Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_3 21 Jul 2016 14:58:08 |
brnrd |
security/vuxml: Add MySQL vulnerabilities from quarterly update
- Add MariaDB ports
- Add Percona ports
PR: 211248 |
1.1_3 21 Jul 2016 14:23:01 |
feld |
Properly cancel the httpoxy vuxml entry |
1.1_3 20 Jul 2016 12:25:51 |
feld |
Remove HTTPoxy entry in vuxml until a we know if upstream vendors will
patch this so things aren't marked vulnerable forever. |
1.1_3 19 Jul 2016 12:55:43 |
tz |
www/typo3 and www/typo3-lts: Document missing access check in Extbase
PR: 210870, 210871
Security: CVE-2016-5091
Security:
https://vuxml.freebsd.org/freebsd/3caf4e6c-4cef-11e6-a15f-00248c0c745d.html
Approved by: junovitch (mentor) |
1.1_3 19 Jul 2016 06:43:52 |
brnrd |
net/haproxy: Mark vulnerable to httpoxy in vuxml
Security: cf0b5668-4d1b-11e6-b2ec-b499baebfeaf |
1.1_3 18 Jul 2016 20:38:37 |
brnrd |
lang/go: Mark 1.6.3 as NOT vulnerable to httpoxy
- Version 1.6.3 includes fix for "httpoxy" [1]
1: https://groups.google.com/forum/#!topic/golang-announce/7jZDOQ8f8tM
Security: cf0b5668-4d1b-11e6-b2ec-b499baebfeaf
Security: CVE-2016-5386 |
1.1_3 18 Jul 2016 20:15:17 |
brnrd |
www/apache24: Fix httpoxy vulnerability (+2.2)
- Mark new Apache revisions not vulnerable
- Add apache22-mpm-* ports
- Add Apache CVE-number
Security: cf0b5668-4d1b-11e6-b2ec-b499baebfeaf
Security: CVE-2016-5387 |
1.1_3 18 Jul 2016 19:47:27 |
brnrd |
httpoxy: Mark ports as vulnerable
- apache22, apache24, go, go14, php55, php56, php70, python27, python33,
python34, python35, nginx are all vulnerable.
- No new versions fixing the HTTP Proxy header vulnerability |
1.1_3 18 Jul 2016 17:36:43 |
bdrewery |
Fix CVE-2016-0772 entry to not blame only Python 2.7 |
1.1_3 16 Jul 2016 02:26:55 |
junovitch |
Document security issues from ATutor 2.2.1 and 2.2.2 changelog
Security: https://vuxml.FreeBSD.org/freebsd/00cb1469-4afc-11e6-97ea-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/ffa8ca79-4afb-11e6-97ea-002590263bf5.html |
1.1_3 16 Jul 2016 01:08:06 |
junovitch |
Update Drupal SA-CORE-2016-002 with the assigned CVEs
PR: 210317
Security: CVE-2016-6211
Security: CVE-2016-6212
Security: https://vuxml.FreeBSD.org/freebsd/7932548e-3427-11e6-8e82-002590263bf5.html |
1.1_3 16 Jul 2016 00:59:10 |
junovitch |
Document Flash vulnerabilities in Adobe Security Bulletins APSB16-25
Security: CVE-2016-4172
Security: CVE-2016-4173
Security: CVE-2016-4174
Security: CVE-2016-4175
Security: CVE-2016-4176
Security: CVE-2016-4177
Security: CVE-2016-4178
Security: CVE-2016-4179
Security: CVE-2016-4180
Security: CVE-2016-4181
Security: CVE-2016-4182
Security: CVE-2016-4183
Security: CVE-2016-4184 (Only the first 15 lines of the commit message are shown above ) |
1.1_3 15 Jul 2016 17:13:53 |
feld |
Rename vuxml entry, add new detailed reference as primary.
This new reference has much more detailed information. It appears even
the latest version of struts is affected and this may affect many
products using the Apache Commons FileUpload Utility such as Jenkins,
Lucene-Solr, etc. Unfortunately it's difficult to identify which version
of the Apache Commons FileUpload Utility products may have, so this vuxml
may be expanded as more products are successfully identified.
