Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_2 06 Feb 2015 22:21:15 |
rene |
Document new vulnerabilities in www/chromium < 40.0.2214.111
Submitted by: Carlos Jacobo Puga Medina
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_2 05 Feb 2015 22:54:22 |
girgen |
Update PostgreSQL-9.x to latests versions.
This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.
Security: CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
CVE-2015-0244,CVE-2014-8161 |
1.1_2 05 Feb 2015 08:57:05 |
tijl |
Remove 734bcd49-aae6-11e4-a0c1-c485083ca99c because Adobe Flash Player 11.x
isn't affected. See February 2 revision of
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html |
1.1_2 04 Feb 2015 20:38:31 |
cy |
Add the following KRB5 CVEs.
CVE-2014-5352: gss_process_context_token() incorrectly frees context
CVE-2014-9421: kadmind doubly frees partial deserialization results
CVE-2014-9422: kadmind incorrectly validates server principal name
CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
Security: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 |
1.1_2 03 Feb 2015 22:35:06 |
delphij |
Document unzip out of boundary access issues in test_compr_eb.
PR: ports/197300 |
1.1_2 02 Feb 2015 19:09:36 |
xmj |
Add linux-f10-devtools (any version) and linux-c6-devtools (prior to 6.6_3) to
the CVE-2015-0235 entry from 2015-01-28.
Approved by: swills (mentor) |
1.1_2 02 Feb 2015 15:25:31 |
feld |
Add net-mgmt/xymon-server CVE-2015-1430 |
1.1_2 02 Feb 2015 14:53:57 |
xmj |
www/linux-*-flashplugin11: Add CVE-2015-0313
Spotted by: kwm
Approved by: swills (mentor) |
1.1_2 31 Jan 2015 16:09:37 |
olgeni |
Add CVE-2015-0862 for net/rabbitmq. |
1.1_2 31 Jan 2015 15:07:29 |
ohauer |
- document apache24 issues |
1.1_2 29 Jan 2015 11:20:52 |
madpilot |
Document asterisk security issues.
While here, add CVE number to a previous asterisk entry. |
1.1_2 28 Jan 2015 08:39:21 |
xmj |
Add CVE-2015-0235.
- Affects linux_base-*
Approved by: so@ (des) |
1.1_2 26 Jan 2015 21:20:44 |
tijl |
Document critical Adobe Flash Player vulnerability (CVE-2015-0311) |
1.1_2 26 Jan 2015 20:24:08 |
ohauer |
- document bugzilla security issues |
1.1_2 24 Jan 2015 17:58:08 |
lwhsu |
- Fix description of 9c7b6c20-a324-11e4-879c-00e0814cab4e |
1.1_2 23 Jan 2015 17:47:01 |
lwhsu |
Document Django 2014-01-13 vulnerabilty |
1.1_2 22 Jan 2015 17:43:48 |
mi |
Add a note about the just-fixed vulnerability of applications using net/libutp.
PR: 196351
Differential Revision: D1575
Submitted by: Jan Beich
Approved by: bapt |
1.1_2 22 Jan 2015 17:09:22 |
xmj |
Amend linux-c6-openssl version in OpenSSL entry from 2015-01-08.
Approved by: swills (mentor) |
1.1_2 22 Jan 2015 17:02:41 |
vsevolod |
Add CVE-2015-0206 description for LibreSSL port. |
1.1_2 22 Jan 2015 12:54:14 |
tijl |
Document Adobe Flash Player vulnerabilities |
1.1_2 21 Jan 2015 22:09:39 |
rene |
Document new vulnerabilities in www/chromium < 40.0.2214.91
Also affects FFmpeg, ICU, DOM but the links on the webpage all result in a 403.
Obtained from: http://googlechromereleases.blogspot.nl |
1.1_2 19 Jan 2015 20:52:53 |
jase |
security/vuxml:
- Document security/polarssl and security/polarssl13 crafted certificates
vulnerability (CVE-2015-1182) |
1.1_2 16 Jan 2015 08:18:14 |
ehaupt |
Document multiple archivers/unzip vulnerabilities (CVE-2014-8139,
CVE-2014-8140, CVE-2014-8141).
