Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 15 Apr 2014 20:21:44 |
swills |
- Add multiple missing entries
PR: ports/188512
Submitted by: Pawel Biernacki <pawel.biernacki@gmail.com> |
1.1_1 13 Apr 2014 12:45:24 |
rene |
Fix typo.
Submitted by: matthew@ |
1.1_1 13 Apr 2014 12:17:20 |
rene |
Mention a vulnerability in japanese/chasen* which exists since 2011-11-08
Obtained from: http://jvn.jp/en/jp/JVN16901583/index.html |
1.1_1 11 Apr 2014 21:41:43 |
zi |
- Correct version ranges for
7ccd4def-c1be-11e3-9d09-000c2980a9f3/5631ae98-be9e-11e3-b5e3-c80aa9043978
Reported by: Tim Zingelman <tez@netbsd.org> |
1.1_1 11 Apr 2014 21:33:41 |
zi |
- Move CVE-2014-0076 to its own entry+add FreeBSD system information as the
affected list does not 100% line up with the vulnerability described in
CVE-2014-0160/5631ae98-be9e-11e3-b5e3-c80aa9043978 |
1.1_1 11 Apr 2014 21:11:17 |
zi |
- Note FreeBSD system vulnerability information for
5631ae98-be9e-11e3-b5e3-c80aa9043978 |
1.1_1 10 Apr 2014 23:58:48 |
bdrewery |
- Mark linux-f10-openssl vulnerabilities
Reported by: frogs on freenode |
1.1_1 09 Apr 2014 14:37:43 |
zi |
- Document recent vulnerability in net/openafs (CVE-2014-0159) |
1.1_1 08 Apr 2014 19:14:35 |
rene |
Document new vulnerabilities in www/chromium < 34.0.1847.116
Obtained from: http://googlechromereleases.blogspot.nl/
MFH: 2014Q2 |
1.1_1 08 Apr 2014 13:40:19 |
knu |
Add mingw32-openssl. |
1.1_1 08 Apr 2014 02:26:46 |
bdrewery |
Add more information for OpenSSL bug |
1.1_1 08 Apr 2014 00:50:34 |
bdrewery |
- Sort references
- Add link to heartbleed.com that has a lot of useful information |
1.1_1 07 Apr 2014 22:05:07 |
bdrewery |
- Document Openssl vulnerabilities
Security: CVE-2014-0160
Security: CVE-2014-0076
Security: https://www.openssl.org/news/secadv_20140407.txt
MFH: 2014Q2 |
1.1_1 03 Apr 2014 12:23:44 |
cs |
New OTRS vulnerability
Security: CVE-2014-2554 |
1.1_1 03 Apr 2014 11:07:25 |
knu |
Add CVE-2014-2525 which affects libyaml. |
1.1_1 01 Apr 2014 08:46:41 |
ale |
Fix all mod_php entries.
Please don't use the range <range><ge>0</ge></range>. |
1.1_1 29 Mar 2014 12:00:53 |
lme |
Add an entry for CVE-2014-2386 |
1.1_1 29 Mar 2014 08:30:51 |
bf |
Add an entry for CVE-2014-2270, and correct the indentation
in the entry for CVE-2014-1943 |
1.1_1 28 Mar 2014 12:11:17 |
ale |
Fix mod_php5 entry. |
1.1_1 27 Mar 2014 19:50:33 |
mandree |
Sort reference entries in 36f9ac43-b2ac-11e3-8752-080027ef73ec
mail/trojita information leak.
This should really be in the DTD or at least "make validate" if it's
official requirement...
Submitted by: remko |
1.1_1 23 Mar 2014 23:20:44 |
nivit |
- Document multiple vulnerabilities for Joomla! 2 and Joomla! 3 |
1.1_1 23 Mar 2014 17:10:43 |
mandree |
Add an entry for trojita mail leak across unencrypted connections
(CVE-2014-2567). Port update in PR#187370, pending commit.
MFH: yes |
1.1_1 23 Mar 2014 13:40:57 |
osa |
Split nginx and nginx-devel entries, update date. |
1.1_1 23 Mar 2014 02:48:58 |
osa |
Add CVE-2014-0133 entries for www/nginx and www/nginx-devel. |
1.1_1 22 Mar 2014 21:22:02 |
ohauer |
- document apache22 /apache24
CVE-2014-0098, CVE-2013-6438
Please Note:
apache-2.2.27 is not released until now,
but this is exoected during the next days. |
1.1_1 20 Mar 2014 10:24:11 |
beat |
Attempt to fix latest mozilla entry for firefox-esr
Reported by: plukky on #bsdports |
1.1_1 19 Mar 2014 17:54:48 |
beat |
Document mozilla vulnerabilities |
1.1_1 15 Mar 2014 09:26:10 |
rene |
Document new vulnerabilities in www/chromium < 33.0.1750.152
Obtained from: http://googlechromereleases.blogspot.nl/
MFH: 2014Q1 |
1.1_1 14 Mar 2014 15:13:13 |
simon |
Update (c) year to be 2014.
