Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_6 25 Apr 2023 13:20:40 |
Fernando Apesteguía (fernape) |
security/vuxml: jellyfin multiple vulnerabilities
CVE-2023-30626 - directory traversal vulnerability
CVE-2023-30627 - XSS vulnerability
PR: 271041
Reported by: debdrup@ |
1.1_6 24 Apr 2023 18:00:50 |
Florian Smeets (flo) |
security/vuxml: add phpmyfaq < 3.1.13 |
1.1_6 22 Apr 2023 12:27:15 |
Bernard Spil (brnrd) |
security/vuxml: Fix URLs in MySQL 2023Q2 vulnerabilities |
1.1_6 22 Apr 2023 12:20:32 |
Bernard Spil (brnrd) |
security/vuxml: Document MySQL 2023Q2 vulnerabilities |
1.1_6 21 Apr 2023 18:16:34 |
Matthias Andree (mandree) |
security/vuxml: fix typo in ghostscript entry update |
1.1_6 21 Apr 2023 18:09:19 |
Matthias Andree (mandree) |
security/vuxml: fix up ghostscript version range of CVE-2023-28879
Pointy hat to: mandree@ for misreading the quoted Artifex page
Reported by: Nicholas Taylor <nicholas.e.taylor@gmail.com>
PR: 270823 (comment #3)
Security: CVE-2023-28879
Security: 25872b25-da2d-11ed-b715-a1e76793953b |
1.1_6 20 Apr 2023 17:49:18 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.165
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Differential Revision: https://reviews.freebsd.org/D39717 |
1.1_6 16 Apr 2023 07:09:27 |
Florian Smeets (flo) |
security/vuxml: add libxml2 < 2.10.4 |
1.1_6 15 Apr 2023 21:11:18 |
Florian Smeets (flo) |
security/vuxml: add mod_gnutls <= 0.12.1 |
1.1_6 15 Apr 2023 17:53:33 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.121
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
Differential Revision: https://reviews.freebsd.org/D39578 |
1.1_6 14 Apr 2023 08:29:45 |
Philip Paeps (philip) |
security/vuxml: fix vuxml build
Remove invalid CVE entries introduced in d58bc805721a.
Pointy hat to: wen |
1.1_6 13 Apr 2023 20:10:39 |
Matthias Andree (mandree) |
security/vuxml: revise ghostscript vuln entry. |
1.1_6 13 Apr 2023 19:20:07 |
Matthias Andree (mandree) |
security/vuxml: ghostscript < 10.01.1 buffer overflow
Security: 25872b25-da2d-11ed-b715-a1e76793953b
Security: CVE-2023-28879 |
1.1_6 12 Apr 2023 06:16:37 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.8 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.8
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted stream of FTP packets containing a command
reply with many intermediate lines can cause Zeek to spend a
large amount of time processing data.
- A specially-crafted set of packets containing extremely large
file offsets cause cause the reassembler code to allocate large
amounts of memory.
- The DNS manager does not correctly expire responses that don't (Only the first 15 lines of the commit message are shown above ) |
1.1_6 12 Apr 2023 04:32:25 |
Philip Paeps (philip) Author: Hubert Tournier |
security/vuxml: add another batch of pysec vulnerabilities
Vulnerable Python ports discovered with pysec2vuxml.
See also: <https://github.com/HubTou/pysec2vuxml>.
PR: 270744 |
1.1_6 10 Apr 2023 22:54:54 |
Jan Beich (jbeich) |
security/vuxml: mark ffmpeg >= 4.4.4,1 as not vulnerable |
1.1_6 10 Apr 2023 21:39:54 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerability in traefik before 2.9.9_1 |
1.1_6 10 Apr 2023 06:38:03 |
Philip Paeps (philip) Author: Hubert Tournier |
security/vuxml: document 20 py*-* vulnerabilities
Vulnerable Python ports discovered with pysec2vuxml.
See also: <https://github.com/HubTou/pysec2vuxml>.
