Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 30 May 2012 22:26:15 |
jgh |
- Address postgresql*-servers for crypt vulnerability (CVE-2012-2143)
http://www.postgresql.org/about/news/1397/
With hat: pgsql |
1.1_1 30 May 2012 20:46:36 |
thierry |
Add an entry for CVE-2012-2944 in sysutils/nut. |
1.1_1 30 May 2012 03:47:12 |
eadler |
Fix some nits:
The url in the cite attribute must appear as a reference
References should be sorted |
1.1_1 29 May 2012 23:08:34 |
flo |
Document asterisk vulnerabilities. |
1.1_1 28 May 2012 22:45:15 |
rene |
Document vulnerabilities before www/chromium 19.0.1084.52 (the port is safe).
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3103-3115] |
1.1_1 26 May 2012 03:15:46 |
wxs |
Make validate target remove the tidy file if it passes.
Approved by: chimera@ |
1.1_1 26 May 2012 00:59:38 |
gavin |
Correct spelling mistake, FreeSD -> FreeBSD
Reviewed by: nox |
1.1_1 24 May 2012 23:46:50 |
jgh |
- document security issue for haproxy
PR: ports/165035
Submitted by: jgh@
Security: CVE-2012-2391 |
1.1_1 24 May 2012 19:55:11 |
flo |
Document RT vulnerabilities.
(I'm only committing this as matthew is still waiting for mentor approval, and
we found it important enough to commit it right now)
Submitted by: matthew |
1.1_1 21 May 2012 16:43:58 |
jgh |
- inspircd 1.2.9 is not vulnerable
PR: ports/167975
Spotted by: feld@feld.me |
1.1_1 21 May 2012 13:15:42 |
rm |
Add an entry for mail/sympa < 6.1.11 (CVE-2012-2352) |
1.1_1 21 May 2012 06:57:15 |
rm |
Add www/foswiki < 1.1.5 entry (CVE-2012-1004) |
1.1_1 21 May 2012 05:31:34 |
miwi |
- Correct b8ae4659-a0da-11e1-a294-bcaec565249c entry [1]
- Formating and cleanup
Submitted by: Neal Dias <ndias@cisco.com> [1] |
1.1_1 18 May 2012 11:51:18 |
kwm |
Document and fix a off-by-one vulnability in libxml2.
Obtained from: libxml upstream
Security: b8ae4659-a0da-11e1-a294-bcaec565249c |
1.1_1 17 May 2012 17:31:01 |
jgh |
- fix date in 725ab25a-987b-11e1-a2ef-001fd0af1a4c |
1.1_1 17 May 2012 17:12:46 |
jgh |
- revert unintentional date change in aa71daaa-9f8c-11e1-bd0a-0082a0c18826
- update date in f5f00804-a03b-11e1-a284-0023ae8e59f0
- adjust dates in 3d55b961-9a2e-11e1-a2ef-001fd0af1a4c
a1d0911f-987a-11e1-a2ef-001fd0af1a4c for ordering |
1.1_1 17 May 2012 16:52:36 |
jgh |
- Update inspircd to 2.0.5 [1]
- document CVE-2012-1836 [2]
PR: ports/167975
Submitted by: maintainer, feld@feld.me [1], jgh@ [2]
Security: CVE-2012-1836 |
1.1_1 17 May 2012 05:56:48 |
eadler |
Fix some nits:
The url in the cite attribute must appear as a reference
The CVE automatically gets expanded to a url so the mitre url is not
needed |
1.1_1 17 May 2012 05:44:40 |
jgh |
- fix spelling in b3435b68-9ee8-11e1-997c-002354ed89bc |
1.1_1 16 May 2012 19:41:27 |
dougb |
Versions 3.2.0 and earlier of the pidgin-otr plugin contain
a format string security flaw. This flaw could potentially be
exploited by a remote attacker to cause arbitrary code to be
executed on the user's machine.
