Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_2 12 Jul 2015 19:58:28 |
feld |
PowerDNS discovered the fix for CVE-2015-1868 was not complete in the
previous releases.
Security: 64e6006e-f009-11e4-98c6-000c292ee6b8
Security: CVE-2015-5470 |
1.1_2 12 Jul 2015 19:40:33 |
feld |
Add note on how to use the new html functionality |
1.1_2 12 Jul 2015 19:40:07 |
feld |
Add ability to produce html files for vuxml entries
This will allow committers to test complex vuxml entries before
submission.
A special thanks to hrs for responding to my plea for this feature
Submitted by: hrs |
1.1_2 11 Jul 2015 17:29:03 |
bapt |
- Add xen-tools to the list of packages fixed in existing
XSA-135 / CVE-2015-3209 entry
PR: 201416
Submitted by: Jason Unovitch <jason.unovitch@gmail.com> |
1.1_2 11 Jul 2015 17:21:35 |
bapt |
Document all recent xen-kernel and xen-tools security issues
PR: 201416
Submitted by: Jason Unovitch <jason.unovitch@gmail.com> |
1.1_2 11 Jul 2015 10:14:06 |
bapt |
Document a few pivotx vulnerabilities |
1.1_2 10 Jul 2015 13:53:59 |
feld |
Update squid entry to reflect new range of affected versions
Still waiting on CVE assignment
PR: 201374
Security: 150d1538-23fa-11e5-a4a5-002590263bf5 |
1.1_2 10 Jul 2015 00:31:39 |
delphij |
Document wpa_supplicant WPS_NFC option payload length validation
vulnerability
PR: 201432
Submitted by: Jason Unovitch |
1.1_2 09 Jul 2015 23:13:28 |
delphij |
Document OpenSSL alternative chains certificate forgery vulnerability. |
1.1_2 09 Jul 2015 16:42:33 |
lwhsu |
- Correct the version range of www/py-django-devel |
1.1_2 09 Jul 2015 15:59:12 |
feld |
document django vulnerabilities
Security: 37ed8e9c-2651-11e5-86ff-14dae9d210b8
Security: CVE-2015-5143
Security: CVE-2015-5144
Security: CVE-2015-5145 |
1.1_2 09 Jul 2015 15:23:24 |
feld |
node and iojs vuln now has a CVE assigned
Security: 864e6f75-2372-11e5-86ff-14dae9d210b8
Security: CVE-2015-5380 |
1.1_2 08 Jul 2015 18:58:39 |
tijl |
Document Adobe Flash Plugin vulnerability (CVE-2015-5119) |
1.1_2 08 Jul 2015 17:26:05 |
feld |
Fix other no-op formatting mistakes for the roundcube entry
Security: 038a5808-24b3-11e5-b0c8-bf4d8935d4fa |
1.1_2 08 Jul 2015 17:05:01 |
feld |
Fix formatting by adding some breaks
Security: 038a5808-24b3-11e5-b0c8-bf4d8935d4fa |
1.1_2 08 Jul 2015 01:20:37 |
delphij |
Make version range closer to reality -- this should be a no-op (use of P2
and P1 without PORTREVISION is intentional). |
1.1_2 07 Jul 2015 22:14:06 |
delphij |
-base options for dns/bind have been gone now. Cover them with <gt>0</gt>
for this entry so that existing users gets warned.
Noticed by: mat |
1.1_2 07 Jul 2015 21:53:00 |
delphij |
Document BIND remote resolver DoS vulnerability when DNSsec validation
is enabled. |
1.1_2 07 Jul 2015 15:05:13 |
feld |
cups-filters mentions wrong CVE in some places
incorrect: CVE-2015-3259
correct: CVE-2015-3279
Add mailing list post that clarifies this
Security: bf1d9331-21b6-11e5-86ff-14dae9d210b8 |
1.1_2 07 Jul 2015 14:54:13 |
feld |
Document haproxy information leak
Security: CVE-2015-3281 |
1.1_2 07 Jul 2015 14:35:40 |
feld |
Document roundcube vulnerabilities
Security: CVE-2015-5381
Security: CVE-2015-5383 |
1.1_2 07 Jul 2015 02:45:24 |
feld |
Document SQL Injection in turnserver
PR: 201231 |
1.1_2 06 Jul 2015 17:31:21 |
feld |
Document recent squid vulnerabilities
PR: 201374 |
1.1_2 06 Jul 2015 13:08:08 |
kwm |
Use correct end tag.