PR: 211105
Security: CVE-2016-3092 |
1.1_3 15 Jul 2016 16:56:01 |
feld |
Package name for jakarta-struts is actually apache-struts
Pointyhat: me
PR: 211105 |
1.1_3 15 Jul 2016 16:54:27 |
feld |
Also add jakara-struts to the vuxml entry for CVE-2016-3092
PR: 211105 |
1.1_3 15 Jul 2016 16:48:51 |
feld |
Document tomcat vulnerability
PR: 211105
Security: CVE-2016-3092 |
1.1_3 15 Jul 2016 16:41:21 |
feld |
Document libreoffice vulnerability
PR: 211111
Security: CVE-2016-4324 |
1.1_3 15 Jul 2016 16:34:00 |
feld |
Update name in vuxml of person who reported CVE-2016-5102 |
1.1_3 15 Jul 2016 16:19:21 |
feld |
Document tiff vulnerabilities
Security: CVE-2016-5102
Security: CVE-2016-5875
Security: CVE-2016-3186
PR: 211113 |
1.1_3 15 Jul 2016 11:23:23 |
rakuco |
Document CVE-2016-2334 and CVE-2016-2335 in archivers/p7zip.
PR: 211114 |
1.1_3 13 Jul 2016 01:26:46 |
timur |
Add information about CVE-2016-2119 vulnerability in Samba suits.
Security: CVE-2016-2119 |
1.1_3 11 Jul 2016 15:31:10 |
tz |
rubygem-ruby-saml: Document XML signature wrapping attack
Security: CVE-2016-5697
Security:
https://vuxml.freebsd.org/freebsd/3fcd52b2-4510-11e6-a15f-00248c0c745d.html
Approved by: junovitch (mentor) |
1.1_3 07 Jul 2016 03:36:50 |
lwhsu |
- Fix affected versions of qemu and qemu-devel
Reviewed by: junovitch |
1.1_3 07 Jul 2016 01:44:23 |
junovitch |
Document remote denial of service in quassel
PR: 209218
Security: CVE-2016-4414
Security: https://vuxml.FreeBSD.org/freebsd/7d64d00c-43e3-11e6-ab34-002590263bf5.html |
1.1_3 05 Jul 2016 17:59:18 |
ohauer |
- document apache24 H2/X509 sec. issue.
The sec. issue is only present if the port was built with
non default settings (experimental H2 feature) and
used in combination with X509 client auth! |
1.1_3 04 Jul 2016 19:02:27 |
junovitch |
Document Xen Security Advisories (XSAs 173, 175, 176, 178, 179, and 180).
XSAs 171, 172, 174, and 181 are not applicable to FreeBSD.
Discussed with: royger
Security: CVE-2014-3672
Security: CVE-2016-3710
Security: CVE-2016-3712
Security: CVE-2016-4963
Security: CVE-2016-4480
Security: CVE-2016-4962
Security: CVE-2016-3960
Security: https://vuxml.FreeBSD.org/freebsd/e800cd4b-4212-11e6-942d-bc5ff45d0f28.html
Security: https://vuxml.FreeBSD.org/freebsd/e6ce6f50-4212-11e6-942d-bc5ff45d0f28.html
Security: https://vuxml.FreeBSD.org/freebsd/e589ae90-4212-11e6-942d-bc5ff45d0f28.html
Security: https://vuxml.FreeBSD.org/freebsd/e43b210a-4212-11e6-942d-bc5ff45d0f28.html
Security: https://vuxml.FreeBSD.org/freebsd/e2fca11b-4212-11e6-942d-bc5ff45d0f28.html
Security: https://vuxml.FreeBSD.org/freebsd/d51ced72-4212-11e6-942d-bc5ff45d0f28.html |
1.1_3 04 Jul 2016 13:40:29 |
junovitch |
Update wnpa-sec-2016-12 through wnpa-sec-2016-18 with CVE assignment for
issues fixed in Wireshark 2.0.2
While here, fix bad copy/paste on upstream URL when the entry was made.
