| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
06 Jul 2012 18:08:00
  1.1_1
|
flo  |
Document asterisk vulnerabilities. |
06 Jul 2012 04:09:41
1.1_1
|
sunpoet |
- Document typo3 4.5.x, 4.6.x and 4.7.x XSS vulnerability
Security:
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-003/ |
02 Jul 2012 20:05:25
1.1_1
|
wxs |
Document phplist SQL injection and XSS.
Submitted by: Krzysztof Stryjek <wtp@bsdserwis.com> |
27 Jun 2012 21:04:48
1.1_1
|
rene |
Document vulnerabilities for www/chromium < 20.0.1132.43
Obtained from:
http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
27 Jun 2012 15:34:44
1.1_1
|
zi |
- Document recent FreeBSD SA's for 2012: SA-12:04.sysret, SA-12:03.bind,
SA-12:02.crypt, SA-12:01.openssl
Reviewed by: wxs |
25 Jun 2012 16:06:47
1.1_1
|
jgh |
- update to 2.6
PyCrypto before 2.6 does not produce appropriate prime numbers when using an
ElGamal
scheme to generate a key, which reduces the signature space or public key space
and
makes it easier for attackers to conduct brute force attacks to obtain the
private key.
PR: ports/169146
Approved by: portmgr |
23 Jun 2012 03:48:25
1.1_1
|
sunpoet |
- Remove PORTEPOCH for de-wordpress and zh-wordpress |
22 Jun 2012 05:42:13
1.1_1
|
jgh |
- fix range for f5f00804-a03b-11e1-a284-0023ae8e59f0
- add url
- adjust modified accordingly
PR: ports/169152
Submitted by: Trond.Endrestol@ximalas.info |
21 Jun 2012 12:02:29
1.1_1
|
rm |
- fix spelling of `php-fpm' in entry description |
19 Jun 2012 16:16:56
1.1_1
|
scheidell |
- fix package name
Submitted by: scheidell@ (me) |
19 Jun 2012 15:59:38
1.1_1
|
scheidell |
- Add entry for www/joomla25, needs min version 2.5.5
Submitted by: scheidell@ (me) |
17 Jun 2012 05:08:42
1.1_1
|
eadler |
Fix some nits:
- cvename gets automatically expanded to the MITRE url |
16 Jun 2012 13:35:48
1.1_1
|
zi |
- Document recent vulnerabilities in security/clamav: CVE-2012-1419,
CVE-2012-1457, CVE-2012-1458, CVE-2012-1459 |
14 Jun 2012 22:57:25
1.1_1
|
flo |
Document asterisk vulnerability. |
14 Jun 2012 21:41:29
1.1_1
|
nox |
Add vuxml for older version of graphics/ImageMagick.
PR: ports/166686 (related to)
Submitted by: 4721@hushmail.com (the vuxml, via irc) |
13 Jun 2012 20:16:44
1.1_1
|
wxs |
Update 55587adb-b49d-11e1-8df1-0004aca374af with more information. |
12 Jun 2012 15:27:21
1.1_1
|
wxs |
Document mantis vulnerabilities. The information is a bit light on details
but I'm unable to track down better.
PR: ports/168984
Submitted by: Dan Langille <dan@langille.org> |
09 Jun 2012 06:42:37
1.1_1
|
eadler |
Update to 11.1.r202.236 and inform community of security issues
Security: 38195f00-b215-11e1-8132-003067b2972c |
06 Jun 2012 21:16:42
1.1_1
|
delphij |
Correct names for BIND 9.6.x and BIND 9.7.x. |
06 Jun 2012 13:09:11
1.1_1
|
wxs |
Fix my previous commit by adding a accidentally removed <p>. |
06 Jun 2012 12:52:23
1.1_1
|
wxs |
Remove unnecesarry <p> tags from 47f13540-c4cb-4971-8dc6-28d0dabfd9cd. |
06 Jun 2012 07:30:00
1.1_1
|
eadler |
Fix some nits:
- Improve wording of Sympa vuln description
- The url used as a citation for the description must also be a
reference for the user. |
05 Jun 2012 20:10:20
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities |
05 Jun 2012 15:15:21
1.1_1
|
sem |
- Document the last quagga vulnerability |
05 Jun 2012 10:47:38
1.1_1
|
crees |
Document sympa vulnerability |
05 Jun 2012 03:19:37
1.1_1
|
eadler |
Fix some nits:
The url in the cite attribute must appear as a reference |
04 Jun 2012 21:51:34
1.1_1
|
dougb |
Upgrade to 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, and 9.9.1-P1, the latest
from ISC. These patched versions contain a critical bugfix:
Processing of DNS resource records where the rdata field is zero length
may cause various issues for the servers handling them.