Submitted by: dvl@ |
1.1_2 06 Jul 2015 12:54:13 |
feld |
Add iojs as affected package
Security: 864e6f75-2372-11e5-86ff-14dae9d210b8 |
1.1_2 06 Jul 2015 03:39:37 |
feld |
Correct bitcoin range for CVE-2015-3641 |
1.1_2 06 Jul 2015 03:30:24 |
feld |
Document ansible vulnerabilities
PR: 201359 |
1.1_2 06 Jul 2015 03:21:32 |
feld |
Document bitcoin CVE-2015-3641 |
1.1_2 06 Jul 2015 00:23:35 |
feld |
add node-devel as affected package
confirmed source code of node 0.11.16 is also vulnerable |
1.1_2 06 Jul 2015 00:09:55 |
feld |
add www/node denial of service vulnerability
no known CVE has been assigned |
1.1_2 03 Jul 2015 19:17:29 |
feld |
cups-filters CVE-2015-3279 |
1.1_2 03 Jul 2015 14:43:09 |
tijl |
Fix range for linux-c6-openssl |
1.1_2 01 Jul 2015 13:56:04 |
kwm |
Record libxml2 vulnability
Security: CVE-2015-1819 |
1.1_2 01 Jul 2015 13:22:46 |
feld |
Correct version range for netpbm CVE-2015-3885 |
1.1_2 01 Jul 2015 00:09:32 |
delphij |
Document games/wesnoth authentication information disclosure vulnerability.
PR: 201105
Submitted by: Jason Unovitch |
1.1_2 30 Jun 2015 23:56:40 |
amdmi3 |
- Document CVE-2015-3258 (cups-filters buffer overflow vulnerability)
PR: 201134
Submitted by: cyberbotx@cyberbotx.com
Differential Revision: |
1.1_2 30 Jun 2015 20:56:29 |
delphij |
Document ntp remote control message DoS vulnerability. |
1.1_2 26 Jun 2015 19:13:31 |
nox |
Document qemu pcnet guest to host escape vulnerability - CVE-2015-3209
PR: 201064
Submitted by: koobs
Security: https://vuxml.FreeBSD.org/freebsd/acd5d037-1c33-11e5-be9c-6805ca1d3bb1.html |
1.1_2 26 Jun 2015 04:35:46 |
delphij |
Document CVE-2014-3120, CVE-2014-6439, CVE-2015-1427, CVE-2015-3337,
and CVE-2015-4165 (various Elasticsearch vulnerabilities).
PR: ports/201008
Submitted by: Jason Unovitch |
1.1_2 24 Jun 2015 20:35:40 |
delphij |
Split CVE-2015-4152 to its own entry as the affected port is logstash only.
While there also document CVE-2014-4326 (already fixed) for logstash.
PR: ports/201001
Submitted by: Jason Unovitch |
1.1_2 24 Jun 2015 20:17:20 |
delphij |
Add entry for logstash-forwarder/logstash.
PR: ports/201065
Submitted by: Jason Unovitch |
1.1_2 24 Jun 2015 18:54:36 |
jbeich |
Aggressively mark more consumers of bundled dcraw as vulnerable
ljpeg_start() originates from dcraw, no need to list every package with
copy of it at the expense of readability. |
1.1_2 24 Jun 2015 09:01:07 |
xmj |
Document linux-*-flashplugin11 CVE.
Reported by: kwm
Reviewed by: kwm
Security: d02f6b01-1a3f-11e5-8bd6-c485083ca99c
Security: CVE-2015-3113
Sponsored by: Perceivon Hosting Inc. |
1.1_2 23 Jun 2015 00:15:19 |
delphij |
Fix entry date. |
1.1_2 23 Jun 2015 00:13:58 |
delphij |
Document rubygem-bson DoS and possible injection vulnerability.
PR: 201061
Submitted by: Jason Unovitch |
1.1_2 22 Jun 2015 23:39:35 |
delphij |
Document 3 vulnerabilities with PHP that affected 4 extensions.
PR: 200926
Submitted by: Jason Unovitch |
1.1_2 22 Jun 2015 23:22:24 |
delphij |
Reflect version range change after r390340. While I'm there, also fix
the CVE-2015-4556 entry because it's not yet fixed in the ports tree and
add a reference to the PR while there.
PR: 200980
Submitted by: Vitaly Magerya (with changes suggested by Jason Unovitch) |
1.1_2 22 Jun 2015 22:28:05 |
olgeni |
Document vulnerabilities in devel/ipython < 3.2.0. |
1.1_2 22 Jun 2015 19:23:46 |
rene |
Document new vulnerabilities in www/chromium < 43.0.2357.130
Obtained
from: http://googlechromereleases.blogspot.nl/2015/06/chrome-stable-update.html |
1.1_2 22 Jun 2015 07:13:46 |
delphij |
Document rubygem-paperclip validation bypass vulnerabilitiy.