PR: 196777 (based on)
Submitted by: rsimmons0@gmail.com |
1.1_2 16 Jan 2015 04:05:18 |
timur |
Add description of CVE-2014-8143 in net/samba4 and net/samba41 |
1.1_2 14 Jan 2015 21:54:31 |
rakuco |
Add entry for CVE-2013-7252 in x11/kde4-runtime. |
1.1_2 14 Jan 2015 07:10:09 |
beat |
Document mozilla vulnerabilities |
1.1_2 11 Jan 2015 19:39:46 |
mm |
Add vuln.xml entry for libevent CVE-2014-6272
PR: ports/199640 |
1.1_2 09 Jan 2015 18:56:57 |
sunpoet |
- Fix more typo |
1.1_2 09 Jan 2015 18:51:33 |
sunpoet |
- Fix typo |
1.1_2 09 Jan 2015 18:41:23 |
sunpoet |
- Document cURL URL request injection vulnerability (CVE-2014-8150) |
1.1_2 09 Jan 2015 13:35:32 |
kwm |
Document webkit-gtk[23] vulnabilities. |
1.1_2 09 Jan 2015 00:00:00 |
delphij |
Document OpenSSL multiple vulnerabilities. |
1.1_2 06 Jan 2015 21:11:36 |
mandree |
Add three upstream patches to busybox 1.22.1, bumping PORTREVISION to 2.
One fixes the CVE-2014-4608 buffer overrun in LZO2,
one fixes the nc app, one fixes the zcat and related apps when accessing
files without extension.
List busybox < 1.22.1_2 as vulnerable, and add CVE Name to the vulndb.
Security: CVE-2014-4608
Security: d1f5e12a-fd5a-11e3-a108-080027ef73ec |
1.1_2 04 Jan 2015 22:54:03 |
rea |
VuXML: document multiple vulnerabilities in WordPress
CVE-2014-9033 to CVE-2014-9039. |
1.1_2 04 Jan 2015 22:25:20 |
rea |
VuXML: document heap overflow in 32-bit builds of libpng |
1.1_2 02 Jan 2015 23:24:18 |
delphij |
Document file multiple vulnerabilities. |
1.1_2 23 Dec 2014 21:24:56 |
rea |
Fix whitespace in entry for ntp (4033d826-87dd-11e4-9079-3c970e169bc2) |
1.1_2 23 Dec 2014 21:22:36 |
rea |
Document CVE-2014-9116 in mutt |
1.1_2 20 Dec 2014 00:21:31 |
delphij |
Document ntp multiple vulnerabilities. |
1.1_2 19 Dec 2014 18:05:52 |
brd |
Document git vulerability
Approved by: swills
Security: CVE-2014-9390 |
1.1_2 16 Dec 2014 22:06:32 |
cs |
OTRS security announcement |
1.1_2 16 Dec 2014 11:44:28 |
kwm |
Register portepoch in the xorg-server entry.
Submitted by: Adam McDougall <mcdouga9@egr.msu.edu>
Pointyhat to: kwm@ |
1.1_2 16 Dec 2014 10:46:58 |
tijl |
Fix version information on several subversion vulnerabilities |
1.1_2 15 Dec 2014 22:18:50 |
ohauer |
- document Subversion remote DoS |
1.1_2 14 Dec 2014 09:45:09 |
danfe |
The GLX indirect rendering support supplied on NVIDIA products is subject to
the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098)
as well as internally identified vulnerabilities (CVE-2014-8298). |
1.1_2 11 Dec 2014 20:56:22 |
delphij |
Document BIND vulnerability. |
1.1_2 11 Dec 2014 09:41:11 |
madpilot |
Document vulnerability in asterisk11. |
1.1_2 10 Dec 2014 21:31:57 |
kwm |
Document xserver security advisories. |
1.1_2 09 Dec 2014 03:05:15 |
sem |
- Remove a redundant dot |
1.1_2 09 Dec 2014 02:43:38 |
sem |
Document unbound vulnerability |
1.1_2 07 Dec 2014 12:25:30 |
kwm |
Document freetype 2 vulnability. |
1.1_2 04 Dec 2014 07:15:30 |
matthew |
The latest in a long line of phpMyAdmin security advisories: DoS and
XSS vulnerabilities.
