Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 25 Jul 2013 18:29:27 |
bjk (doc committer) |
Update to 1.6.5
This is a security release by upstream, and requires configuration changes
in addition to the software update. See UPDATING.
Reviewed by: ports-security (zi, remko)
Approved by: hrs (mentor, ports committer) |
1.1_1 24 Jul 2013 20:59:28 |
lev |
Add <url></url> to references.
Submitted by: Remko Lodder <remko@FreeBSD.org> |
1.1_1 24 Jul 2013 17:18:50 |
lev |
Update:
devel/subversion to 1.8.1
devel/subversion16 to 1.7.11
These releases fix CVE-2013-4131
http://subversion.apache.org/security/CVE-2013-4131-advisory.txt
Approved by: Olli Hauer <ohauer@FreeBSD.org> for devel/subversion17
Security: CVE-2013-4131 |
1.1_1 23 Jul 2013 10:32:23 |
bdrewery |
- Update whitespace for 2fbfd455-f2d0-11e2-8a46-000d601460a4
Requested by: remko |
1.1_1 22 Jul 2013 13:24:05 |
bdrewery |
- Update suPHP to 0.7.2
- Document possible privilege escalation
Approved by: maintainer timeout
Security: 2fbfd455-f2d0-11e2-8a46-000d601460a4 |
1.1_1 21 Jul 2013 18:54:51 |
ohauer |
- change apache24 version from 2.4.5 to 2.4.6 (2.4.5 was not released)
- add http://www.apache.org/dist/httpd/Announcement2.4.html as reference
requested by remko@ |
1.1_1 20 Jul 2013 17:11:54 |
ohauer |
- update to apache24-2.4.6
- new modules: mod_cache_socache, mod_macro and mod_proxy_wstunnel
- add enty to vuxml
SECURITY: CVE-2013-1896 (cve.mitre.org)
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.
SECURITY: CVE-2013-2249 (cve.mitre.org)
mod_session_dbd: Make sure that dirty flag is respected when saving
sessions, and ensure the session ID is changed each time the session
changes. This changes the format of the updatesession SQL statement.
Existing configurations must be changed.
Changelog:
http://www.apache.org/dist/httpd/CHANGES_2.4.6
with hat apache@
Security: ca4d63fb-f15c-11e2-b183-20cf30e32f6d |
1.1_1 17 Jul 2013 22:09:58 |
delphij |
Document gallery3 multiple vulnerabilities. |
1.1_1 17 Jul 2013 22:07:22 |
eadler |
Add missing citation
Requested by: remko |
1.1_1 16 Jul 2013 18:10:12 |
des |
Add two more PHP entries for issues which have already been fixed. |
1.1_1 15 Jul 2013 21:06:36 |
eadler |
Update to 11.2r202.291
PR: ports/179502
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1 15 Jul 2013 18:25:19 |
delphij |
Document squid 3.x denial of service vulnerability. |
1.1_1 15 Jul 2013 09:26:37 |
cs |
Adjust version numbers for OTRS vulnerabilities |
1.1_1 14 Jul 2013 22:03:55 |
eadler |
Add missing modified dates from r321329.
I had this sitting for a bit, but forgot to test & commit.
Requested by: remko |
1.1_1 11 Jul 2013 21:28:39 |
delphij |
Wrap long lines. No content change. |
1.1_1 11 Jul 2013 20:35:20 |
cs |
Security vulnerabilities in libzrtp
Security: 04320e7d-ea66-11e2-a96e-60a44c524f57 |
1.1_1 11 Jul 2013 20:17:34 |
swills |
- Document ruby vulnerability |
1.1_1 11 Jul 2013 07:50:27 |
cs |
Add vulnerability on otrs
Security: e3e788aa-e9fd-11e2-a96e-60a44c524f57 |
1.1_1 10 Jul 2013 19:01:44 |
ohauer |
- update to apache-2.2.25
- update vuxml with additional CVE-2013-1896 entry
Changes with Apache 2.2.25
http://www.apache.org/dist/httpd/CHANGES_2.2.25
*) SECURITY: CVE-2013-1896 (cve.mitre.org)
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault. [Ben Reser
<ben reser.org>]
*) SECURITY: CVE-2013-1862 (cve.mitre.org)
mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the (Only the first 15 lines of the commit message are shown above ) |
1.1_1 10 Jul 2013 14:35:58 |
rene |
Add new vulnerabilities for www/chromium < 28.0.1500.71
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_1 06 Jul 2013 08:46:40 |
ohauer |
- add fix for CVE-2013-1862
- adjust vuxml |
1.1_1 05 Jul 2013 21:06:16 |
ohauer |
- document apache22 CVE-2013-1862 (mod_rewrite)
Update to apache22-2.2.25 is ready to commit.