The flaw is in pidgin-otr, not in libotr. Other applications
that use libotr are not affected. |
1.1_1 16 May 2012 14:24:06 |
wxs |
Document sudo netmask vulnerability. Patch for port forthcoming. |
1.1_1 16 May 2012 07:40:32 |
dinoex |
- Security update OpenSSL 1.0.1c |
1.1_1 15 May 2012 18:39:57 |
rene |
Document vulnerabilities for www/chromium < 19.0.1084.46
Security: CVE-2011-[3083-3097], CVE-2011-[3099-3100] |
1.1_1 14 May 2012 21:18:00 |
zi |
- Document vulnerability in net/socat (CVE-2012-0219) |
1.1_1 14 May 2012 20:37:01 |
eadler |
Fix pivotx vuln.xml |
1.1_1 12 May 2012 21:48:32 |
zi |
- 59b68b1e-9c78-11e1-b5e0-000c299b62e1 also applies to lang/php52 |
1.1_1 12 May 2012 21:35:10 |
zi |
- Document recent vulnerabilities in PHP (CVE-2012-2311 and CVE-2012-2329) |
1.1_1 12 May 2012 16:24:42 |
marcus |
Add an entry for CVE-2012-2214 for an XMPP crash in libpurple. |
1.1_1 12 May 2012 14:23:42 |
sbz |
- Document CVE-2012-2274 for port www/pivotx
PR: ports/167819
Submitted by: Fumiyuki Shimizu <fumifumi at abacustech.jp>
Security: CVE-2012-2274 |
1.1_1 11 May 2012 08:53:19 |
danfe |
Belated VuXML entry for recent NVIDIA Unix driver arbitrary system memory
access vulnerability.
Reviewed by: eadler, delphij
Security: CVE-2012-0946 |
1.1_1 09 May 2012 23:27:05 |
swills |
- Add entry for rubygem-mail |
1.1_1 08 May 2012 20:53:01 |
rm |
Revert my "correction" for php52. All the 5.2.x still affected to NULL
poison bug. Just tested both latest 5.2 and 5.3 with the script from here:
https://bugs.php.net/bug.php?id=39863
Sorry. |
1.1_1 08 May 2012 20:23:11 |
rm |
Mark php52 >= 5.2.15 as not vulnerable to NULL byte poisoning [1]. This problem
was fixed in 5.3.4 and 5.2.15 simultaneously.
[1] http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html
Reported by: Svyatoslav Lempert <svyatoslav.lempert at gmail dot com> |
1.1_1 08 May 2012 02:20:11 |
swills |
- Add entry for www/node |
1.1_1 08 May 2012 01:54:57 |
swills |
- Add entry for p5-Config-IniFiles |
1.1_1 06 May 2012 15:45:47 |
eadler |
Add references for the portupgrade advisory. Some code actually expects content
in this section.
Reported by: dvl
Reviewed by: wxs,zi |
1.1_1 05 May 2012 13:53:46 |
simon |
Unbreak vuln.xml format.
While here fix a long line.
Pointyhat: scheidell |
1.1_1 05 May 2012 13:21:06 |
scheidell |
- Account for repocopy of php5 -> php53
- Account for php52 backport fix
- Add entry for php54 (which will be named php5)
Submitted by: scheidell@ (me) |
1.1_1 05 May 2012 11:12:07 |
scheidell |
- Third time the charm. remove extra (
Submitted by: scheidell@ (me) |
1.1_1 05 May 2012 11:02:13 |
scheidell |
- All versions of PHP between 2004 release and May 3rd, 2012 are vulnerable to
cmdarg attacks
- Note: PHP 5.2.12 and 5.4.2 were created to address this issue, but did not.
- See WWW: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- An additional, unreleased version is needed.
Submitted by: scheidell@ (me)
Obtained from: WWW:www.php.net/archive/2012.php#id2012-05-03-1
Security: CVE-2012-1823 |
1.1_1 05 May 2012 02:04:49 |
eadler |
Fix PHP entry to match the actual package name
Submitted by: simon |
1.1_1 02 May 2012 15:33:39 |
glarkin |
- Document www/webcalendar-devel - multiple vulnerabilities
Requested by: eadler, Hanno Boeck <hanno@hboeck.de> |
1.1_1 01 May 2012 12:56:26 |
rene |
Document vulnerabilities in www/chromium < 18.0.1025.168
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3078-3081], CVE-2012-1521 |
1.1_1 30 Apr 2012 22:03:45 |
swills |
- Document vulnerability in lang/php5 |
1.1_1 30 Apr 2012 17:51:46 |
delphij |
Document samba incorrect permission checks vulnerability. |
1.1_1 30 Apr 2012 03:03:54 |
eadler |
Inform users that ports-mgmt/portupgrade-devel had unchecked distinfo |
1.1_1 27 Apr 2012 02:45:24 |
zi |