PS. all rumors that this commit is to shup up the grim reaper are wildly
exagurated. |
1.1_1 14 Mar 2014 11:34:53 |
zi |
- Fix ordering |
1.1_1 14 Mar 2014 11:19:19 |
zi |
- Document recent vulnerability in mail/mutt (CVE-2014-0467) |
1.1_1 13 Mar 2014 22:58:56 |
cs |
Vulnerability in sysutils/wemux |
1.1_1 11 Mar 2014 22:39:08 |
delphij |
Document samba multiple vulnerabilities announced today. |
1.1_1 11 Mar 2014 20:14:38 |
flo |
Document asterisk vulnerabilities
MFH: 2014Q1 |
1.1_1 11 Mar 2014 17:16:55 |
rene |
Document new vulnerabilities in www/chromium < 33.0.1750.149
Obtained from: http://googlechromereleases.blogspot.nl/
MFH: 2014Q1 |
1.1_1 09 Mar 2014 18:59:15 |
remko |
Properly indent the last entry.
Discussed with: kwm |
1.1_1 09 Mar 2014 08:43:48 |
kwm |
Unbreak vuxml.
Submitted by: battlez
MFH: 2014Q1 |
1.1_1 09 Mar 2014 08:18:18 |
kwm |
Document freetype2 vuln.
MFH: 2014Q1 |
1.1_1 06 Mar 2014 13:09:20 |
bapt |
Reference xmms vulnerabilities: CVE-2007-0653 and CVE-2007-0654 |
1.1_1 06 Mar 2014 00:21:06 |
osa |
Add security advisory for nginx-1.5.10. |
1.1_1 05 Mar 2014 23:14:02 |
rene |
Document new vulnerabilities in www/chromium < 33.0.1750.146
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_1 04 Mar 2014 22:50:05 |
bdrewery |
security/gnutls is fixed for CVE-2014-0092 and CVE-2014-1959 |
1.1_1 04 Mar 2014 22:17:32 |
delphij |
Document GnuTLS multiple certification verification issues. |
1.1_1 03 Mar 2014 14:38:31 |
bf |
Add an entry for the file DOS vulnerability, CVE-2014-1943 |
1.1_1 02 Mar 2014 15:26:53 |
demon |
Use correct PORTREVISION for python33's CVE. |
1.1_1 01 Mar 2014 12:51:06 |
koobs |
security/vuxml: Sort Python entry references alphabetically
MFH: 2014Q1
Reported by: remko |
1.1_1 01 Mar 2014 10:51:35 |
koobs |
security/vuxml: Document CVE-2014-1912 for Python 2.7 - 3.3
Python: buffer overflow in socket.recvfrom_into()
MFH: 2014Q1
Security: CVE-2014-1912 |
1.1_1 26 Feb 2014 21:27:47 |
ohauer |
- add entry for subversion CVE-2014-0032 |
1.1_1 25 Feb 2014 19:45:18 |
cs |
Report new vulnerability in otrs to vuxml
Security: CVE-2014-1695 |
1.1_1 24 Feb 2014 13:13:55 |
rene |
Document new vulnerabilities in www/chromium < 33.0.1750.117
Obtained from: http://googlechromereleases.blogspot.nl/
MFH: 2014Q1 |
1.1_1 20 Feb 2014 18:11:25 |
girgen |
The PostgreSQL Global Development Group has released an important
update to all supported versions of the PostgreSQL database system,
which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and
8.4.20. This update contains fixes for multiple security issues, as
well as several fixes for replication and data integrity issues. All
users are urged to update their installations at the earliest
opportunity, especially those using binary replication or running a
high-security application.
This update fixes CVE-2014-0060, in which PostgreSQL did not properly
enforce the WITH ADMIN OPTION permission for ROLE management. Before
this fix, any member of a ROLE was able to grant others access to the
same ROLE regardless if the member was given the WITH ADMIN OPTION
permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.
