Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 27 Feb 2012 23:10:36 |
kwm |
Add libxml2 vulnability.
PR: ports/164270
Submitted by: kj <b4039413@nwldx.com> |
1.1_1 27 Feb 2012 03:04:47 |
wxs |
Fixup python entry. No need to have python metaport listed.
Reviewed by: miwi@ |
1.1_1 20 Feb 2012 04:28:51 |
eadler |
Minor whitespace fixup |
1.1_1 19 Feb 2012 22:27:33 |
rene |
Include PORTREVISION in plib version number to fix previous commit. |
1.1_1 19 Feb 2012 22:14:32 |
rene |
Document a remote code execution via a buffer overflow in PLIB.
Security: CVE-2011-4620 |
1.1_1 18 Feb 2012 15:00:46 |
matthew |
Security update to 3.4.10.1
XSS in replication setup
ChangeLog:
Welcome to phpMyAdmin 3.4.10.1, a minor security release.
3.4.10.1 (2012-02-18)
- [security] XSS in replication setup, see PMASA-2012-1
Security Advisory:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php
Approved by: shaun (mentor) |
1.1_1 17 Feb 2012 21:21:41 |
jgh |
- document latest piwik security vulnerability
PR: ports/165217 |
1.1_1 17 Feb 2012 19:38:33 |
flo |
- document recent mozilla vulnerabilities
- wrap a long line |
1.1_1 15 Feb 2012 23:16:02 |
rene |
Document vulnerabilities in chromium < 17.0.963.56
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3015-3027] |
1.1_1 15 Feb 2012 19:58:37 |
glarkin |
- Updated the recent WebCalendar entry to match <= 1.2.4 instead of < 1.2.4,
since 1.2.4 (not yet in tree) is vulnerable, and 1.2.5 has not been
released by upstream yet
- Fixed the URL in the recent WebCalendar entry
- Canonicalized naming in other WebCalendar entries
- Fixed various nits flagged by "make tidy" |
1.1_1 15 Feb 2012 00:03:39 |
eadler |
This vuln also affects pypy |
1.1_1 14 Feb 2012 03:32:30 |
eadler |
typo |
1.1_1 14 Feb 2012 03:31:46 |
eadler |
Inform users of the DoS issue in the python SimpleXMLRPCServer function |
1.1_1 13 Feb 2012 16:27:11 |
eadler |
Add the recently assigned cve number |
1.1_1 12 Feb 2012 04:17:13 |
eadler |
Inform users of the XSS issue in the latest version of WebCalendar.
It seems that there has been no response from the vendor
and users may want to switch to an alternate product that fits their needs. |
1.1_1 11 Feb 2012 18:17:27 |
wxs |
Whitespace fixes. |
1.1_1 11 Feb 2012 10:50:39 |
beat |
- Document mozilla -- use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
1.1_1 11 Feb 2012 04:55:42 |
eadler |
Inform bip users of buffer overflow (CVE-2012-0806) |
1.1_1 11 Feb 2012 01:27:56 |
eadler |
Inform users of the private information disclosure bug in surf (CVE-2012-0842)
Reviewed by: dougb |
1.1_1 10 Feb 2012 10:26:07 |
jadawin |
Fix style
Reported by: flo@ via irc |
1.1_1 10 Feb 2012 10:11:49 |
jadawin |
Document last glpi vulnerabilities
Submitted by: Mathias Monnerville <mathias@monnerville.com> via email |
1.1_1 09 Feb 2012 12:48:48 |
rene |
Document new Chromium < 17.0.963.46 vulnerabilities.
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: fe1976c2-5317-11e1-9e99-00262d5ed8ee |
1.1_1 07 Feb 2012 23:11:21 |
delphij |
Document Drupal core multiple vulnerabilities. |
1.1_1 07 Feb 2012 04:13:47 |
wxs |
Fix up 3fd040be-4f0b-11e1-9e32-0025900931f by giving a better description. |
1.1_1 06 Feb 2012 12:01:22 |
skv |
Document "bugzilla" - multiple vulnerabilities. |
1.1_1 04 Feb 2012 08:40:01 |
delphij |
Document PHP remote code vulnerability. |
1.1_1 03 Feb 2012 06:33:03 |
rm |
Add vuxml entry for mathopd directory traversal vulnerability.
PR: 164717
Submitted by: Michiel Boland <michiel at boland dot org>
Security: 6e7ad1d7-4e27-11e1-8e12-90e6ba8a36a2 |
1.1_1 02 Feb 2012 18:34:24 |
jgh |
- adjust ordering for latest apache entry
Spotted by: remko |
1.1_1 02 Feb 2012 14:02:59 |
wxs |
MITRE is spelled in all capital letters. |
1.1_1 02 Feb 2012 01:32:18 |
jgh |
document latest Apache vulnerabilities
PR: ports/164675
Reviewed by: crees, eadler
Approved by: crees (mentor) |
1.1_1 01 Feb 2012 09:46:07 |
flo |
document recent mozilla vulnerabilities |
1.1_1 31 Jan 2012 13:34:00 |
wxs |
Correct versions for sudo format string vulnerability.