- Document vulnerability in net-mgmt/net-snmp (CVE-2012-2141) |
1.1_1 24 Apr 2012 17:51:47 |
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1 23 Apr 2012 23:41:13 |
delphij |
Document dokuwiki CSRF vulnerability. |
1.1_1 23 Apr 2012 20:20:05 |
flo |
Document multiple asterisk vulnerabilities |
1.1_1 23 Apr 2012 15:26:51 |
eadler |
Inform users of security vulns in wordpress
PR: ports/167157 |
1.1_1 22 Apr 2012 18:30:38 |
eadler |
Unbreak vuxml by removing stray 'p'
Submitted by: vuxml buildbot |
1.1_1 22 Apr 2012 18:02:00 |
danfe |
Fix formatting in the first 10% of VuXML database file. |
1.1_1 22 Apr 2012 15:22:21 |
danfe |
Fix whitespace: run through unexpand(1), spelling, wrap overly long lines. |
1.1_1 21 Apr 2012 23:43:57 |
eadler |
Inform users about the recent openssl vuln
Reviewed by: dinoex |
1.1_1 21 Apr 2012 17:37:42 |
ohauer |
- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry
Approved by: skv (implicit)
Security: https://bugzilla.mozilla.org/show_bug.cgi?id=728639
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
CVE-2012-0465
CVE-2012-0466 |
1.1_1 19 Apr 2012 03:12:32 |
jgh |
- document typo3 vulnerability
PR: ports/167029 |
1.1_1 16 Apr 2012 15:34:57 |
eadler |
Add information about the recent nginx security vulnerability
PR: ports/166990
Submitted by: rodrigo osorio <rodrigo@bebik.net> |
1.1_1 14 Apr 2012 16:45:06 |
flo |
Document phpmyfaq -- Remote PHP Code Execution Vulnerability |
1.1_1 12 Apr 2012 15:48:52 |
swills |
- Slight cleanups for my puppet entry |
1.1_1 12 Apr 2012 00:16:50 |
eadler |
Add logic to check for tidy differences in the 'make validate' target.
Approved by: secteam (simon, maintainer) |
1.1_1 11 Apr 2012 01:44:20 |
swills |
- Document security issue with Puppet
- Update puppet for security issue
Security: 607d2108-a0e4-423a-bf78-846f2a8f01b0 |
1.1_1 10 Apr 2012 21:16:53 |
delphij |
Document samba root code execution vulnerability. |
1.1_1 10 Apr 2012 05:32:14 |
ohauer |
- document bugzilla Cross-Site Request Forgery |
1.1_1 09 Apr 2012 23:15:23 |
eadler |
Document recent flash player vulnerabilities
Reviewed by: nox |
1.1_1 08 Apr 2012 22:27:16 |
zi |
- Document vulnerability in graphics/png (CVE-2011-3048)
- Fix wording/spelling in 462e2d6c-8017-11e1-a571-bcaec565249c
Feature safe: yes |
1.1_1 08 Apr 2012 07:47:38 |
remko |
As requested by eadler, revert the commit about the move of the
<!-- EOF --> tag. I cannot reproduce the error anymore, so it
might have been the reviewal entry or something else was locally
wrong.
I did a make validate before committing this to make sure it's
OK at this point, if someone encounters the same problem, please
let us know!
Feature safe: yes |
1.1_1 06 Apr 2012 18:44:36 |
kwm |
Document freetype 2 multiple vulnabilities.
Feature safe: yes |
1.1_1 06 Apr 2012 16:07:06 |
nox |
- Fix vulnerability CVE-2011-1429.
- Add a patch to the mutt pager that handles non-breaking space
characters (0xA0) in an UTF8 environment correctly.
- Bump PORTREVISION.
PR: ports/166659
Submitted by: Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
Security:
http://www.freebsd.org/ports/portaudit/49314321-7fd4-11e1-9582-001b2134ef46.html
Feature safe: yes |
1.1_1 05 Apr 2012 20:59:08 |
rene |
Mention vulnerabilities in www/chromium < 18.0.1025.151
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3066-3077]
Feature safe: yes |
1.1_1 03 Apr 2012 17:55:33 |
remko |
Someone forgot to do a make validate after adding the <!--EOF
line. It breaks the make validate.
Feature safe: yes |
1.1_1 01 Apr 2012 23:57:23 |
marcus |
Add a record for CVE-2012-1178.
Reported by: Peter Jeremy <peterjeremy@acm.org>
Feature safe: yes |
1.1_1 29 Mar 2012 01:23:15 |
eadler |
Fix formatting so that "make tidy" passes
Feature safe: yes |
1.1_1 28 Mar 2012 23:50:42 |
matthew |
Another phpmyadmin security update.