Security: c9c46fbf-7b83-11e4-a96e-6805ca0b3d42 |
1.1_2 03 Dec 2014 11:20:52 |
beat |
Document mozilla vulnerabilities
PR: 195559
Submitted by: Jan Beich |
1.1_2 02 Dec 2014 01:38:26 |
delphij |
Document OpenVPN Denial of Service vulnerability. |
1.1_2 25 Nov 2014 21:42:43 |
naddy |
Document CVE-2014-8962 and CVE-2014-9028 in audio/flac. |
1.1_2 23 Nov 2014 10:35:07 |
madpilot |
Add CVE names for recent asterisk vulnerabilities. |
1.1_2 21 Nov 2014 11:07:00 |
madpilot |
Document multiple vulnerabilities in asterisk ports. |
1.1_2 21 Nov 2014 08:13:01 |
matthew |
Document the latest round of phpMyAdmin vulnerabilities.
Security: a5d4a82a-7153-11e4-88c7-6805ca0b3d42 |
1.1_2 20 Nov 2014 21:30:30 |
rakuco |
Add note about CVE-2014-8600 in kde4-runtime and kwebkitpart. |
1.1_2 20 Nov 2014 08:42:28 |
madpilot |
Document yii vulnerability CVE-2014-4672. |
1.1_2 18 Nov 2014 18:32:22 |
rene |
Document new vulnerabilities in www/chromium < 39.0.2171.65
Obtained
from: http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html |
1.1_2 17 Nov 2014 21:27:59 |
rakuco |
Fix version check for the entry added in r372686.
4.11.14 is not in ports yet, the fix was backported to 4.11.13 so we are
safe with 4.11.13_1. |
1.1_2 17 Nov 2014 21:00:00 |
rakuco |
Add entry for CVE-2014-8651 in x11/kde4-workspace. |
1.1_2 13 Nov 2014 10:38:17 |
antoine |
Cleanup plist |
1.1_2 11 Nov 2014 18:35:06 |
kwm |
document dbus CVE-2014-7824 |
1.1_2 07 Nov 2014 22:07:54 |
rea |
ftp/wget: document CVE-2014-4877, path traversal in recursive FTP mode |
1.1_2 05 Nov 2014 22:18:26 |
makc |
VuXML: fix spelling for the latest entry
Noticed by: ports-secteam (rea) |
1.1_2 05 Nov 2014 14:49:09 |
makc |
VuXML: document CVE-2014-8483 for irc/konversation-kde4
Approved by: ports-secteam (zi) |
1.1_2 31 Oct 2014 15:38:01 |
rea |
VuXML: document remote Perl code execution in TWiki
Crafted GET parameter "debugenableplugins" can be used to trigger
code execution,
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 |
1.1_2 31 Oct 2014 11:09:18 |
rea |
VuXML: document vulnerability in Jenkins
CVE-2014-3665, remote code execution on master servers that can
be initiated by (untrusted) slaves,
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30 |
1.1_2 29 Oct 2014 21:51:18 |
rakuco |
Add entry for libssh's CVE-2014-0017. |
1.1_2 24 Oct 2014 01:58:14 |
zi |
- Document recent vulnerabilities in libpurple/pidgin |
1.1_2 22 Oct 2014 08:54:59 |
matthew |
Document cross site scripting vulnerabilities in phpMyAdmin
Security: 25b78f04-59c8-11e4-b711-6805ca0b3d42 |
1.1_2 21 Oct 2014 13:58:33 |
madpilot |
Document asterisk susceptibility to the POODLE vulnerability,
described in CVE-2014-3566. |
1.1_2 18 Oct 2014 12:52:27 |
kwm |
Document libxml2 denial of service |
1.1_2 17 Oct 2014 14:34:14 |
xmj |
Add linux-c6-openssl to OpenSSL entry from 2014-10-15.