Security: CVE-2016-4415
Security: CVE-2016-4416
Security: CVE-2016-4417
Security: CVE-2016-4418
Security: CVE-2016-4419
Security: CVE-2016-4420
Security: CVE-2016-4421
Secuirty: https://vuxml.FreeBSD.org/freebsd/45117749-df55-11e5-b2bd-002590263bf5.html |
1.1_3 04 Jul 2016 13:32:41 |
junovitch |
Update wnpa-sec-2016-19 through wnpa-sec-2016-27 with CVE assignment for
issues fixed in Wireshark 2.0.3
Security: CVE-2016-4006
Security: CVE-2016-4076
Security: CVE-2016-4077
Security: CVE-2016-4078
Security: CVE-2016-4079
Security: CVE-2016-4080
Security: CVE-2016-4081
Security: CVE-2016-4082
Security: CVE-2016-4083
Security: CVE-2016-4084
Security: https://vuxml.FreeBSD.org/freebsd/7e36c369-10c0-11e6-94fa-002590263bf5.html |
1.1_3 04 Jul 2016 13:25:47 |
junovitch |
Document wnpa-sec-2016-29 through wnpa-sec-2016-37 for issues fixed in
Wireshark 2.0.4
Security: CVE-2016-5350
Security: CVE-2016-5351
Security: CVE-2016-5352
Security: CVE-2016-5353
Security: CVE-2016-5354
Security: CVE-2016-5355
Security: CVE-2016-5356
Security: CVE-2016-5357
Security: CVE-2016-5358
Security: https://vuxml.FreeBSD.org/freebsd/313e9557-41e8-11e6-ab34-002590263bf5.html |
1.1_3 04 Jul 2016 01:46:35 |
junovitch |
Add fixed entries for Python 2.7, 3.4, 3.5 for urllib vulnerability.
Reset 3.3 as unfixed.
PR: 210539
PR: 210541
Reported by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: CVE-2016-5699
Security: https://vuxml.FreeBSD.org/freebsd/a61374fc-3a4d-11e6-a671-60a44ce6887b.html |
1.1_3 03 Jul 2016 23:13:14 |
junovitch |
Update earlier openvswitch entry with version fixed in ports
PR: 208404
Reported by: ohauer
Security: CVE-2016-2074
Security: https://vuxml.FreeBSD.org/freebsd/b53bbf58-257f-11e6-9f4d-20cf30e32f6d.html |
1.1_3 03 Jul 2016 22:57:25 |
junovitch |
Document multiple security advisories for Moodle
Security: CVE-2016-3729
Security: CVE-2016-3731
Security: CVE-2016-3732
Security: CVE-2016-3733
Security: CVE-2016-3734
Security: https://vuxml.FreeBSD.org/freebsd/8656cf5f-4170-11e6-8dfe-002590263bf5.html |
1.1_3 03 Jul 2016 21:21:13 |
feld |
Document icingaweb2 vulnerability |
1.1_3 03 Jul 2016 19:31:27 |
junovitch |
Fix date from r417994 (2016 not 2015) |
1.1_3 03 Jul 2016 19:30:15 |
junovitch |
Document authorization logic vulnerability in Apache Hive
PR: 207173
Security: CVE-2015-7521
Security: https://vuxml.FreeBSD.org/freebsd/a5c204b5-4153-11e6-8dfe-002590263bf5.html |
1.1_3 03 Jul 2016 18:44:39 |
junovitch |
Document SQLite3 tempdir selection vulnerability
PR: 210751
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: CVE-2016-6153
Security: https://vuxml.FreeBSD.org/freebsd/546deeea-3fc6-11e6-a671-60a44ce6887b.html |
1.1_3 03 Jul 2016 09:28:58 |
brnrd |
security/vuxml: Add Python smtplib TLS stripping vuln
PR: 210685
Submitted by: brnrd
Security: CVE-2016-0772
Security: 8d5368ef-40fe-11e6-b2ec-b499baebfeaf |
1.1_3 01 Jul 2016 15:22:47 |
matthew |
Belatedly document 12 security advisories about phpMyAdmin.
Severities range from 'non-critical' to 'severe' |
1.1_3 01 Jul 2016 12:23:45 |
mat |
Add a test target, testing that what the port is supposed to do works.
Sponsored by: Absolight |
1.1_3 01 Jul 2016 12:15:08 |
mat |
Add missing dependency.