Processing of these records may lead to unexpected outcomes. Recursive
servers may crash or disclose some portion of memory to the client.
Secondary servers may crash on restart after transferring a zone
containing these records. Master servers may corrupt zone data if the
zone option "auto-dnssec" is set to "maintain". Other unexpected
problems that are not listed here may also be encountered.
All BIND users are strongly encouraged to upgrade. |
31 May 2012 17:27:20
1.1_1
|
thierry |
Add the quoted url as a reference for nut.
Requested by: eadler |
31 May 2012 16:53:12
1.1_1
|
miwi |
- Fix formating in previous entrys |
31 May 2012 16:40:31
1.1_1
|
jgh |
- better define ranges for a8864f8f-aa9e-11e1-a284-0023ae8e59f0 and add another
vendor note |
30 May 2012 22:26:15
1.1_1
|
jgh |
- Address postgresql*-servers for crypt vulnerability (CVE-2012-2143)
http://www.postgresql.org/about/news/1397/
With hat: pgsql |
30 May 2012 20:46:36
1.1_1
|
thierry |
Add an entry for CVE-2012-2944 in sysutils/nut. |
30 May 2012 03:47:12
1.1_1
|
eadler |
Fix some nits:
The url in the cite attribute must appear as a reference
References should be sorted |
29 May 2012 23:08:34
1.1_1
|
flo |
Document asterisk vulnerabilities. |
28 May 2012 22:45:15
1.1_1
|
rene |
Document vulnerabilities before www/chromium 19.0.1084.52 (the port is safe).
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3103-3115] |
26 May 2012 03:15:46
1.1_1
|
wxs |
Make validate target remove the tidy file if it passes.
Approved by: chimera@ |
26 May 2012 00:59:38
1.1_1
|
gavin |
Correct spelling mistake, FreeSD -> FreeBSD
Reviewed by: nox |
24 May 2012 23:46:50
1.1_1
|
jgh |
- document security issue for haproxy
PR: ports/165035
Submitted by: jgh@
Security: CVE-2012-2391 |
24 May 2012 19:55:11
1.1_1
|
flo |
Document RT vulnerabilities.
(I'm only committing this as matthew is still waiting for mentor approval, and
we found it important enough to commit it right now)
Submitted by: matthew |
21 May 2012 16:43:58
1.1_1
|
jgh |
- inspircd 1.2.9 is not vulnerable
PR: ports/167975
Spotted by: feld@feld.me |
21 May 2012 13:15:42
1.1_1
|
rm |
Add an entry for mail/sympa < 6.1.11 (CVE-2012-2352) |
21 May 2012 06:57:15
1.1_1
|
rm |
Add www/foswiki < 1.1.5 entry (CVE-2012-1004) |
21 May 2012 05:31:34
1.1_1
|
miwi |
- Correct b8ae4659-a0da-11e1-a294-bcaec565249c entry [1]
- Formating and cleanup
Submitted by: Neal Dias <ndias@cisco.com> [1] |
18 May 2012 11:51:18
1.1_1
|
kwm |
Document and fix a off-by-one vulnability in libxml2.
Obtained from: libxml upstream
Security: b8ae4659-a0da-11e1-a294-bcaec565249c |
17 May 2012 17:31:01
1.1_1
|
jgh |
- fix date in 725ab25a-987b-11e1-a2ef-001fd0af1a4c |
17 May 2012 17:12:46
1.1_1
|
jgh |
- revert unintentional date change in aa71daaa-9f8c-11e1-bd0a-0082a0c18826
- update date in f5f00804-a03b-11e1-a284-0023ae8e59f0
- adjust dates in 3d55b961-9a2e-11e1-a2ef-001fd0af1a4c
a1d0911f-987a-11e1-a2ef-001fd0af1a4c for ordering |
17 May 2012 16:52:36
1.1_1
|
jgh |
- Update inspircd to 2.0.5 [1]
- document CVE-2012-1836 [2]
PR: ports/167975
Submitted by: maintainer, feld@feld.me [1], jgh@ [2]
Security: CVE-2012-1836 |
17 May 2012 05:56:48
1.1_1
|
eadler |
Fix some nits:
The url in the cite attribute must appear as a reference
The CVE automatically gets expanded to a url so the mitre url is not
needed |
17 May 2012 05:44:40
1.1_1
|
jgh |
- fix spelling in b3435b68-9ee8-11e1-997c-002354ed89bc |
16 May 2012 19:41:27
1.1_1
|
dougb |
Versions 3.2.0 and earlier of the pidgin-otr plugin contain
a format string security flaw. This flaw could potentially be
exploited by a remote attacker to cause arbitrary code to be
executed on the user's machine.
