Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_2 26 Feb 2016 16:16:21 |
feld |
Document multimedia/pitivi vulnerability
Security: CVE-2015-0855 |
1.1_2 26 Feb 2016 15:50:41 |
feld |
Document graphics/giflib vulnerability
Security: CVE-2015-7555 |
1.1_2 25 Feb 2016 15:36:20 |
feld |
Document drupal vulnerabilities
PR: 207467
Security: https://www.drupal.org/SA-CORE-2016-001 |
1.1_2 25 Feb 2016 05:25:10 |
lwhsu |
Document Jenkins Security Advisory 2016-02-24 |
1.1_2 24 Feb 2016 20:27:41 |
feld |
vuxml: Update entry for graphics/jasper
These vulnerabilities are resolved in 1.900.1_16
Security: http://www.vuxml.org/freebsd/006e3b7c-d7d7-11e5-b85f-0018fe623f2b.html
Security: http://www.vuxml.org/freebsd/f1692469-45ce-11e5-adde-14dae9d210b8.html |
1.1_2 24 Feb 2016 11:46:09 |
junovitch |
Document squid remote DoS in HTTP response processing
PR: 207454
Reported by: Pavel Timofeev <timp87@gmail.com>
Security: https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html |
1.1_2 21 Feb 2016 15:25:58 |
junovitch |
Document bsh remote code execution vulnerability
PR: 207334
Submitted by: pfg (maintainer)
Security: CVE-2016-2510
Security: https://vuxml.FreeBSD.org/freebsd/9e5bbffc-d8ac-11e5-b2bd-002590263bf5.html |
1.1_2 21 Feb 2016 14:55:47 |
junovitch |
Document libsrtp DoS via crafted RTP header vulnerability
PR: 207003
Reported by: pi
Security: CVE-2015-6360
Security: https://vuxml.FreeBSD.org/freebsd/6171eb07-d8a9-11e5-b2bd-002590263bf5.html |
1.1_2 21 Feb 2016 14:54:03 |
junovitch |
Respace entry so `make validate' passes |
1.1_2 20 Feb 2016 14:01:59 |
dinoex |
- add jasper -- multiple vulnerabilities
- fix version for CVE-2015-5221 |
1.1_2 18 Feb 2016 23:08:33 |
feld |
Document that graphics/silgraphite is also vulnerable
Security: http://www.vuxml.org/freebsd/8f10fa04-cf6a-11e5-96d6-14dae9d210b8.html |
1.1_2 18 Feb 2016 21:23:58 |
rene |
Document new vulnerability in www/chromium < 48.0.2564.116
Obtained
from: http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_18.html |
1.1_2 18 Feb 2016 03:04:39 |
junovitch |
Document Linux glibc crash/code execution via crafted DNS responses
PR: 207272
Submitted by: Johannes Jost Meixner <johannes@meixner.dk>
Security: CVE-2015-7547
Security: https://vuxml.FreeBSD.org/freebsd/2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28.html |
1.1_2 18 Feb 2016 02:20:24 |
junovitch |
Revise earlier Squid entry with official Squid SA as a reference
PR: 203186
Security: https://vuxml.FreeBSD.org/freebsd/d3a98c2d-5da1-11e5-9909-002590263bf5.html |
1.1_2 18 Feb 2016 02:16:14 |
junovitch |
Document Squid SSL/TLS processing remote DoS
PR: 207294
Security: CVE-2016-2390
Security: https://vuxml.FreeBSD.org/freebsd/56562efb-d5e4-11e5-b2bd-002590263bf5.html |
1.1_2 17 Feb 2016 17:23:24 |
feld |
Document databases/adminer vulnerabilities |
1.1_2 16 Feb 2016 22:48:43 |
jkim |
Correct CVE numbers for recent Flash vulnerabilities. |
1.1_2 16 Feb 2016 02:40:27 |
cpm |
Document libgcrypt side-channel attack on ECDH
PR: 207107
Security: CVE-2015-7511
Security: https://vuxml.FreeBSD.org/freebsd/95b92e3b-d451-11e5-9794-e8e0b747a45a.html |
1.1_2 16 Feb 2016 01:00:26 |
junovitch |
Document xdelta3 buffer overflow vulnerability
PR: 207174
Security: CVE-2014-9765
Security: https://vuxml.FreeBSD.org/freebsd/f1bf28c5-d447-11e5-b2bd-002590263bf5.html |
1.1_2 15 Feb 2016 15:31:03 |
miwi |
- Update Description from previous commit.