Sponsored by: Absolight |
1.1_2 30 Jun 2016 22:55:50 |
feld |
Document haproxy vulnerability
Security: CVE-2016-5360 |
1.1_2 30 Jun 2016 22:47:25 |
feld |
Document libtorrent-rasterbar vulnerability
Security: CVE-2016-5301 |
1.1_2 30 Jun 2016 22:42:05 |
feld |
Modify dnsmasq vuxml entry
The vulnerable version range was not matching correctly for the devel
port. |
1.1_2 30 Jun 2016 22:32:06 |
feld |
Document expat2 vulnerability
Security: CVE-2016-4472 |
1.1_2 30 Jun 2016 22:10:41 |
feld |
Document dnsmasq vulnerability
Security: CVE-2015-8899 |
1.1_2 30 Jun 2016 21:08:43 |
feld |
Document python vulnerability
PR: 210541
Security: CVE-2016-5699 |
1.1_2 30 Jun 2016 20:52:39 |
feld |
Document openssl vulnerability
PR: 210550
Security: CVE-2016-2177 |
1.1_2 26 Jun 2016 18:13:40 |
junovitch |
Document remote denial of service via FileUpload component in Tomcat
PR: 209669 [1]
Reported by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> [1]
Reported by: Roger Marquis <marquis@roble.com>
Security: CVE-2016-3092
Security: https://vuxml.FreeBSD.org/freebsd/cbceeb49-3bc7-11e6-8e82-002590263bf5.html |
1.1_2 25 Jun 2016 23:17:46 |
junovitch |
Document Wordpress vulnerabilities fixed in 4.5.3
PR: 210480 [1]
PR: 210581
Reported by: Mihail Timofeev <9267096@gmail.com> [1]
Security: CVE-2016-5832
Security: CVE-2016-5833
Security: CVE-2016-5834
Security: CVE-2016-5835
Security: CVE-2016-5836
Security: CVE-2016-5837
Security: CVE-2016-5838
Security: CVE-2016-5839
Security: https://vuxml.FreeBSD.org/freebsd/bfcc23b6-3b27-11e6-8e82-002590263bf5.html |
1.1_2 25 Jun 2016 22:18:24 |
junovitch |
Docment security issues fixed in PHP 7.0.8, 5.6.23, and 5.5.37
PR: 210491
PR: 210502
Reported by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Reported by: Philip Jocks <freebsdbugs@filis.org>
Security: CVE-2015-8874
Security: CVE-2016-5766
Security: CVE-2016-5767
Security: CVE-2016-5768
Security: CVE-2016-5769
Security: CVE-2016-5770
Security: CVE-2016-5771
Security: CVE-2016-5772
Security: CVE-2016-5773
Security: https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html |
1.1_2 23 Jun 2016 16:55:18 |
feld |
Fix vuxml
I didn't validate after updating "foo reports:" line
Pointyhat: me |
1.1_2 23 Jun 2016 16:25:47 |
feld |
Document libarchive vulnerabilities
PR: 210493
Security: CVE-2015-8934
Security: CVE-2016-4300
Security: CVE-2016-4301
Security: CVE-2016-4302 |
1.1_2 23 Jun 2016 15:52:40 |
feld |
Add piwik XSS to vuxml
No further information is available. No CVE has been assigned.
PR: 210458 |
1.1_2 21 Jun 2016 08:34:28 |
vd |
Followup to r417190 - all versions of wget<1.18 are affected |
1.1_2 21 Jun 2016 08:16:47 |
vd |
Document ftp/wget's HTTP to FTP redirection file name confusion vulnerability
PR: 210420
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: CVE-2016-4971 |
1.1_2 20 Jun 2016 19:08:32 |
feld |
Update vuxml for libxslt vulnerabilities
These vulnerabilities were previously reported by Google as they bundle
libxslt with Chrome. When we patched Chromium to address these
vulnerabilites it was overlooked that we do not bundle libxslt library
with Chromium, but instead use textproc/libxslt. Chromium users have
continued to be vulnerable to these CVEs as a result. This update fixes
the Chromium CVE entry and adds a separate one for libxslt.