PR: 270723 |
1.1_6 09 Apr 2023 10:02:35 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.49
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
Differential Revision: https://reviews.freebsd.org/D39423 |
1.1_6 09 Apr 2023 09:56:01 |
Rene Ladan (rene) |
security/vuxml: fix whitespace error
Reported by: `make validate` |
1.1_6 08 Apr 2023 15:13:24 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6 07 Apr 2023 14:52:06 |
Timur I. Bakeyev (timur) |
securily/vuxml: document Samba vulnerabilities
CVE-2023-0225, CVE-2023-0922, CVE-2023-0614
Security: CVE-2023-0225
CVE-2023-0922
CVE-2023-0614 |
1.1_6 07 Apr 2023 12:25:37 |
Jan Beich (jbeich) |
security/vuxml: mark ffmpeg < 5.0.3,1 as vulnerable |
1.1_6 01 Apr 2023 07:33:55 |
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6 01 Apr 2023 07:12:53 |
Matthew Seaman (matthew) |
security/vuxml: document grafana vulnerabilities
CVE-2023-1410
PR: 270562
Reported by: Boris Korzun |
1.1_6 31 Mar 2023 04:29:06 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_6 30 Mar 2023 21:27:40 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document ReDoS vulnerability in rubygem-time |
1.1_6 30 Mar 2023 21:27:36 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document ReDoS vulnerability in rubygem-uri |
1.1_6 30 Mar 2023 19:02:28 |
Florian Smeets (flo) Author: Ralf van der Enden |
security/vuxml: Document powerdns vulnerabilities
PR: 270537 |
1.1_6 30 Mar 2023 11:42:19 |
Bernard Spil (brnrd) |
security/vuxml: Fix typo in blockquote |
1.1_6 29 Mar 2023 23:42:05 |
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.8,1 as vulnerable |
1.1_6 29 Mar 2023 18:31:57 |
Bernard Spil (brnrd) |
security/vuxml: Document 2 OpenSSL vulnerabilities |
1.1_6 29 Mar 2023 00:26:44 |
Ashish SHUKLA (ashish) |
security/vuxml: Document security vulnerabilities in Matrix clients |
1.1_6 24 Mar 2023 18:16:54 |
Florian Smeets (flo) |
security/vuxml: phpmyfaq vulnerabilities |
1.1_6 24 Mar 2023 12:36:45 |
Bernard Spil (brnrd) |
security/vuxml: Adapt OpenSSL vuln for openssl-quictls |
1.1_6 24 Mar 2023 11:42:38 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL DoS vulnerability |
1.1_6 24 Mar 2023 09:54:08 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible denial of service vulnerability in rack |
1.1_6 24 Mar 2023 09:52:58 |
Yasuhiro Kimura (yasu) |
security/vuxml: Fix range of rubygem-rack22 in
f0798a6a-bbdb-11ed-ba99-080027f5fec9
Fixes: ea12c503acc8 |
1.1_6 24 Mar 2023 05:05:24 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability in net-im/dino |
1.1_6 23 Mar 2023 18:05:12 |
Jan Beich (jbeich) |
security/vuxml: mark libXpm < 3.5.15 as vulnerable |
1.1_6 23 Mar 2023 15:01:09 |
Ashish SHUKLA (ashish) |
security/vuxml: Remove empty cvename tag in jenkins entry |
1.1_6 23 Mar 2023 13:54:03 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for security/tailscale
PR: 270406 |
1.1_6 22 Mar 2023 09:12:58 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 111.0.5563.110
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html |
1.1_6 21 Mar 2023 08:01:05 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document denial-of-serviece vulnerability in redis |
1.1_6 20 Mar 2023 09:10:32 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in curl |
1.1_6 16 Mar 2023 19:44:47 |
Florian Smeets (flo) |
security/vuxml: Document phpmyadmin vulnerabilities |
1.1_6 12 Mar 2023 18:31:09 |
Fernando Apesteguía (fernape) |
security/vuxml: Autofill CVE information
The `newentry` target accepts an optional parameter CVE_ID.
When provided, the newentry.sh script tries to retrieve information from the
NVD and MITRE databases and fill the template accordingly.
The script needs `textproc/jq` and warns the user and exists if it is not found.
How to use it:
make newentry CVE_ID=CVE-2022-39282
Note that this is just a helper. *YOU HUMAN* have to check that the information
is correct.