PR: 207207
Suggested by: Jan Beich |
1.1_2 15 Feb 2016 15:18:25 |
miwi |
- Document firefox -- Same-origin-policy violation using Service Workers with
plugins
PR: 20720
Submitted by: Christoph Moench-Tegeder |
1.1_2 14 Feb 2016 21:18:39 |
junovitch |
Add CVE to the OpenSSH 7.0.p1 entry and also mention CVE-2015-6565
Security: CVE-2015-6563
Security: CVE-2015-6564
Security: CVE-2015-6565
Security: https://vuxml.FreeBSD.org/freebsd/2920c449-4850-11e5-825f-c80aa9043978.html |
1.1_2 14 Feb 2016 19:11:35 |
girgen |
Correct URL. |
1.1_2 14 Feb 2016 14:46:06 |
miwi |
- Fix formating |
1.1_2 14 Feb 2016 14:39:55 |
brnrd |
security/vuxml: Add entry for www/nghttp2 < 1.7.1
- Out of memory error in nghttpd, nghttp, and libnghttp2_asio
applications
Reviewed by: feld (secteam, mentor)
Approved by: feld (secteam, mentor)
Depends on: D5218
Differential Revision: D5271 |
1.1_2 14 Feb 2016 02:59:02 |
junovitch |
Document cross-site scripting vulnerabilities in Horde Groupware
Security: CVE-2015-8807
Security: CVE-2016-2228
Security: https://vuxml.FreeBSD.org/freebsd/3aa8b781-d2c4-11e5-b2bd-002590263bf5.html |
1.1_2 14 Feb 2016 01:55:27 |
junovitch |
Fix dnscrypt-proxy reference URL (ihttps -> https) |
1.1_2 13 Feb 2016 22:35:55 |
girgen |
Document security problems in PostgreSQL
Security: CVE-2016-0773, CVE-2016-0766 |
1.1_2 13 Feb 2016 22:28:41 |
junovitch |
Reflect QEMU DoS vulnerabilities now fixed in qemu-sbruno/qemu-user-static
PR: 205813
Security: CVE-2015-8345
Security: CVE-2015-8567
Security: CVE-2015-8568
Security: CVE-2015-8613
Security: CVE-2015-8619
Security: CVE-2015-8701
Security: https://vuxml.FreeBSD.org/freebsd/1384f2fd-b1be-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/62ab8707-b1bc-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/9ad8993e-b1ba-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/b3f9f8ef-b1bb-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/b56fe6bb-b1b1-11e5-9728-002590263bf5.html |
1.1_2 10 Feb 2016 13:08:13 |
kwm |
Document feb 8, 2016 flash vulnerabilities.
Security: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,
CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,
CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,
CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,
CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,
CVE-2016-0984, CVE-2016-0985 |
1.1_2 10 Feb 2016 00:10:40 |
feld |
Document dns/dnscrypt-proxy vulnerability
PR: 206938 |
1.1_2 10 Feb 2016 00:07:45 |
feld |
Fix vuxml to pass `make validate`
An errant newline from the last entry caused "Error 1" |
1.1_2 09 Feb 2016 23:11:37 |
rene |
Document new vulnerabilities in www/chromium < 48.0.2564.109
Obtained
from: http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html |
1.1_2 09 Feb 2016 20:30:42 |
feld |
Update graphics/graphite2 vulnerability details
I found a more comprehensive blog entry by Talos |
1.1_2 09 Feb 2016 20:23:33 |
feld |
Document graphics/graphite2 vulnerability
Security: CVE-2016-1521 |
1.1_2 09 Feb 2016 17:07:04 |
feld |
Fix duplicate "reports" in last entry |
1.1_2 09 Feb 2016 17:01:02 |
feld |
Document net-mgmt/xymon-server vulnerabilities
MFH: 2016Q1
Security: CVE-2016-2054
Security: CVE-2016-2055
Security: CVE-2016-2056
Security: CVE-2016-2057
Security: CVE-2016-2058 |
1.1_2 09 Feb 2016 10:55:58 |
miwi |
- Document php -- pcre vulnerability |
1.1_2 09 Feb 2016 10:39:56 |
rakuco |
Document multiple vulnerabilities in graphics/py-imaging and graphics/py-pillow.