PR: 210298
Security: CVE-2016-1683
Security: CVE-2016-1684 |
1.1_2 19 Jun 2016 09:03:23 |
brnrd |
Update security/libressl vulnerability for quarterly branch
- Mark vulnerable from 2.3.0 up to 2.3.6
- Mark vulnerable below 2.2.9 |
1.1_2 19 Jun 2016 02:57:04 |
junovitch |
Document Flash vulnerabilities in Adobe Security Bulletins APSB16-10,
APSB16-15, APSB16-18
PR: 209592
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,
CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021,
CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,
CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,
CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033,
CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099,
CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103,
CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107,
CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, (Only the first 15 lines of the commit message are shown above ) |
1.1_2 17 Jun 2016 19:44:22 |
feld |
Fix vuxml <cvename> syntax for recent Chrome entry |
1.1_2 17 Jun 2016 19:14:16 |
rene |
Document new vulnerabilities in www/chromium < 51.0.2704.103
Obtained
from: https://googlechromereleases.blogspot.nl/2016/06/stable-channel-update_16.html |
1.1_2 17 Jun 2016 17:03:57 |
rm |
Document integer overflow in python's zipimport module
PR: 210324
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: CVE-2016-5636 |
1.1_2 17 Jun 2016 01:12:31 |
junovitch |
Document Drupal vulnerabilities
PR: 210317
Reported by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: https://www.drupal.org/SA-CORE-2016-002
Security: https://vuxml.FreeBSD.org/freebsd/7932548e-3427-11e6-8e82-002590263bf5.html |
1.1_2 14 Jun 2016 01:48:36 |
junovitch |
Document multiple issues in Botan
PR: 209595
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2015-7827
Security: CVE-2016-2849
Security: https://vuxml.FreeBSD.org/freebsd/ac0900df-31d0-11e6-8e82-002590263bf5.html
Security: CVE-2014-9742
Security: https://vuxml.FreeBSD.org/freebsd/f771880c-31cf-11e6-8e82-002590263bf5.html |
1.1_2 13 Jun 2016 19:21:32 |
feld |
Update vuxml
A backported fix was added to security/openssl |
1.1_2 11 Jun 2016 10:10:56 |
riggs |
Document remote code execution vulnerability in multimedia vlc before 2.2.4 |
1.1_2 10 Jun 2016 01:57:36 |
jbeich |
Chase MFSA typo fix |
1.1_2 10 Jun 2016 01:15:07 |
junovitch |
Document cross-site scripting CVE in Roundcube
PR: 209841
Reported by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: CVE-2016-5103
Security: https://vuxml.FreeBSD.org/freebsd/97e86d10-2ea7-11e6-ae88-002590263bf5.html |
1.1_2 09 Jun 2016 21:03:58 |
brnrd |
Add entry for CVE-2016-2178 OpenSSL vulnerability
Security: CVE-2016-2178 |
1.1_2 09 Jun 2016 03:39:23 |
junovitch |
Fill in <freebsdpr> tag on last entry; I staged it prior to opening the PR
for tracking and forgot to fill it in pre-commit.
PR: 210155 |
1.1_2 09 Jun 2016 03:28:07 |
junovitch |
Document two expat CVEs reported by upstream
PR: 210155
Reported by: Sebastian Pipping <sebastian@pipping.org>
Security: CVE-2012-6702
Security: CVE-2016-5300
Security: https://vuxml.FreeBSD.org/freebsd/c9c252f5-2def-11e6-ae88-002590263bf5.html |
1.1_2 08 Jun 2016 20:32:00 |
bmah |
Add entry for recent iperf3 vulnerability.
Security: d6bbf2d8-2cfc-11e6-800b-080027468580
Sponsored by: ESnet |
1.1_2 07 Jun 2016 16:37:58 |
tijl |
Document GNUTLS-SA-2016-1. |
1.1_2 07 Jun 2016 16:34:07 |
jbeich |
Document recent Firefox vulnerabilities |
1.1_2 06 Jun 2016 22:32:48 |
feld |
Fix cvename entries |
1.1_2 06 Jun 2016 21:08:05 |
rene |
Document new vulnerabilities in www/chromium < 51.0.2704.79
Obtained
from: http://googlechromereleases.blogspot.nl/2016/06/stable-channel-update.html |
1.1_2 05 Jun 2016 18:59:49 |
tijl |
The Expat vulnerability also affects linux-*-expat. |
1.1_2 05 Jun 2016 18:04:11 |
junovitch |
Document OpenAFS vulnerabilities in 1.6.16 and 1.6.17
PR: 209534
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2015-8312
Security: CVE-2016-2860
Security: CVE-2016-4536
Security: https://vuxml.FreeBSD.org/freebsd/2e8fe57e-2b46-11e6-ae88-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/bcbd3fe0-2b46-11e6-ae88-002590263bf5.html |
1.1_2 05 Jun 2016 17:44:15 |
junovitch |
Fixup invalid nginx version from r416222; it needed a PORTEPOCH to be valid.
Add version range valid for backported commit on 1.8 and 1.9 in quarterly.
Security: CVE-2016-4450
Security: https://vuxml.FreeBSD.org/freebsd/36cf7670-2774-11e6-af29-f0def16c5c1b.html |
1.1_2 05 Jun 2016 16:36:59 |
junovitch |
Document ikiwiki XSS vulnerability
PR: 209593
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2016-4561
Security: https://vuxml.FreeBSD.org/freebsd/0297b260-2b3b-11e6-ae88-002590263bf5.html |
1.1_2 01 Jun 2016 22:49:47 |
zi |
- Document vulnerability in www/h2o
PR: 209926
Submitted by: Dave Cottlehuber (maintainer) |
1.1_2 31 May 2016 21:50:59 |
osa |
Fix latest cacti entry.