Until now there is no official announcement from apache.org
so we hold the update back until we have official checksums. |
1.1_1 02 Jul 2013 07:43:03 |
delphij |
Fix CVE-2013-2174 for ftp/curl with a patch from vendor for
now so that users can build the port, per popular demands
on mailing list.
The upgrade patch found in ports/172325 is currently under
exp-run. The changes in this commit against ftp/curl can be
safely reverted before applying that patch, as it's shipped
with new curl release.
Approved by: portmgr (miwi) |
1.1_1 30 Jun 2013 20:49:33 |
matthew |
Security update to 4.0.4.1
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.1/phpMyAdmin-4.0.4.1-notes.html/view
Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php
Security: 1b93f6fe-e1c1-11e2-948d-6805ca0b3d42 |
1.1_1 28 Jun 2013 11:07:49 |
girgen |
Security update for apache-xml-security-c
URL: http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
Security: 81da673e-dfe1-11e2-9389-08002798f6ff
Security: CVE-2013-2210 |
1.1_1 26 Jun 2013 11:01:35 |
flo |
- update firefox to 22.0
- update firefox-esr, thunderbird and libxul to 17.0.7
- update nspr to 4.10
- OSS support was removed upstream, only ALSA and PulseAudio are supported
from now on.
Security: b3fcb387-de4b-11e2-b1c6-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org> |
1.1_1 23 Jun 2013 20:14:01 |
rea |
VuXML: document CVE-2013-2174, heap corruption in cURL library |
1.1_1 22 Jun 2013 12:49:29 |
swills |
- Update puppet to 3.2.2 which fixes CVE-2013-3567 [1]
- Update puppet27 to 2.7.22 which fixes CVE-2013-3567
- Document security issue
PR: ports/179816 [1]
Submitted by: mat [1]
Security: b162b218-c547-4ba2-ae31-6fdcb61bc763 |
1.1_1 22 Jun 2013 09:36:10 |
bf |
Correct the CVE-2013-0131 entry, so that the most recent revision of
x11/nvidia-driver-304 is not mistakenly flagged as vulnerable |
1.1_1 19 Jun 2013 21:56:57 |
jgh |
- fix formating of 8b97d289-d8cf-11e2-a1f5-60a44c524f57
With Hat: ports-secteam |
1.1_1 19 Jun 2013 21:20:50 |
eadler |
Add extra-validation to the validation target.
While here, test with python2 and permit the script to run with either 2 or 3.
Requested by: delphij
With Hat: ports-secteam |
1.1_1 19 Jun 2013 21:14:51 |
eadler |
- Fix entry dates for some 'insane' dates. In some cases a best effort was made
to guess what was meant due to either destroyed svn logs (formatting 'fixes') or
lost to time reports.
With Hat: ports-secteam |
1.1_1 19 Jun 2013 20:46:23 |
eadler |
Add an additional validation script to the vuxml port.
At this point it is not tied to the validate: target because validation fails.
Reviewed by: simon, delphij
With Hat: ports-secteam |
1.1_1 19 Jun 2013 11:08:02 |
cs |
Fix typo soccat -> socat |
1.1_1 19 Jun 2013 11:07:36 |
cs |
Add vulnerability on OTRS |
1.1_1 18 Jun 2013 15:50:05 |
delphij |
Fix date for flashpluginwrapper. |
1.1_1 18 Jun 2013 15:45:03 |
delphij |
Add entry for SA-13:06.mmap. |
1.1_1 18 Jun 2013 15:15:48 |
girgen |
Security update for apache-xml-security-c.
Dependant ports, especially shibboleth2-sp, opensaml2, xmltooling
and log4shib should all be updated.
Security: CVE-2013-2156 |
1.1_1 17 Jun 2013 03:23:53 |
bf |
Document Tor bug 9072 |
1.1_1 14 Jun 2013 06:21:14 |
ak |
- Fix typo in dbus entry
Reported by: Christoph Mallon <christoph.mallon@gmx.de> |
1.1_1 13 Jun 2013 19:54:25 |
kwm |
Update to 1.6.12.
I'm not completly sure this affects us, but beter safe then sorry.
While here wordsmith Options description to try to make it clearer.