Security: CVE-2016-0740
Security: CVE-2016-0775 |
1.1_2 06 Feb 2016 11:23:58 |
riggs |
Document remote denial of service in ffmpeg before 2.8.6 and
mencoder / mplayer before 1.2.r20151219_3 |
1.1_2 05 Feb 2016 20:04:05 |
junovitch |
Update version of net/samba36 package to reflect it is still unpatched
PR: 206808
Reported by: Marcin Gryszkalis <mg@fork.pl>
Security: CVE-2015-5252
Security: CVE-2015-5296
Security: CVE-2015-5299
Security: https://vuxml.FreeBSD.org/freebsd/ef434839-a6a4-11e5-8275-000c292e4fd8.html |
1.1_2 05 Feb 2016 16:32:09 |
kwm |
Document shotwell failure to validate TLS certificates.
PR: 206807 |
1.1_2 04 Feb 2016 11:03:33 |
kwm |
Document webkit CVE-2014-1748.
If people look at the announcement, CVE-2014-3192 is already fixed. This
CVE was against chromium, and the same code in 2.4.9 is in webkit trunk
so I assume it already fixed.
CVE-2013-6663 is for webkit < 2.4.0, and the rest of the CVE's are for
apple products without any attached patches.
PR: 205683
Obtained from: http://webkitgtk.org/security/WSA-2015-0002.html |
1.1_2 04 Feb 2016 10:35:32 |
koobs |
security/vuxml: Add CVE-2016-1494 for security/py-rsa
PR: 206746
Reported by: Sevan Janiyan <venture37 geeklan co.uk> |
1.1_2 04 Feb 2016 09:25:09 |
madpilot |
Document new asterisk ports vulnerabilities. |
1.1_2 03 Feb 2016 17:16:58 |
feld |
Document py-salt vulnerability
Security: CVE-2016-1866 |
1.1_2 02 Feb 2016 22:44:11 |
sunpoet |
- Document Ruby on Rails multiple vulnerabilities |
1.1_2 02 Feb 2016 11:05:10 |
kwm |
Document that the linux curl ports are still vulnerable.
Submitted by: xmj@ |
1.1_2 01 Feb 2016 22:05:51 |
feld |
Document net/socat vulnerability |
1.1_2 01 Feb 2016 07:37:59 |
jbeich |
Document recent Mozilla vulnerabilities
PR: 206637
Submitted by: Christoph Moench-Tegeder <cmt@burggraben.net> |
1.1_2 01 Feb 2016 02:42:40 |
junovitch |
Document multiple vulnerabilities in gdcm
PR: 206590
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2015-8396
Security: CVE-2015-8397
Security: https://vuxml.FreeBSD.org/freebsd/e00d8b94-c88a-11e5-b5fe-002590263bf5.html |
1.1_2 31 Jan 2016 10:00:14 |
miwi |
- Fix x11/linux-c6-xorg-libs entry as fixed
- Also fix modify date
Reported by: Terry Kennedy <TERRY@glaver.org> |
1.1_2 30 Jan 2016 18:42:17 |
miwi |
- Mark linux-c6* entys as fixed |
1.1_2 30 Jan 2016 16:53:28 |
brnrd |
ftp/curl: Fix vuxml version check
Reviewed by: Erandir, miwi (ports-secteam)
Approved by: miwi (ports-secteam) |
1.1_2 30 Jan 2016 05:37:11 |
feld |
vuxml: fix version range for nginx which has a PORTEPOCH |
1.1_2 30 Jan 2016 05:29:48 |
feld |
Document www/nginx vulnerabilities
Security: CVE-2016-0742
Security: CVE-2016-0746
Security: CVE-2016-0747 |
1.1_2 29 Jan 2016 16:53:05 |
feld |
Document www/typo3 and www/typo3-lts vulnerabilities
PR: 206723 |
1.1_2 29 Jan 2016 16:44:04 |
feld |
vuxml: Fix owncloud discovery date |
1.1_2 29 Jan 2016 16:43:37 |
feld |
Document www/nghttp2 vulnerability
PR: 206727
Security: CVE-2015-8659 |
1.1_2 29 Jan 2016 16:36:38 |
feld |
vuxml: Fix openssl entry so `make validate` doesn't throw errors |
1.1_2 29 Jan 2016 16:35:58 |
feld |
Document www/owncloud vulnerabilities
PR: 206724
Security: CVE-2016-1498
Security: CVE-2016-1499
Security: CVE-2016-1500 |
1.1_2 29 Jan 2016 15:38:48 |
feld |
vuxml: radicale entry needs python prefixes for packagename
PR: 206717 |
1.1_2 29 Jan 2016 15:33:37 |
feld |
Document www/radicale vulnerabilities
Security: CVE-2015-8747
Security: CVE-2015-8748 |
1.1_2 28 Jan 2016 22:45:10 |
matthew |
Add 9 security advisories for phpMyAdmin:
[Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