Reviewed by: tcberner, jlduran_gmail.com, mat
Differential Revision: https://reviews.freebsd.org/D38894 |
1.1_6 11 Mar 2023 09:12:55 |
Jochen Neumeister (joneum) |
security/vuxml: Document Apache httpd vulnerabilities
Sponsored by: Netzkommune GmbH |
1.1_6 10 Mar 2023 08:30:56 |
Don Lewis (truckman) |
security/vuxml: fix typo in the openoffice entry
Fix a typo in the openoffice devel version value in the latest
openoffice entry. |
1.1_6 09 Mar 2023 17:46:35 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 111.0.5563.64
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
Differential Revision: https://reviews.freebsd.org/D38992 |
1.1_6 09 Mar 2023 16:35:07 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2023-03-08
Sponsored by: The FreeBSD Foundation |
1.1_6 09 Mar 2023 07:56:23 |
Fernando Apesteguía (fernape) Author: Zoltan ALEXANDERSON BESSE |
security/vuxml: databases/mantis <2.25.6 CVEs
CVE-2023-22476 and CVE-2022-31129
ChangeLog:
https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6
PR: 270039
Reported by: zab@zltech.eu |
1.1_6 08 Mar 2023 14:44:44 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerability |
1.1_6 08 Mar 2023 01:17:01 |
Don Lewis (truckman) |
security/vuxml: openoffice 2022 vulnerabilities
Belatedly document Apache OpenOffice vulnerabilities from 2022. The
port was broken at the time. |
1.1_6 06 Mar 2023 05:26:54 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible DoS vulnerability in rack |
1.1_6 05 Mar 2023 01:02:16 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in curl |
1.1_6 04 Mar 2023 07:04:51 |
Eugene Grosbein (eugen) |
security/vuxml: document strongSwan certificate verification vulnerability
Security: 3f9b6943-ba58-11ed-bbbd-00e0670f2660 |
1.1_6 03 Mar 2023 19:53:11 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab-ce vulnerabilities |
1.1_6 03 Mar 2023 10:46:53 |
Fernando Apesteguía (fernape) Author: Boris Korzun |
security/vuxml: document grafana{8,9} CVEs
* CVE-2023-0507 - Stored XSS in geomap panel plugin via attribution (High)
* CVE-2023-0594 - Stored XSS in TraceView panel (High)
* CVE-2023-22462 - Stored XSS in text panel plugin
PR: 269903
Reported by: drtr0jan@yandex.ru |
1.1_6 01 Mar 2023 01:54:52 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6 27 Feb 2023 15:08:46 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in Emacs |
1.1_6 25 Feb 2023 09:01:24 |
Jan Beich (jbeich) Author: Tom Hukins |
security/vuxml: correct "vulnerabilities" spelling
Closes: https://github.com/freebsd/freebsd-ports/pull/164 |
1.1_6 24 Feb 2023 13:36:11 |
Fernando Apesteguía (fernape) |
security/vuxml: document vulnerabilities for net/freerdp
CVE-2022-39282 and CVE-2022-39283.
PR: 269667
Reported by: grahamperrin@freebsd.org |
1.1_6 23 Feb 2023 06:17:11 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 110.0.5481.177
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html |
1.1_6 21 Feb 2023 22:37:24 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.7 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.7
This release fixes the following potential DoS vulnerabilities:
- Receiving DNS responses from async DNS requests (via the
lookup_addr, etc BIF methods) with the TTL set to zero could
cause the DNS manager to eventually stop being able to make new
requests.
- Specially-crafted FTP packets with excessively long usernames,
passwords, or other fields could cause log writes to use large
amounts of disk space.
- The find_all and find_all_ordered BIF methods could take extremely
large amounts of time to process incoming data depending on the
size of the input.
Reported by: Tim Wojtulewicz |
1.1_6 21 Feb 2023 20:57:38 |
Koop Mast (kwm) |
security/vuxml: Document libde265 vulnabilities.
PR: 269382
Reported by: diizzy@ |
1.1_6 21 Feb 2023 11:37:19 |
Renato Botelho (garga) |
security/vuxml: Document recent git CVEs
Document CVEs fixed by devel/git 2.39.1 and 2.39.2:
CVE-2022-41903
CVE-2022-23521
CVE-2023-22490
CVE-2023-23946
PR: 269655
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_6 20 Feb 2023 09:34:49 |
Florian Smeets (flo) Author: Stefan Bethke |
security/vuxml: Add gitea vulnerabilities
PR: 269707 |
1.1_6 19 Feb 2023 18:12:33 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerable x/net/http2 module in traefik |
1.1_6 19 Feb 2023 11:01:41 |
Robert Clausecker (fuz) |
security/vuxml: document log4j vulnerability in sysutils/rundeck3
PR: 261748
Reported by: ruben@verweg.com
Approved by: flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38636 |
1.1_6 18 Feb 2023 17:33:09 |
Fernando Apesteguía (fernape) Author: Tom Hukins |
security/vuxml: Add www/minio vulnerability
CVE-2022-24842: unprivileged users can create service accounts for admin users.