Security: CVE-2013-2168 |
1.1_1 11 Jun 2013 22:44:39 |
eadler |
Update to 11.2r202.291
PR: ports/179502
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1 11 Jun 2013 21:03:38 |
culot |
- Document vulnerabilities in www/owncloud
Security: d7a43ee6-d2d5-11e2-9894-002590082ac6
Obtained from: http://owncloud.org/about/security/advisories/ |
1.1_1 07 Jun 2013 15:19:27 |
flo |
Update to 5.3.26
Security: 59e7163c-cf84-11e2-907b-0025905a4770 |
1.1_1 07 Jun 2013 06:30:39 |
erwin |
Match only the most recent Bind9* version in the latest vulnerability,
older versions are not affected. |
1.1_1 06 Jun 2013 10:59:35 |
erwin |
Fix typo in previous revision. |
1.1_1 06 Jun 2013 08:36:34 |
erwin |
Add entry for the latest Bind vulnerabilities in CVE-2013-3919. |
1.1_1 05 Jun 2013 22:02:14 |
matthew |
Security upgrade to 4.0.3
Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.3/phpMyAdmin-4.0.3-notes.html/view
Security: 6b97436c-ce1e-11e2-9cb2-6805ca0b3d42 |
1.1_1 05 Jun 2013 09:02:47 |
kwm |
Update to 0.16.6.
Obtained from: GNOME dev repo
Security: CVE-2013-1431 |
1.1_1 04 Jun 2013 22:30:28 |
rene |
Document vulnerabilities in www/chromium < 27.0.1453.110
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_1 04 Jun 2013 21:52:40 |
eadler |
- Fix build
- Ensure validation |
1.1_1 04 Jun 2013 19:31:30 |
zeising |
Fix security issues in xorg client libraries.
Most libraries were updated to newer versions, in some cases patches
were backported instead.
Most notably, x11/libX11 was updated to 1.6.0
Security: CVE-2013-1981
CVE-2013-1982
CVE-2013-1983
CVE-2013-1984
CVE-2013-1985
CVE-2013-1986
CVE-2013-1987
CVE-2013-1988
CVE-2013-1989 (Only the first 15 lines of the commit message are shown above ) |
1.1_1 04 Jun 2013 04:45:23 |
cy |
Update krb5 1.11.2 --> 1.11.3.
This is a bugfix release.
* Fix a UDP ping-pong vulnerability in the kpasswd (password changing)
service. [CVE-2002-2443]
* Improve interoperability with some Windows native PKINIT clients.
Security: CVE-2002-2443 |
1.1_1 03 Jun 2013 18:29:51 |
crees |
Update to 1.6.2
* Fix buffer overflows in fileserver and ptserver.
* Fix rare file corruption during background sync (Gerrit 8796).
* Fix corrupting clients' metadata cache during certain errors (Gerrit 6957).
* Fix cache corruption when reading from a file another client is simultaneously
writing to (Gerrit 7994).
* Fix fileservers to properly report >2 TiB partitions.
and some other less serious changes.
PR: ports/179259
Submitted by: Adam Nowacki <nowak@tepeserwery.pl>
Submitted by: bjk (maintainer)
Security: CVE-2013-1794 |
1.1_1 03 Jun 2013 06:51:43 |
araujo |
- Update to 2.7.4.
More info:
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
PR: ports/179167
Submitted by: ohauer@
Security: 9dfb63b8-8f36-11e2-b34d-000c2957946c |
1.1_1 01 Jun 2013 19:22:39 |
rakuco |
Remove duplicate optipng vulnerability.
It was separately committed in r315254, so remove the version I added
in r318453.
Reported by: Alexander Milanov <a@amilanov.com> |
1.1_1 01 Jun 2013 16:49:14 |
mandree |
Add two more URLs to openvpn's vulnerability from March 2013 (CVE-2013-2061)
Security: 92f30415-9935-11e2-ad4c-080027ef73ec |
1.1_1 01 Jun 2013 16:47:41 |
mandree |
- Backport fix for CVE-2013-2061 to openvpn22 and openvpn20;
while it is unclear whether it affects OpenSSL-builds at all.
Let's play it safe.
- Reference CVE-2013-2061 name in OpenVPN's VuXML entry
- Mark 2.0.9_4 <= openvpn < 2.1.0 and 2.2.2_2 < openvpn < 2.3.0 not vulnerable
- Mark openvpn22 deprecated and to expire 2013-09-01.
(openvpn20 is already marked to expire 2013-07-11.)
Security: CVE-2013-2061
Security: 92f30415-9935-11e2-ad4c-080027ef73ec |
1.1_1 01 Jun 2013 08:08:56 |
osa |
Document passenger vulnerability. |
1.1_1 31 May 2013 21:41:56 |
lev |
Update subversion ports to 1.7.10 and 1.6.23.