PR: 200979
Submitted by: Jason Unovitch |
1.1_2 22 Jun 2015 07:02:21 |
delphij |
Document lang/chicken vulnerabilities CVE-2014-9651 and CVE-2015-4556.
PR: 200980
Submitted by: Jason Unovitch |
1.1_2 22 Jun 2015 06:44:55 |
delphij |
Document cacti multiple vulnerabilities (affects < 0.8.8c) and
multiple XSS/SQL injection vulnerabilities (affects < 0.8.8d).
PR: 200963
Submitted by: Jason Unovitch |
1.1_2 20 Jun 2015 12:11:57 |
kuriyama |
Add p5-Dancer vuln. |
1.1_2 19 Jun 2015 00:13:25 |
delphij |
Document Drupal multiple vulnerabilities. |
1.1_2 17 Jun 2015 21:40:52 |
delphij |
Document two vulnerabilities of cURL. |
1.1_2 17 Jun 2015 17:35:59 |
sunpoet |
- Make it compatible with Python 3.x
Approved by: delphij |
1.1_2 17 Jun 2015 17:24:31 |
sunpoet |
- Document Ruby on Rails multiple vulnerabilities |
1.1_2 17 Jun 2015 17:18:39 |
delphij |
Modify a5f160fa-deee-11e4-99f8-080027ef73ec so it covers ja-mailman too.
Submitted by: Yasuhito FUTATSUKI |
1.1_2 17 Jun 2015 00:24:46 |
delphij |
Document testdisk multiple vulnerabilities.
PR: ports/200250
Submitted by: Jason Unovitch |
1.1_2 16 Jun 2015 00:44:02 |
delphij |
Document Tomcat multiple vulnerabilities. |
1.1_2 12 Jun 2015 14:10:38 |
brd |
Add ossec-hids-* vulnerabilities.
PR: 200801
Submitted by: Jason Unovitch <jason.unovitch@gmail.com>
Approved by: swills (mentor) |
1.1_2 12 Jun 2015 02:12:37 |
zi |
- Add vulnerability information for additional ports affected by openssl CVEs in
8305e215-1080-11e5-8ba2-000c2980a9f3 |
1.1_2 11 Jun 2015 21:35:49 |
zi |
- Document recent vulnerabilities in security/openssl |
1.1_2 11 Jun 2015 15:53:37 |
xmj |
Document 13 Flash vulnerabilities.
Affected: www/linux-*-flashplugin11. |
1.1_2 10 Jun 2015 18:09:20 |
delphij |
Document libzmq4 V3 protocol handler protocol downgrade vulnerability.
PR: 200502
Submitted by: Jason Unovitch |
1.1_2 10 Jun 2015 17:34:21 |
delphij |
Document pgbouncer remote denial of service vulnerability.
PR: 200537
Submitted by: Jason Unovitch |
1.1_2 09 Jun 2015 23:17:10 |
delphij |
Document cups multiple vulnerabilities. |
1.1_2 09 Jun 2015 08:23:29 |
delphij |
Document two strongswan vulnerabilities.
PR: 200721
Submitted by: Jason Unovitch (with changes: wrapped long line and changed
CVE-2015-3991's coverage to cover only < 5.3.1 to reflect
the reality). |
1.1_2 08 Jun 2015 22:33:12 |
delphij |
Document redis EVAL Lua sandbox escape vulnerability. |
1.1_2 08 Jun 2015 17:30:48 |
thierry |
Add an entry for www/tidy-* heap-buffer-overflow.
PR: ports/200631
Submitted by: Walter Hop |
1.1_2 07 Jun 2015 21:07:35 |
delphij |
Fix typo and remove PHP from pcre vulnerabilities, as the bundled pcre
is not used. |
1.1_2 07 Jun 2015 20:53:12 |
delphij |
Document fixed version of pcre in e69af246-0ae2-11e5-90e4-d050996490d0. |
1.1_2 06 Jun 2015 18:21:17 |
sunpoet |
- Update VuXML
PR: 200196
Submitted by: Jason Unovitch <jason.unovitch@gmail.com> |
1.1_2 05 Jun 2015 23:54:02 |
zi |
- Re-add PHP removed in previous commit
- Update pcre to use lt instead of gt |
1.1_2 05 Jun 2015 15:42:31 |
zi |
- Make version matching on the pcre vuln a little more sane
- Remove PHP as the vulnerability appears to be in devel/pcre, not php |
1.1_2 04 Jun 2015 18:18:33 |
delphij |
Document two recent pcre vulnerabilities that can be triggered by
specifically crafted *patterns* and would lead to stack or heap
overflow. |
1.1_2 04 Jun 2015 00:35:59 |
osa |
Update information for graphics/libraw.