PR: 268656
Reported by: adam@omega.org.uk
Obtained from: https://github.com/freebsd/freebsd-ports/pull/158 |
1.1_6 16 Feb 2023 04:09:33 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in ClamAV |
1.1_6 15 Feb 2023 19:06:01 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6 14 Feb 2023 13:55:02 |
Wen Heping (wen) |
security/vuxml: Fix typo in my previous commit
Reported by: dan@langille.org(via email) |
1.1_6 14 Feb 2023 12:03:59 |
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_6 13 Feb 2023 14:13:53 |
Tijl Coosemans (tijl) |
security/vuxml: Document GNUTLS-SA-2020-07-14
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 |
1.1_6 12 Feb 2023 20:57:44 |
Florian Smeets (flo) |
security/vuxml: Document phpmyfaq vulnerabilities |
1.1_6 10 Feb 2023 20:49:46 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 110.0.5481.77
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html |
1.1_6 09 Feb 2023 15:05:24 |
Palle Girgensohn (girgen) |
security/vuxml: update PostgreSQL CVE-2022-41862
The problem is with libpq, part of the postgresql-client packages. |
1.1_6 09 Feb 2023 15:00:48 |
Palle Girgensohn (girgen) |
security/vuxml: add entry for PostgreSQL CVE-2022-41862 |
1.1_6 09 Feb 2023 10:16:46 |
Fernando Apesteguía (fernape) Author: Boris Korzun |
security/vuxml: Record grafana{8,9} vulnerabilities
CVE-2022-39324 and CVE-2022-23552 |
1.1_6 08 Feb 2023 18:01:14 |
Bernard Spil (brnrd) |
security/vuxml: Document LibreSSL vulnerability |
1.1_6 08 Feb 2023 04:18:57 |
Koichiro Iwao (meta) |
security/vuxml: Fix affected version of tightvnc
Forgot to include PORTREVISION.
Reported by: jbeich |
1.1_6 08 Feb 2023 03:34:57 |
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.7,1 as vulnerable |
1.1_6 08 Feb 2023 02:29:38 |
Koichiro Iwao (meta) |
security/vuxml: Document TightVNC multiplevulnerability |
1.1_6 07 Feb 2023 19:53:59 |
Bernard Spil (brnrd) |
security/vuxml: Document new OpenSSL vulnerabilities |
1.1_6 06 Feb 2023 01:25:30 |
Wen Heping (wen) |
security/vuxml: Document django multiple vulnerabilities |
1.1_6 05 Feb 2023 14:34:45 |
Fernando Apesteguía (fernape) |
security/vuxml: Fix kafka version
Use 3.3.2 since we don't have the 3.4.x branch.
Fixes: 37508462426c3674c0b32cc7e8cb38dbafc2ecd5 |
1.1_6 04 Feb 2023 19:27:58 |
Fernando Apesteguía (fernape) |
security/vuxml: Register net/kafka stack overflow vulnerability
CVE-2020-36518
PR: 269170 |
1.1_6 04 Feb 2023 19:04:32 |
Fernando Apesteguía (fernape) |
security/vuxml: Register sysutils/node_exporter vulnerability
CVE-2022-46146
Note that in
https://cgit.freebsd.org/ports/commit/?id=8b5d2b9a9ec7985158a814e2cdf9022d785b9090
three CVEs are mentioned: CVE-2022-27191 CVE-2022-27664 CVE-2022-46146
However, according to: https://github.com/prometheus/node_exporter/pull/2488
node_exported is not really affected by those Go vulnerabilities. However
the dependencies were bumped anyway. |
1.1_6 03 Feb 2023 13:38:45 |
Koichiro Iwao (meta) Author: Tom Hukins |
security/vuxml: fix a typo
Pull Request: https://github.com/freebsd/freebsd-ports/pull/155 |
1.1_6 02 Feb 2023 20:49:55 |
Florian Smeets (flo) |
security/vuxml: Belatedly record vulnerabilities fixed in asterisk 18.15.1 |
1.1_6 02 Feb 2023 13:57:36 |
Nicola Vitale (nivit) |
security/vuxml: Add audio/py-spotipy <= 2.22.0
Security: CVE-2023-23608 |
1.1_6 01 Feb 2023 19:04:19 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.6 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.6
This release fixes the following potential DoS vulnerabilities:
- A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
- Receiving a series of packets that start with HTTP/1.0 and then
switch to HTTP/0.9 could cause Zeek to spend a large amount of
time processing the packets.
- Receiving large numbers of FTP commands sequentially from the
network with bad data in them could cause Zeek to spend a large
amount of time processing the packets, and generate a large
amount of events.
Reported by: Tim Wojtulewicz |
1.1_6 01 Feb 2023 05:02:56 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6 30 Jan 2023 11:28:30 |
Nuno Teixeira (eduardo) |
security/vuxml: Document CVE-2021-42835 for
multimedia/plexmediaserver{-plexpass} < 1.25.0
PR: 269226
Reported by: grahamperrin |
1.1_6 30 Jan 2023 10:26:13 |
Fernando Apesteguía (fernape) |
security/vuxml: add net-mgmt/prometheus basic authentication bypass
CVE-2022-46146
PR: 269153
Reported by: dor.bsd@xm0.uk (maintainer) |
1.1_6 25 Jan 2023 11:35:34 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 109.0.5414.119
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html |
1.1_6 25 Jan 2023 08:11:56 |
Nuno Teixeira (eduardo) |
security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0
PR: 269147
Reported by: grahamperrin |
1.1_6 24 Jan 2023 20:37:23 |
Florian Smeets (flo) Author: Stefan Bethke |
security/vuxml: Record gitea vulnerability
PR: 269131 |