It fixes 3 security issues:
CVE-2013-1968: fsfs repository corruption caused by newline characters in
filenames
CVE-2013-2088: contrib hook-scripts can allow arbitrary code execution
CVE-2013-2112: svnserve remotely triggerable DoS.
Security: CVE-2013-1968
Security: CVE-2013-2088
Security: CVE-2013-2112 |
1.1_1 31 May 2013 11:33:41 |
crees |
Actually remove bitchx-devel and add a VuXML entry.
Security: CVE-2007-4584
Security: CVE-2007-5839
Security: CVE-2007-5922 |
1.1_1 28 May 2013 14:23:30 |
jase |
- Document znc null pointer dereference vulnerability. |
1.1_1 27 May 2013 00:41:56 |
ehaupt |
Adjust range for socat entry. |
1.1_1 26 May 2013 22:01:38 |
ehaupt |
Document socat FD leak vulnerability.
Security: CVE-2013-3571 |
1.1_1 26 May 2013 20:34:16 |
swills |
- Add entry for ruby 1.9.3p429 |
1.1_1 26 May 2013 08:38:26 |
delphij |
Document couchdb XSS vulnerability.
PR: ports/178985
Submitted by: wollman |
1.1_1 23 May 2013 15:30:08 |
flo |
Update to 2.17.1 as the 2.18 release was postponed / cancelled |
1.1_1 23 May 2013 08:20:48 |
cs |
Fix entry date, wrongly entered in revision 318453 |
1.1_1 23 May 2013 08:02:57 |
cs |
fix typo in recent otrs vulnerability |
1.1_1 23 May 2013 07:58:58 |
cs |
Add vulnerabilities
Security: CVE-2013-2637
CVE-2013-3551 |
1.1_1 23 May 2013 07:24:40 |
matthew |
Security Updates
- www/rt40 to 4.0.13
- www/rt38 to 3.8.17 [1]
This is a security fix addressing a number of CVEs:
CVE-2012-4733
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
Users will need to update their database schemas as described in
pkg-message
Approved by: flo [1]
Security: 3a429192-c36a-11e2-97a9-6805ca0b3d42 |
1.1_1 22 May 2013 09:14:17 |
rene |
Fix vuxml by using the correct format for CVE names.
Prodded by: bz on IRC |
1.1_1 22 May 2013 08:45:11 |
rene |
List vulnerabilities fixed in www/chromium 27.0.1453.93 (which is the
current version in the Ports Collection). |
1.1_1 19 May 2013 14:06:36 |
rakuco |
Patch multiple vulnerabilities in x11-toolkits/plib.
PR: ports/178710
Submitted by: Denny Lin <dennylin93@hs.ntnu.edu.tw> |
1.1_1 18 May 2013 20:35:07 |
rakuco |
- Update to 0.7.4
- Add VuXML entry
- Trim Makefile header
- Add LICENSE
PR: ports/177206
Submitted by: Alexander Milanov <a@amilanov.com>
Approved by: Thomas Hurst <tom@hur.st> (maintainer)
Security: a8818f7f-9182-11e2-9bdf-d48564727302 |
1.1_1 16 May 2013 22:46:39 |
delphij |
Update the recent nginx entry to cover the exact version range and include
information for CVE-2013-2070. |
1.1_1 16 May 2013 04:14:31 |
eadler |
Update to the latest version of Adobe Flash |
1.1_1 16 May 2013 02:00:38 |
flo |
- update firefox to 21.0
- update firefox-esr and thunderbird to 17.0.6
- WEBRTC now supports PULSEAUDIO
- make linux-firefox work with plugins again (e.g. quakelive)
Security: 4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02
In collaboration with: Jan Beich <jbeich@tormail.org> |
1.1_1 14 May 2013 07:15:24 |
osa |
Update ranges according latest available information.
Source: http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html |
1.1_1 13 May 2013 00:08:14 |
ashish |
- Update emacs entry to correct the version ranges for CVE-2012-3479 |
1.1_1 07 May 2013 18:58:55 |
delphij |
Update nginx entry to reflect the right version ranges for CVE-2013-2028.
Note that we don't really have nginx 1.3.9 in the ports collection, due
to the recent ports freeze. The version 1.3.9 is used here just to
better match the original advisory. |
1.1_1 07 May 2013 13:32:03 |
osa |
Fix typo.