Approved by: swills (mentor) |
1.1_2 16 Oct 2014 18:19:57 |
flo |
Document critical SQL Injection Vulnerability in www/drupal7 |
1.1_2 16 Oct 2014 10:34:50 |
beat |
- Mark libxul as vulnerable too
Submitted by: Jan Beich |
1.1_2 15 Oct 2014 17:59:37 |
delphij |
Document OpenSSL multiple vulnerabilities. |
1.1_2 15 Oct 2014 11:46:04 |
beat |
Document mozilla vulnerabilities
PR: 194356
Submitted by: Jan Beich |
1.1_2 09 Oct 2014 13:17:26 |
feld |
Convert USE_PYTHON_RUN to new USES syntax;
Appease the angry DEVELOPER=YES god
Approved by: mat |
1.1_2 09 Oct 2014 13:09:52 |
feld |
Add entry for foreman-proxy
Obtained from: mmoll |
1.1_2 08 Oct 2014 08:32:05 |
rene |
Document new vulnerabilities in www/chromium < 38.0.2125.101
Obtained
from: http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html
MFH: 2014Q4 |
1.1_2 06 Oct 2014 19:09:35 |
ohauer |
- document bugzilla security issues |
1.1_2 02 Oct 2014 21:14:31 |
bdrewery |
Fix rsyslog entry for pkgname matching |
1.1_2 02 Oct 2014 19:59:02 |
matthew |
www/rt42 < 4.2.8 is vulnerable to shellshock related exploits through
its SMIME integration.
Security: 81e2b308-4a6c-11e4-b711-6805ca0b3d42 |
1.1_2 02 Oct 2014 19:30:56 |
brd |
- Update the rsyslog entry to reflect the new versions
Reviewed by: bdrewery |
1.1_2 02 Oct 2014 01:06:43 |
bdrewery |
Update Jenkins entry 549a2771-49cc-11e4-ae2c-c80aa9043978 to be readable. |
1.1_2 02 Oct 2014 00:54:30 |
bdrewery |
Update grammar of DoS in Jenkins entry |
1.1_2 02 Oct 2014 00:53:43 |
bdrewery |
Fix Jenkins entry to note that XSS is an issue, not as compiler |
1.1_2 02 Oct 2014 00:46:54 |
bdrewery |
Document Jenkins vulnerabilities
Security: CVE-2014-3661
Security: CVE-2014-3662
Security: CVE-2014-3663
Security: CVE-2014-3664
Security: CVE-2014-3680
Security: CVE-2014-3681
Security: CVE-2014-3666
Security: CVE-2014-3667
Security: CVE-2013-2186
Security: CVE-2014-1869
Security: CVE-2014-3678
Security: CVE-2014-3679 |
1.1_2 01 Oct 2014 22:57:16 |
bdrewery |
Fix bash entries to also mark bash-static vulnerable |
1.1_2 01 Oct 2014 22:30:59 |
bdrewery |
Document CVE-2014-6277 and CVE-2014-6278 for bash. |
1.1_2 01 Oct 2014 22:12:11 |
bdrewery |
- Document CVE-2014-7187 fixed in bash-4.3.27_1 |
1.1_2 01 Oct 2014 21:25:46 |
matthew |
Document the latest phpMyAdmin vulnerability.
- while here fix the '>' breakage in the rsyslogd entry.
Security: 3e8b7f8a-49b0-11e4-b711-6805ca0b3d42 |
1.1_2 01 Oct 2014 03:40:04 |
bdrewery |
Document CVE-2014-7186 for bash |
1.1_2 30 Sep 2014 20:09:33 |
brd |
- Document sysutils/rsyslog vulnerabilities CVE-2014-3634
Reviewed by: bdrewery@ |
1.1_2 29 Sep 2014 23:34:30 |
bdrewery |
Document shells/fish vulnerabilities |
1.1_2 26 Sep 2014 17:34:27 |
xmj |
Add linux-c6-nss-3.15.1 package to the NSS vulnerability report.
Approved by: swills (mentor) |
1.1_2 26 Sep 2014 17:05:38 |
xmj |
Add linux_base-c6-6.5 package to the bash vulnerability report.
Approved by: swills (mentor) |