The flaw is in pidgin-otr, not in libotr. Other applications
that use libotr are not affected. |
16 May 2012 14:24:06
1.1_1
|
wxs |
Document sudo netmask vulnerability. Patch for port forthcoming. |
16 May 2012 07:40:32
1.1_1
|
dinoex |
- Security update OpenSSL 1.0.1c |
15 May 2012 18:39:57
1.1_1
|
rene |
Document vulnerabilities for www/chromium < 19.0.1084.46
Security: CVE-2011-[3083-3097], CVE-2011-[3099-3100] |
14 May 2012 21:18:00
1.1_1
|
zi |
- Document vulnerability in net/socat (CVE-2012-0219) |
14 May 2012 20:37:01
1.1_1
|
eadler |
Fix pivotx vuln.xml |
12 May 2012 21:48:32
1.1_1
|
zi |
- 59b68b1e-9c78-11e1-b5e0-000c299b62e1 also applies to lang/php52 |
12 May 2012 21:35:10
1.1_1
|
zi |
- Document recent vulnerabilities in PHP (CVE-2012-2311 and CVE-2012-2329) |
12 May 2012 16:24:42
1.1_1
|
marcus |
Add an entry for CVE-2012-2214 for an XMPP crash in libpurple. |
12 May 2012 14:23:42
1.1_1
|
sbz |
- Document CVE-2012-2274 for port www/pivotx
PR: ports/167819
Submitted by: Fumiyuki Shimizu <fumifumi at abacustech.jp>
Security: CVE-2012-2274 |
11 May 2012 08:53:19
1.1_1
|
danfe |
Belated VuXML entry for recent NVIDIA Unix driver arbitrary system memory
access vulnerability.
Reviewed by: eadler, delphij
Security: CVE-2012-0946 |
09 May 2012 23:27:05
1.1_1
|
swills |
- Add entry for rubygem-mail |
08 May 2012 20:53:01
1.1_1
|
rm |
Revert my "correction" for php52. All the 5.2.x still affected to NULL
poison bug. Just tested both latest 5.2 and 5.3 with the script from here:
https://bugs.php.net/bug.php?id=39863
Sorry. |
08 May 2012 20:23:11
1.1_1
|
rm |
Mark php52 >= 5.2.15 as not vulnerable to NULL byte poisoning [1]. This problem
was fixed in 5.3.4 and 5.2.15 simultaneously.
[1] http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html
Reported by: Svyatoslav Lempert <svyatoslav.lempert at gmail dot com> |
08 May 2012 02:20:11
1.1_1
|
swills |
- Add entry for www/node |
08 May 2012 01:54:57
1.1_1
|
swills |
- Add entry for p5-Config-IniFiles |
06 May 2012 15:45:47
1.1_1
|
eadler |
Add references for the portupgrade advisory. Some code actually expects content
in this section.
Reported by: dvl
Reviewed by: wxs,zi |
05 May 2012 13:53:46
1.1_1
|
simon |
Unbreak vuln.xml format.
While here fix a long line.
Pointyhat: scheidell |
05 May 2012 13:21:06
1.1_1
|
scheidell |
- Account for repocopy of php5 -> php53
- Account for php52 backport fix
- Add entry for php54 (which will be named php5)
Submitted by: scheidell@ (me) |
05 May 2012 11:12:07
1.1_1
|
scheidell |
- Third time the charm. remove extra (
Submitted by: scheidell@ (me) |
05 May 2012 11:02:13
1.1_1
|
scheidell |
- All versions of PHP between 2004 release and May 3rd, 2012 are vulnerable to
cmdarg attacks
- Note: PHP 5.2.12 and 5.4.2 were created to address this issue, but did not.
- See WWW: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- An additional, unreleased version is needed.