Found by: make validate
No cookie for: brnrd |
1.1_2 31 May 2016 21:44:52 |
osa |
Add an entry about latest nginx vulnerability. |
1.1_2 31 May 2016 20:00:29 |
brnrd |
security/vuxml: Modify libressl < 2.3.4 range
- Change existing range to >2.3.0 and <2.3.4
- Add <2.2.7 range
- Update modified date
This addresses pkg audit showing LibreSSL 2.2.7 as vulnerable |
1.1_2 29 May 2016 19:01:24 |
pi |
Document security issues fixed in cacti 0.8.8h
PR: 209809
Reported by: Daniel Austin <freebsd-ports@dan.me.uk>
Security: CVE-2016-3659
Security: https://vuxml.FreeBSD.org/freebsd/6167b341-250c-11e6-a6fb-003048f2e514.html |
1.1_2 29 May 2016 09:46:32 |
ohauer |
- document openvswitch CVE-2016-2074
PR: 208404
Submitted by: ohauer |
1.1_2 28 May 2016 10:14:12 |
rene |
Document vulnerabilities in www/chromium:
< 50.0.2661.94
< 50.0.2661.102
< 51.0.2704.63
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_2 28 May 2016 01:40:53 |
junovitch |
Document security issues fixed in PHP 7.0.7, 5.6.22, and 5.5.36
PR: 209779
Reported by: Fabiano Sidler <fabianosidler@swissonline.ch>
Security: CVE-2013-7456
Security: CVE-2016-4343
Security: CVE-2016-5093
Security: CVE-2016-5094
Security: CVE-2016-5096
Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html |
1.1_2 26 May 2016 20:01:01 |
matthew |
Add CVE names for the latest phpMyAdmin advisories, not that they have
been released. |
1.1_2 26 May 2016 06:57:58 |
matthew |
fix typo. |
1.1_2 25 May 2016 21:06:55 |
matthew |
Document two more phpMyAdmin vulnerabilities: PMSA-2016-14 and
PMSA-2016-16.
(For anyone wondering about the suspicious gap in the sequence:
PMSA-2016-15 only affected unreleased code in their git master
development branch) |
1.1_2 24 May 2016 22:32:49 |
bapt |
Add a new keywork xmlcatmgr
It simplifies the handling of the XML and SMGL catalog
It brings a big of consistency by always specifying the catalog path absolute
instead of mixing absolute and relative path.
The keyword is also written a PKG_ROOTDIR friendly to simplify cross installing
Reviewed by: hrs
Differential Revision: https://reviews.freebsd.org/D6539 |
1.1_2 24 May 2016 01:57:31 |
junovitch |
Document security announcement from MediaWiki 1.26.3, 1.25.6, and
1.23.14 release. |
1.1_2 20 May 2016 01:22:31 |
junovitch |
Document wpa_supplicant security advisory 2016-1
PR: 209564
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2016-4477
Security: CVE-2016-4476
Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html |
1.1_2 20 May 2016 01:07:11 |
junovitch |
Document Expat XML Parser crash on malformed input
Security: CVE-2016-0718
Security: https://vuxml.FreeBSD.org/freebsd/57b3aba7-1e25-11e6-8dd3-002590263bf5.html |
1.1_2 17 May 2016 18:32:17 |
ohauer |
- document bugzilla Cross-Site Scripting issue |
1.1_2 14 May 2016 08:46:46 |
mandree |
Mark openvpn-polarssl <v2.3.11 vulnerable, too, not just openvpn.
Security: 0dc8be9e-19af-11e6-8de0-080027ef73ec |
1.1_2 14 May 2016 08:43:48 |
mandree |
Mark OpenVPN before 2.3.11 vulnerable.
v2.3.11 fixed a buffer overrun in PAM authentication,
and a port-share bug with denial-of-service potential. |
1.1_2 13 May 2016 12:51:44 |
feld |
Fix vuxml |
1.1_2 13 May 2016 12:43:03 |
kwm |
Add basic imagemagick entry. |
1.1_2 12 May 2016 03:45:24 |
lwhsu |
Fix affected versions |