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10.2/phpMyAdmin-3.4.10.2-notes.html/download
Welcome to phpMyAdmin 3.4.10.2, a minor security release.
3.4.10.2 (2012-03-28)
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-2
Advisory:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php
Approved by: shaun (mentor)
Feature safe: yes
Security: a81161d2-790f-11e1-ac16-e0cb4e266481 |
1.1_1 28 Mar 2012 20:10:11 |
rene |
Document vulnerabilities in www/chromium < 18.0.1025.142
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3057-3065]
Feature safe: yes |
1.1_1 26 Mar 2012 11:56:55 |
sem |
- quagga-re affected the last vulnerability too.
Feature safe: Yes |
1.1_1 25 Mar 2012 17:20:54 |
rakuco |
Document CVE-2012-0037 for textproc/raptor and textproc/raptor2.
Security: CVE-2012-0037
Feature safe: yes |
1.1_1 24 Mar 2012 15:12:45 |
eadler |
Fix formatting so that "make tidy" passes
Feature safe: yes |
1.1_1 24 Mar 2012 14:11:55 |
zi |
- Document recent vulnerabilities in net/quagga (CVE-2012-0249, CVE-2012-0250,
CVE-2012-0255)
Feature safe: yes |
1.1_1 24 Mar 2012 08:00:14 |
delphij |
Correct version ranges.
Feature safe: yes |
1.1_1 24 Mar 2012 07:20:53 |
lwhsu |
Document Apache Traffic Server -- heap overflow vulnerability
Feature safe: yes |
1.1_1 22 Mar 2012 10:57:29 |
rene |
Document vulnerabilities for www/chromium < 17.0.963.83
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3045,3049-3057]
Feature safe: yes |
1.1_1 21 Mar 2012 21:58:05 |
delphij |
Document GNUtls and libtasn1 security vulnerabilities.
Feature safe: yes |
1.1_1 18 Mar 2012 04:39:27 |
miwi |
- Cleanup
Feature safe: yes |
1.1_1 18 Mar 2012 04:30:56 |
miwi |
- Correct the last 3 firefox 3.6 entrys
PR: 166207
Submitted by: Sergey Kandaurov <pluknet@gmail.com>
Feature safe: yes |
1.1_1 15 Mar 2012 23:11:09 |
flo |
Document recent asterisk vulnerabilities.
Feature safe: yes |
1.1_1 15 Mar 2012 15:21:03 |
wxs |
Document CVE-2012-0884.
Feature safe: yes |
1.1_1 15 Mar 2012 13:45:55 |
osa |
Document nginx -- potential information leak.
Feature safe: yes |
1.1_1 14 Mar 2012 09:16:51 |
beat |
- Document mozilla -- multiple vulnerabilities
Feature safe: yes |
1.1_1 13 Mar 2012 09:37:28 |
kwm |
Do proper input validation for libXfont. This is for CVE-2011-2895.
Feature safe: yes |
1.1_1 12 Mar 2012 02:23:59 |
wxs |
Typo fix.
Feature safe: yes |
1.1_1 11 Mar 2012 21:37:43 |
simon |
- Document portaudit -- auditfile remote code execution.
- Update (c) year.
Feature safe: yes |
1.1_1 11 Mar 2012 16:07:58 |
wxs |
Appease the tidy target. ;)
Feature safe: yes |
1.1_1 11 Mar 2012 11:16:48 |
rene |
Document vulnerabilities in www/chromium < 17.0.963.79
Security: CVE-2011-3047
Feature safe: yes |
1.1_1 10 Mar 2012 01:47:32 |
eadler |
Fix formatting so that "make tidy" passes
Feature safe: yes |
1.1_1 10 Mar 2012 01:45:52 |
eadler |
Document the latest flash player vulnerabilities
Reviewed by: nox
Feature safe: yes |
1.1_1 09 Mar 2012 10:03:54 |
rene |
Mark chromium < 17.0.963.78 as vulnerable.
Security: CVE-2011-3046
Feature safe: yes |
1.1_1 07 Mar 2012 18:44:29 |
lwhsu |
Document jenkins XSS vulnerability.
Submitted by: Gersom van de Bunt <gersom.vandebunt@pine.nl> |
1.1_1 05 Mar 2012 18:16:18 |
rene |
Add new vulnerabilities for www/chromium < 17.0.963.65
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3031-3044] |
1.1_1 04 Mar 2012 23:07:08 |
ak |
Document dropbear security issue
Approved by: eadler (mentor) |