Security: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063
CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067 |
1.1_1 15 Feb 2014 17:05:12 |
lwhsu |
- Last whitespace change
- Sort CVE entries
Notified by: remko |
1.1_1 15 Feb 2014 12:10:20 |
matthew |
Document the latest PMA security advisory: PMSA-2014-1
The version of PMA currently in ports (since 2014-02-09) is not
affected. |
1.1_1 15 Feb 2014 09:09:57 |
lwhsu |
Add CVE entry to references
Notified by: remko |
1.1_1 15 Feb 2014 09:07:34 |
lwhsu |
whitespace
Notified by: remko |
1.1_1 15 Feb 2014 08:04:51 |
lwhsu |
Document Jenkins Security Advisory 2014-02-14 |
1.1_1 14 Feb 2014 04:36:50 |
zi |
- Document recent vulnerabilities in www/lighttpd |
1.1_1 06 Feb 2014 23:05:06 |
flo |
Document phpmyfaq vulnerabilities |
1.1_1 06 Feb 2014 20:39:31 |
cs |
Update VUXML entry on recent otrs vulnerabilities
Suggested by: remko@ |
1.1_1 05 Feb 2014 15:57:58 |
eadler |
Update the latest flash security advisory |
1.1_1 05 Feb 2014 02:15:47 |
eadler |
Report the latest flash security issue |
1.1_1 04 Feb 2014 21:19:14 |
beat |
Document mozilla vulnerabilities
Reviewed by: flo |
1.1_1 02 Feb 2014 13:52:18 |
zi |
- Add modified date to libyaml entry |
1.1_1 02 Feb 2014 03:51:39 |
zi |
- Add libyaml to the libyaml vulnerability entry |
1.1_1 01 Feb 2014 20:53:20 |
bdrewery |
- Document libyaml vulnerability in pkg
Security: CVE-2013-6393 |
1.1_1 29 Jan 2014 08:42:34 |
ehaupt |
Use the same URL as in blockquote.
Submitted by: remko |
1.1_1 29 Jan 2014 08:22:56 |
miwi |
- Fix format |
1.1_1 29 Jan 2014 07:53:48 |
ehaupt |
Document socat vulnerability.
Security: CVE-2014-0019 |
1.1_1 28 Jan 2014 22:29:12 |
cs |
2 new OTRS vulnerabilities
Security: CVE-2014-1471 |
1.1_1 27 Jan 2014 23:10:11 |
matthew |
rt42-4.2.1_3, which appears only on the 2014Q1 branch, should also be
counted as not vulnerable. |
1.1_1 27 Jan 2014 23:01:12 |
rene |
Document vulnerabilities in www/chromium < 32.0.1700.102
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_1 27 Jan 2014 22:46:38 |
matthew |
Formatting fixes
Submitted by: remko |
1.1_1 27 Jan 2014 21:08:46 |
decke |
- Fix style for strongswan entry
Reported by: remko |
1.1_1 27 Jan 2014 20:44:52 |
matthew |
vuxml entry concerning the recent security advisory about www/rt42
from 4.2.0 to 4.2.2 inclusive. This is slightly unusual in the the
fix is applied to a completely different port
mail/p5-Email-Address-List which www/rt42 depends on..
Security: d1dfc4c7-8791-11e3-a371-6805ca0b3d42 |
1.1_1 27 Jan 2014 13:52:18 |
decke |
- Fix typo in last entry
Reported by: bz |
1.1_1 27 Jan 2014 13:31:46 |
decke |
- Document multiple DoS vulnerabilities in strongswan
Security: CVE-2013-5018
Security: CVE-2013-6075
Security: CVE-2013-6076 |
1.1_1 25 Jan 2014 09:24:38 |
koobs |
Document Varnish HTTP Cache < 3.0.5 DoS Vulnerability
Reviewed by: remko |
1.1_1 24 Jan 2014 05:05:37 |
eadler |
Update flash to 11.2r202.335
Report security issues
PR: ports/185790
Reported by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1 23 Jan 2014 10:03:33 |
remko (src,doc committer) |
Cleanup the HTMLDOC entry, long lines and remove the ...
entries because I think it's not needed. Also adjust
the previous entry by indenting correctly.