[Security] Unsafe generation of CSRF token, see PMASA-2016-2
[Security] Multiple XSS vulnerabilities, see PMASA-2016-3
[Security] Insecure password generation in JavaScript, see PMASA-2016-4
[Security] Unsafe comparison of CSRF token, see PMASA-2016-5
[Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
[Security] XSS vulnerability in normalization page, see PMASA-2016-7
[Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8
[Security] XSS vulnerability in SQL editor, see PMASA-2016-9 |
1.1_2 28 Jan 2016 21:00:55 |
lx |
vuxml for prosody CVE-2016-0756.
PR: 206707
Submitted by: Anton Shestakov |
1.1_2 28 Jan 2016 15:20:11 |
dinoex |
- report OpenSSL 1.0.2e vulnerability
MFH: 2016Q1 |
1.1_2 27 Jan 2016 16:01:39 |
brnrd |
security/vuxml: Document cURL vulnerability
Reviewed by: feld (ports-secteam, mentor), koobs (mentor)
Approved by: feld (ports-secteam, mentor)
Security: CVE-2016-0755
Security: https://vuxml.FreeBSD.org/freebsd/8b27f1bc-c509-11e5-a95f-b499baebfeaf.html
Differential Revision: D5091 |
1.1_2 26 Jan 2016 04:18:34 |
junovitch |
Document Wordpress cross site scripting vulnerability
Security: CVE-2016-1564
Security: https://vuxml.FreeBSD.org/freebsd/fb754341-c3e2-11e5-b5fe-002590263bf5.html |
1.1_2 26 Jan 2016 03:13:32 |
junovitch |
Document recent privoxy security vulnerabilities
While here, catch up on the prior release's advisories for completeness
PR: 206504
Security: CVE-2016-1982
Security: CVE-2016-1983
Security: https://vuxml.FreeBSD.org/freebsd/a763a0e7-c3d9-11e5-b5fe-002590263bf5.html |
1.1_2 26 Jan 2016 01:36:25 |
junovitch |
Document potential privilege escalation via symlink misconfiguration in sudo
PR: 206592
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2015-5602
Security: https://vuxml.FreeBSD.org/freebsd/2e8cdd36-c3cc-11e5-b5fe-002590263bf5.html |
1.1_2 22 Jan 2016 19:21:17 |
feld |
Document graphics/imlib2 vulnerabilities
PR: 206372
Security: CVE-2014-9762
Security: CVE-2014-9763
Security: CVE-2014-9764 |
1.1_2 22 Jan 2016 17:20:08 |
feld |
Recent BIND vulnerabilities are supposed to be in separate entries |
1.1_2 21 Jan 2016 21:49:22 |
rene |
Document new vulnerabilities in www/chromium < 48.0.2564.82
PR: 206474
Submitted by: Christoph Moench-Tegeder
Obtained
from: http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html |
1.1_2 21 Jan 2016 09:30:59 |
delphij |
Document NTP multiple vulnerabilities. |
1.1_2 20 Jan 2016 23:41:20 |
junovitch |
Document cgit -- multiple vulnerabilities
PR: 206417
Security: CVE-2016-1899
Security: CVE-2016-1900
Security: CVE-2016-1901
Security: https://vuxml.FreeBSD.org/freebsd/62c0dbbd-bfce-11e5-b5fe-002590263bf5.html |
1.1_2 20 Jan 2016 16:32:35 |
feld |
Document bind vulnerabilities
Security: CVE-2015-8704
Security: CVE-2015-8705 |
1.1_2 19 Jan 2016 16:52:06 |
pawel |
Document claws-mail CVE
Security: CVE-2015-8614 |
1.1_2 19 Jan 2016 08:35:48 |
sunpoet |
- Fix libproxy range |
1.1_2 18 Jan 2016 23:50:10 |
junovitch |
Document several vulnerabilities in libarchive
PR: 200176
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2013-0211
Security: CVE-2015-2304
Security: https://vuxml.FreeBSD.org/freebsd/7c63775e-be31-11e5-b5fe-002590263bf5.html |
1.1_2 18 Jan 2016 14:04:44 |
junovitch |
Document go information disclosure vulnerability
Security: CVE-2015-8618
Security: https://vuxml.FreeBSD.org/freebsd/6809c6db-bdeb-11e5-b5fe-002590263bf5.html |
1.1_2 18 Jan 2016 06:16:38 |
riggs |
Correct vulerable package version entries for ffmpeg entry in r406293 |
1.1_2 17 Jan 2016 18:06:31 |
feld |
Document isc-dhcpd CVE
Security: CVE-2015-8605 |
1.1_2 17 Jan 2016 11:33:11 |
rakuco |
Document CVE-2012-4504 in net/libproxy and its slave ports.