Submitted by: scheidell@ (me)
Obtained from: WWW:www.php.net/archive/2012.php#id2012-05-03-1
Security: CVE-2012-1823 |
05 May 2012 02:04:49
1.1_1
|
eadler |
Fix PHP entry to match the actual package name
Submitted by: simon |
02 May 2012 15:33:39
1.1_1
|
glarkin |
- Document www/webcalendar-devel - multiple vulnerabilities
Requested by: eadler, Hanno Boeck <hanno@hboeck.de> |
01 May 2012 12:56:26
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 18.0.1025.168
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3078-3081], CVE-2012-1521 |
30 Apr 2012 22:03:45
1.1_1
|
swills |
- Document vulnerability in lang/php5 |
30 Apr 2012 17:51:46
1.1_1
|
delphij |
Document samba incorrect permission checks vulnerability. |
30 Apr 2012 03:03:54
1.1_1
|
eadler |
Inform users that ports-mgmt/portupgrade-devel had unchecked distinfo |
27 Apr 2012 02:45:24
1.1_1
|
zi |
- Document vulnerability in net-mgmt/net-snmp (CVE-2012-2141) |
24 Apr 2012 17:51:47
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities |
23 Apr 2012 23:41:13
1.1_1
|
delphij |
Document dokuwiki CSRF vulnerability. |
23 Apr 2012 20:20:05
1.1_1
|
flo |
Document multiple asterisk vulnerabilities |
23 Apr 2012 15:26:51
1.1_1
|
eadler |
Inform users of security vulns in wordpress
PR: ports/167157 |
22 Apr 2012 18:30:38
1.1_1
|
eadler |
Unbreak vuxml by removing stray 'p'
Submitted by: vuxml buildbot |
22 Apr 2012 18:02:00
1.1_1
|
danfe |
Fix formatting in the first 10% of VuXML database file. |
22 Apr 2012 15:22:21
1.1_1
|
danfe |
Fix whitespace: run through unexpand(1), spelling, wrap overly long lines. |
21 Apr 2012 23:43:57
1.1_1
|
eadler |
Inform users about the recent openssl vuln
Reviewed by: dinoex |
21 Apr 2012 17:37:42
1.1_1
|
ohauer |
- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry
Approved by: skv (implicit)
Security: https://bugzilla.mozilla.org/show_bug.cgi?id=728639
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
CVE-2012-0465
CVE-2012-0466 |
19 Apr 2012 03:12:32
1.1_1
|
jgh |
- document typo3 vulnerability
PR: ports/167029 |
16 Apr 2012 15:34:57
1.1_1
|
eadler |
Add information about the recent nginx security vulnerability
PR: ports/166990
Submitted by: rodrigo osorio <rodrigo@bebik.net> |
14 Apr 2012 16:45:06
1.1_1
|
flo |
Document phpmyfaq -- Remote PHP Code Execution Vulnerability |
12 Apr 2012 15:48:52
1.1_1
|
swills |
- Slight cleanups for my puppet entry |
12 Apr 2012 00:16:50
1.1_1
|
eadler |
Add logic to check for tidy differences in the 'make validate' target.
Approved by: secteam (simon, maintainer) |
11 Apr 2012 01:44:20
1.1_1
|
swills |
- Document security issue with Puppet
- Update puppet for security issue
Security: 607d2108-a0e4-423a-bf78-846f2a8f01b0 |
10 Apr 2012 21:16:53
1.1_1
|
delphij |
Document samba root code execution vulnerability. |
10 Apr 2012 05:32:14
1.1_1
|
ohauer |
- document bugzilla Cross-Site Request Forgery |
09 Apr 2012 23:15:23
1.1_1
|
eadler |
Document recent flash player vulnerabilities
Reviewed by: nox |
08 Apr 2012 22:27:16
1.1_1
|
zi |
- Document vulnerability in graphics/png (CVE-2011-3048)
- Fix wording/spelling in 462e2d6c-8017-11e1-a571-bcaec565249c
Feature safe: yes |
08 Apr 2012 07:47:38
1.1_1
|
remko |
As requested by eadler, revert the commit about the move of the
<!-- EOF --> tag. I cannot reproduce the error anymore, so it
might have been the reviewal entry or something else was locally
wrong.
I did a make validate before committing this to make sure it's
OK at this point, if someone encounters the same problem, please
let us know!
Feature safe: yes |
06 Apr 2012 18:44:36
1.1_1
|
kwm |
Document freetype 2 multiple vulnabilities.
Feature safe: yes |
06 Apr 2012 16:07:06
1.1_1
|
nox |
- Fix vulnerability CVE-2011-1429.
- Add a patch to the mutt pager that handles non-breaking space
characters (0xA0) in an UTF8 environment correctly.
- Bump PORTREVISION.
PR: ports/166659
Submitted by: Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
Security:
http://www.freebsd.org/ports/portaudit/49314321-7fd4-11e1-9582-001b2134ef46.html
Feature safe: yes |
05 Apr 2012 20:59:08
1.1_1
|
rene |
Mention vulnerabilities in www/chromium < 18.0.1025.151
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3066-3077]
Feature safe: yes |
If you buy from Amazon USA, please support us by using this link.