PR: 200194 |
1.1_2 02 Jun 2015 09:44:26 |
marino |
security/vuxml: multiple vulnerabilities of wpa_supplicant and hostapd
Security: CVE-2015-4141
Security: CVE-2015-4142
Security: CVE-2015-4143
Security: CVE-2015-4144
Security: CVE-2015-4145
Security: CVE-2015-4146
PR: 200568 |
1.1_2 02 Jun 2015 02:50:04 |
jbeich |
Document recent ffmpeg0 vulnerabilities |
1.1_2 01 Jun 2015 19:37:58 |
riggs |
Add entry for vulnerable versions of avidemux2 and avidemux26
PR: 200507
Submitted by: venture37@geeklan.co.uk |
1.1_2 01 Jun 2015 18:44:14 |
mmoll |
security/vuxml: add www/rubygem-rest-client vulnerabilities
PR: 200504
Differential Revision: https://reviews.freebsd.org/D2699
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
Approved by: ports-secteam (delphij, eadler)
Security: CVE-2015-1820
Security: CVE-2015-3448 |
1.1_2 01 Jun 2015 07:24:49 |
delphij |
- Add kodi to 57325ecf-facc-11e4-968f-b888e347c638 [1]
- Update entry dates for newly added entry.
PR: 200200 [1]
Submitted by: Jason Unovitch [1] |
1.1_2 01 Jun 2015 05:59:00 |
delphij |
Reflect CVE-2015-2060 and CVE-2014-9556.
PR: ports/198955
Submitted by: Jason Unovitch |
1.1_2 31 May 2015 16:07:52 |
lwhsu |
- Document django vulnerability CVE-2015-3982 |
1.1_2 31 May 2015 08:08:17 |
delphij |
Extend 57325ecf-facc-11e4-968f-b888e347c638 to cover rawstudio as well.
PR: 200199
Submitted by: Jason Unovitch |
1.1_2 29 May 2015 22:20:31 |
delphij |
Document the issue with proxychains-ng which uses current directory when
searching for its own shared library (CVE-2015-3887).
PR: 200511
Submitted by: Jason Unovitch |
1.1_2 28 May 2015 19:47:25 |
delphij |
Document wireshark multiple vulnerabilities. |
1.1_2 28 May 2015 17:46:26 |
delphij |
Document krb5 requires_preauth bypass in PKINIT-enabled KDC. |
1.1_2 26 May 2015 22:15:06 |
delphij |
Retrofit document cURL multiple vulnerabilities. |
1.1_2 24 May 2015 07:29:09 |
delphij |
Document cassandra remote code execution vulnerability.
PR: 199091
Submitted by: Jason Unovitch <jason unovitch gmail com> |
1.1_2 24 May 2015 07:23:40 |
delphij |
Fix version range for previous commit. |
1.1_2 24 May 2015 07:19:10 |
delphij |
Extend CVE-2015-3456 to cover xen-tools (4.5.0-4.5.0_5: we didn't supported
the feature in earlier version of this port) and VirtualBox cases as well.
PR: 200311 |
1.1_2 24 May 2015 03:43:25 |
xmj |
document possible vulnerabilities in sysutils/py-salt
PR: 200172
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk> |
1.1_2 23 May 2015 18:25:51 |
pi |
Add entry for mail/davmail.
PR: 198297
Submitted by: Jason Unovitch <jason.unovitch@gmail.com>
Approved by: <john.c.prather@gmail.com> (maintainer (timeout)) |
1.1_2 23 May 2015 08:38:18 |
mandree |
Document dnsmasq and -devel vulnerabilities (CVE-2015-3294 and one other in rc). |
1.1_2 22 May 2015 22:49:13 |
delphij |
Document PCRE and PHP multiple vulnerabilities. |
1.1_2 22 May 2015 22:15:22 |
delphij |
Correct PR number.
Submitted by: jason.unovitch gmail.com |
1.1_2 22 May 2015 19:06:28 |
girgen |
Record some minor PostgreSQL sercurity problems.
"This update fixes three security vulnerabilities reported in PostgreSQL over
the past few months. Nether of these issues is seen as particularly urgent.
However, users should examine them in case their installations are vulnerable."
URL: http://www.postgresql.org/about/news/1587/ |
1.1_2 22 May 2015 07:04:28 |
delphij |
Pass full path to the vuln.xml file to extra-validation.py. Without this,
if .OBJDIR differs from .CURDIR, the validation would fail.
PR: 193923
Reported by: jbeich |
1.1_2 20 May 2015 19:21:07 |
delphij |
Document CVE-2015-3306 proftpd mod_copy unauthenticated copying of files
vulnerability. |