Found by: ru |
1.1_1 07 May 2013 11:35:19 |
osa |
Document nginx -- a stack-base buffer overflow. |
1.1_1 03 May 2013 18:20:43 |
ohauer |
- fix strongSwan discovery date /2013-05-03/2013-04-30/ |
1.1_1 03 May 2013 18:16:36 |
ohauer |
- update to version 5.0.4 which fixes CVE-2013-2944.
- add entry to vuxml
- add CVE references to jankins vuxml entry
while I'm here remove .sh from rc script
PR: ports/178266
Submitted by: David Shane Holden <dpejesh@yahoo.com>
Approved by: strongswan@nanoteq.com (maintainer) |
1.1_1 03 May 2013 16:26:20 |
lwhsu |
Document Jenkins Security Advisory 2013-05-02 |
1.1_1 02 May 2013 19:41:07 |
tmseck |
- Add the vendor patch for SQUID-2012:1 (CVE-2012-5643) and update VuXML
information accordingly
- Bump PORTREVISION
PR: ports/177773
Submitted by: Kan Sasaki
Approved by: flo (mentor)
Security: c37de843-488e-11e2-a5c9-0019996bc1f7 |
1.1_1 29 Apr 2013 22:41:58 |
des |
Add entry for SA-13:05.nfsserver |
1.1_1 27 Apr 2013 20:58:01 |
nivit |
- Document multiple XSS and DDoS vulnerabilities for Joomla!
(2.5.0 <= version < 2.5.10) |
1.1_1 24 Apr 2013 20:23:16 |
matthew |
Security updae to 3.5.8.1
Four new serious security alerts were issued today by the phpMyAdmin
them: PMASA-2013-2 and PMASA-2013-3 are documented in this commit to
vuln.xml.
- Remote code execution via preg_replace().
- Locally Saved SQL Dump File Multiple File Extension Remote Code
Execution.
The other two: PMASA-2013-4 and PMASA-2013-5 only affect PMA 4.0.0
pre-releases earlier than 4.0.0-rc3, which are not available through
the ports. |
1.1_1 22 Apr 2013 20:57:03 |
dinoex |
- Security update to 1.0.21
Security: CVE-2013-1428 |
1.1_1 20 Apr 2013 16:01:56 |
dinoex |
- Security fix
Security: CVE-2011-4517 execute arbitrary code on decodes images
Submitted by: naddy (Christian Weisgerber)
Obtained from: Fedora
Feature safe: yes |
1.1_1 20 Apr 2013 09:24:30 |
matthew |
Document PMASA-2013-1
It turns out that release 3.5.8 (recently updated in ports) was the
cure to an XSS vulnerability.
Feature safe: yes |
1.1_1 19 Apr 2013 18:03:18 |
delphij |
Document roundcube arbitrary file disclosure vulnerability.
Reported by: Marcelo Gondim <gondim bsdinfo com br>
Feature safe: yes |
1.1_1 18 Apr 2013 04:03:08 |
dinoex |
- add jasper
Feature safe: yes |
1.1_1 16 Apr 2013 10:58:16 |
araujo |
- Update to 2.7.3 due a vulnerability that affect all versions 2.x. [1]
- Update MASTER_SITES.
- Convert to optionsNG.
- Trim header.
More info:
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
Reported by: olli hauer <ohauer@gmx.de> [1]
Approved by: portmgr (bdrewery)
Security: 2070c79a-8e1e-11e2-b34d-000c2957946c |
1.1_1 15 Apr 2013 12:28:58 |
bdrewery |
- Update to 0.85
- Convert to new options framework
sieve-connect was not actually verifying TLS certificate identities matched
the expected hostname. Changes with new version:
Fix TLS verification; find server by own hostname & SRV.
* TLS hostname verification was not actually happening.
* IO::Socket::SSL requirement bumped to 1.14 (was 0.97).
* By default, if no server specified, before falling back to localhost try to
use the current hostname and SRV records in DNS to figure out if Sieve is
available. Checks for sieve, imaps & imap protocol SRV records and honours (Only the first 15 lines of the commit message are shown above ) |
1.1_1 13 Apr 2013 15:44:09 |
eadler |
Replace duplicate vids with a newly generated GUID.
Older duplicates kept their own number.
Approved by: portmgr (implicit)
With Hat: ports-secteam |
1.1_1 12 Apr 2013 16:19:38 |
des |
Oops, fix the cite URL.
Approved by: portmgr (tabthorpe) |
1.1_1 12 Apr 2013 16:14:22 |
des |
Edit OpenVPN 2.3.1 entry:
- Replace links to changelog and commit with a link to the official
announcement (which also links to the commit)
- Replace the description with a sentence lifted from the
announcement.
Approved by: portmgr (tabthorpe) |