Security: CVE-2012-4504 |
1.1_2 17 Jan 2016 10:27:35 |
riggs |
Document usage of vulnerable ffmpeg prior to 2.8.5 in mplayer/mencoder |
1.1_2 17 Jan 2016 10:12:17 |
riggs |
Document zero day remote vulnerability in ffmpeg 2.0.0 - 2.8.4
PR: 206282 |
1.1_2 15 Jan 2016 17:47:33 |
bdrewery |
Fix OpenSSH version ranges.
Reported by: sunpoet |
1.1_2 15 Jan 2016 15:22:44 |
miwi |
- Document h2o -- directory traversal vulnerability
PR: 206193 |
1.1_2 14 Jan 2016 19:34:26 |
bdrewery |
Document OpenSSH CVE-2016-0777 and CVE-2016-0778.
Submitted by: brnrd |
1.1_2 14 Jan 2016 00:25:59 |
junovitch |
Document two vulnerabilities in Prosody
PR: 206150
Reported by: Anton Shestakov <av6@dwimlabs.net>
Security: CVE-2016-1232
Security: CVE-2016-1231
Security: https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html |
1.1_2 13 Jan 2016 23:57:53 |
junovitch |
Document Kibana 4.x XSS vulnerabilty
PR: 205961
PR: 205962
PR: 205963
Security: https://vuxml.FreeBSD.org/freebsd/a7a4e96c-ba50-11e5-9728-002590263bf5.html |
1.1_2 12 Jan 2016 14:50:44 |
rakuco |
Add entry for CVE-2015-8607 in devel/p5-PathTools.
Security: CVE-2015-8607 |
1.1_2 11 Jan 2016 11:07:43 |
miwi |
- php -- multiple vulnerabilities |
1.1_2 09 Jan 2016 13:42:06 |
rakuco |
Add entry for CVE-2015-8557 in textproc/py-pygments. |
1.1_2 08 Jan 2016 18:49:51 |
feld |
Add openjdk7 to the existing java vuxml entry
PR: 204268 |
1.1_2 08 Jan 2016 18:44:02 |
feld |
Document polkit vulnerabilities
PR: 204235
Security: CVE-2015-4625
Security: CVE-2015-3218
Security: CVE-2015-3255
Security: CVE-2015-3256 |
1.1_2 08 Jan 2016 18:23:26 |
feld |
Document net/librsync collision vulnerability
PR: 204237
Security: CVE-2014-8242 |
1.1_2 08 Jan 2016 17:55:40 |
feld |
Document fixed version of graphics/exact-image
Security: CVE-2015-3885 |
1.1_2 08 Jan 2016 17:25:40 |
feld |
Document devel/m6811-binutils is also vuln to older CVEs
PR: 198815
Security: CVE-2014-8501
Security: CVE-2014-8502
Security: CVE-2014-8503 |
1.1_2 08 Jan 2016 06:16:20 |
delphij |
Document ntp remote denial of service vulnerability. |
1.1_2 08 Jan 2016 01:31:32 |
junovitch |
Document two dhcpcd vulnerabilities
PR: 206015
Security: CVE-2016-1504
Security: CVE-2016-1503
Security: https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html |