Hat: secteam
Facilicated by: Snow B.V. |
1.1_1 22 Jan 2014 23:51:10 |
mandree |
Document HTMLDOC < 1.8.28 vulnerability. |
1.1_1 16 Jan 2014 16:15:48 |
decke |
Document virtualbox-ose vulnerabilities
Security: CVE-2013-5892 |
1.1_1 15 Jan 2014 21:41:16 |
rene |
Document new vulnerabilities in www/chromium < 32.0.1700.77
Obtained from: http://googlechromereleases.blogspot.nl/
MFH: 2014Q1 |
1.1_1 15 Jan 2014 08:48:46 |
erwin |
Sort references
Submitted by: remko |
1.1_1 15 Jan 2014 08:36:23 |
erwin |
Document SA-13:07.bind |
1.1_1 14 Jan 2014 21:15:11 |
remko (src,doc committer) |
Fix the latest entry, it has many issues, make validate
told us exactly what was wrong. I redid the entry and
just took out the ul/li structure and replaced it with
regular paragraphs. It might be worth investigating
to use the FreeBSD SA that got released because of this
as the main text, which is best suited imo.
Hat: secteam |
1.1_1 14 Jan 2014 20:54:57 |
cy |
Mark net/ntp forbidden.
Security: CVE-2013-5211 / VU#348126 |
1.1_1 14 Jan 2014 14:16:13 |
mat |
Document the latest nagios vulnerability. |
1.1_1 13 Jan 2014 17:38:28 |
mat |
Security update to fix CVE-2014-0591 as reported at
https://kb.isc.org/article/AA-01078/74/
9.9.4 -> 9.9.4-P2
9.8.6 -> 9.8.6-P2
9.6-ESV-R10 -> 9.6-ESV-R10-P2
Security: CVE-2014-0591 Remote DOS |
1.1_1 08 Jan 2014 10:42:05 |
zeising |
Update libXfont to 1.4.7
This is a security fix and it is important to update, since it might lead to
a privilege escalation if the X server is run as root (which is the default)
Security: CVE-2013-6462 |
1.1_1 06 Jan 2014 23:55:39 |
delphij |
Document OpenSSL 1.0.1e multiple vulnerabilities. |
1.1_1 28 Dec 2013 23:52:50 |
remko (src,doc committer) |
Correct ident for most recent entries. No functional changes.
People, please be aware that we use the FreeBSD Documentation Primer
and that there are style rules we have to follow. If you are in
doubt please consult me and I am more then willing to help.
Hat: secteam |
1.1_1 22 Dec 2013 17:49:47 |
ohauer |
- mark as FORBIDDEN (zero day SQL vuln)
Security: CVE-2013-7149 |
1.1_1 19 Dec 2013 07:45:42 |
delphij |
Cover gnupg1 ports/packages as well. |
1.1_1 18 Dec 2013 23:04:24 |
delphij |
Apply vendor fix for CVE-2013-6422, cURL libcurl cert name check ignore
with GnuTLS. Document the vulnerability fix in vuxml while I'm here. |
1.1_1 18 Dec 2013 15:22:59 |
kuriyama |
Add about gnupg-1.4.16. |
1.1_1 17 Dec 2013 23:26:27 |
flo |
- document asterisk vulnerabilities
- correctly order references [1]
Reported by: remko [1] |
1.1_1 16 Dec 2013 23:37:24 |
flo |
- update to 2.8.4
- add stage support
Security: 3b86583a-66a7-11e3-868f-0025905a4771 |
1.1_1 16 Dec 2013 04:11:00 |
delphij |
Document Zabbix agent remote command execution vulnerability. |
1.1_1 14 Dec 2013 23:30:37 |
flo |
Update to 5.3.28
Security: 47b4e713-6513-11e3-868f-0025905a4771 |
1.1_1 14 Dec 2013 13:42:06 |
flo |
Update to nspr 4.10.2
Update to nss 3.15.3.1
Update firefox-esr and thunderbird to 24.2.0
Update firefox to 26.0
Update seamonkey to 2.23
- catch up with directory renames since USES=webplugins was introduced;
fixes plugins not being automatically enabled after install
- linux-firefox and linux-seamonkey can play HTML5 audio [2][3] and
measure about:memory usage, again
- dom.ipc.plugins.enabled->true no longer crash linux-firefox which makes
some flash sites work again; as there's no nspluginwrapper in-between
the infamous "youtube issue" never occurs
- install DEBUG with symbols [3] and describe the option better [4]
- enable dumping about:memory upon kill -65, kill -66 and GC/CC log
upon kill -67 to a file under /tmp directory; linux-firefox uses
kill -34, kill -35 and kill -36 respectively
PR: ports/183861 [1]
PR: ports/184006 [2]
PR: ports/169896 [3]
PR: ports/184285 [3]
PR: ports/184286 [4]
Security: dd116b19-64b3-11e3-868f-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org> |