:23.bind |
1.1_3 09 Aug 2016 18:01:17 |
feld |
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-15:22.openssh |
1.1_3 09 Aug 2016 17:53:07 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Also correct range of affected FreeBSD versions
Security: SA-15:17.bind |
1.1_3 09 Aug 2016 17:50:08 |
feld |
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-15:16.openssh |
1.1_3 09 Aug 2016 17:35:24 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:11.bind |
1.1_3 09 Aug 2016 17:32:47 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:10.openssl |
1.1_3 09 Aug 2016 17:24:19 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-15:07.ntp |
1.1_3 09 Aug 2016 17:21:54 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:06.openssl |
1.1_3 09 Aug 2016 17:11:15 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:05.bind |
1.1_3 09 Aug 2016 17:08:08 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:01.openssl |
1.1_3 09 Aug 2016 17:04:57 |
feld |
Add FreeBSD SA info to old unbound vuxml entry
Security: SA-14:30.unbound |
1.1_3 09 Aug 2016 17:00:29 |
feld |
Add FreeBSD SA reference to old bind vuxml entry
Security: SA-14:29.bind |
1.1_3 09 Aug 2016 16:53:46 |
feld |
Update another openssl vuxml entry to add FreeBSD SA information
Security: SA-14:23.openssl |
1.1_3 09 Aug 2016 16:48:57 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-14:18.openssl |
1.1_3 09 Aug 2016 16:39:04 |
feld |
Update another old openssl vuxml entry to add FreeBSD SA information
Security: SA-14:10.openssl |
1.1_3 09 Aug 2016 16:36:46 |
feld |
Update old openssl vuxml entry to include <freebsdsa> information and affected
FreeBSD versions |
1.1_3 09 Aug 2016 16:30:58 |
feld |
Add <freebsdsa> to old vuxml entry for openssl
Affected FreeBSD versions were not added as they were all 10.0-RC. |
1.1_3 09 Aug 2016 16:25:23 |
feld |
Correct <date> fields for last commit regarding SA 14:02 |
1.1_3 09 Aug 2016 16:23:35 |
feld |
Add affected FreeBSD versions to vuxml entry for SA-14:02 |
1.1_3 09 Aug 2016 16:13:35 |
feld |
Correct another FreeBSD SA in an old vuxml entry |
1.1_3 09 Aug 2016 16:11:42 |
feld |
Correct FreeBSD SA in old vuxml entry |
1.1_3 08 Aug 2016 15:47:23 |
brd |
Document collectd security advisory.
PR: 211613
Security: CVE-2016-6254 |
1.1_3 08 Aug 2016 09:58:15 |
brnrd |
security/vuxml: Add versions for lates MariaDB vulns
PR: 211274 |
1.1_3 06 Aug 2016 01:57:51 |
junovitch |
Document multiple security advisories for Moodle (MSA-16-0019 - MSA-16-0021)
Security: CVE-2016-5012
Security: CVE-2016-5013
Security: CVE-2016-5014
Security: https://vuxml.FreeBSD.org/freebsd/3ddcb42b-5b78-11e6-b334-002590263bf5.html |
1.1_3 06 Aug 2016 00:45:22 |
junovitch |
Document BIND security advisory
Security: CVE-2016-2775
Security: https://vuxml.FreeBSD.org/freebsd/7a31e0de-5b6d-11e6-b334-002590263bf5.html |
1.1_3 06 Aug 2016 00:24:00 |
junovitch |
Document wnpa-sec-2016-41 through wnpa-sec-2016-49 for issues fixed in
Wireshark 2.0.5
Security: CVE-2016-6505
Security: CVE-2016-6506
Security: CVE-2016-6508
Security: CVE-2016-6509
Security: CVE-2016-6510
Security: CVE-2016-6511
Security: CVE-2016-6512
Security: CVE-2016-6513
Security: https://vuxml.FreeBSD.org/freebsd/610101ea-5b6a-11e6-b334-002590263bf5.html |
1.1_3 05 Aug 2016 17:15:57 |
feld |
Update perl vuxml entries
Perl package names changed somewhat recently, so add more <name> entries
to improve coverage for users on systems with outdated ports/packages
PR: 211561 |