Noticed by: pluknet@ |
1.1_1 30 Jan 2012 16:36:43 |
wxs |
Document sudo format string vulnerability. |
1.1_1 30 Jan 2012 03:03:39 |
wxs |
Document missing FreeBSD Security Advisories:
- SA-11:01.mountd
- SA-11:04.compress
- SA-11:09.pam_ssh
- SA-11:10.pam
Modify existing entries to document (add/adjust modified tag for all):
- SA-11:06.bind
- Add FreeBSD package and freebsdsa
- SA-11:07.chroot
- Add FreeBSD package
- SA-11:08.telnetd
- Add FreeBSD package, freebsdsa and a relevant URL |
1.1_1 29 Jan 2012 23:39:42 |
zi |
- Adjust formatting for 93688f8f-4935-11e1-89b4-001ec9578670 |
1.1_1 28 Jan 2012 13:30:39 |
zi |
- Document vulnerabilities in mail/postfixadmin (CVE-2012-0811, CVE-2012-0812) |
1.1_1 28 Jan 2012 08:01:53 |
miwi |
- Cleanup & Formating |
1.1_1 26 Jan 2012 12:32:02 |
zi |
- Document vulnerability in converters/mpack |
1.1_1 26 Jan 2012 12:17:57 |
zi |
- Document vulnerabilities in print/acroread9 (prior to 9.4.7) |
1.1_1 24 Jan 2012 11:02:34 |
rene |
- update entry fixed in chromium-16.0.912.75 (CVE-2011-3925)
- add entry for vulnerabilities fixed in chromium-16.0.912.77
Security: CVE-2011-[3924-3928] |
1.1_1 24 Jan 2012 04:18:07 |
wxs |
Fix build while chanting "I will run make validate". :(
Pointyhat to: wxs@ |
1.1_1 24 Jan 2012 04:01:02 |
wxs |
Add CVE for recent spamdyke buffer overflows. |
1.1_1 23 Jan 2012 22:02:32 |
wxs |
Document multiple vulnerabilities in wireshark, all of which have
already been fixed in our port. |
1.1_1 23 Jan 2012 21:26:01 |
wxs |
Whitespace cleanup. |
1.1_1 23 Jan 2012 21:25:21 |
wxs |
- Document buffer overflows in spamdyke. |
1.1_1 23 Jan 2012 14:08:34 |
wxs |
Fixup to please "make tidy". No need to wrap this line. |
1.1_1 23 Jan 2012 13:52:39 |
wxs |
- Add CVE for spamdyke STARTTLS plaintext injection. |
1.1_1 22 Jan 2012 14:59:21 |
sunpoet |
- Fix affected rubygem-rack version: add ,3 as PORTEPOCH=3 is restored |
1.1_1 22 Jan 2012 02:49:22 |
zi |
- Correct package range in 5c5f19ce-43af-11e1-89b4-001ec9578670
- Add databases/redis to the affected list for
91be81e7-3fea-11e1-afc7-2c4138874f7d |
1.1_1 21 Jan 2012 01:38:36 |
zi |
- Fix formatting/topic in 91be81e7-3fea-11e1-afc7-2c4138874f7d
Reviewed by: wxs |
1.1_1 20 Jan 2012 21:43:40 |
zi |
- Document security vulnerability in security/openssl (CVE-2012-0050) |
1.1_1 20 Jan 2012 19:24:00 |
jgh |
fix uuid on latest tomcat vulnerability
Approved by: crees, rene (implicit) |
1.1_1 20 Jan 2012 18:41:16 |
delphij |
- Fix modified date;
- Add more ruby variants. |
1.1_1 20 Jan 2012 18:28:10 |
delphij |
Update 91be81e7-3fea-11e1-afc7-2c4138874f7d to cover ruby+no-pthreads as
well.
Spotted by: Kevin Oberman <kob6558 gmail.com> |
1.1_1 20 Jan 2012 00:14:42 |
flo |
- document asterisk remote crash vulnerability |
1.1_1 19 Jan 2012 19:51:53 |
jgh |
Document recent vulnerability of Apache Tomcat Server.
Approved by: rene (mentor) |
1.1_1 19 Jan 2012 18:33:42 |
delphij |
Sigh, should have used <lt> instead of <gt>.
Pointy hat to: delphij |
1.1_1 19 Jan 2012 18:27:36 |
delphij |
php52-exif no longer vulnerable to CVE-2011-4566 as of 5.2.17_6 |
1.1_1 19 Jan 2012 09:16:00 |
knu |
Fix the version range for ruby. The stock version is affected. |
1.1_1 19 Jan 2012 09:13:30 |
knu |
There was no patch release in rubygem-rack 1.3.5_*, so just say < 1.3.6. |
1.1_1 19 Jan 2012 07:32:11 |
sunpoet |
- Fix affected rubygem-rack version: it should be _3 for PORTREVISION=3 |
1.1_1 17 Jan 2012 09:53:13 |
danfe |
Fix CVE URL in recent OpenTTD entry. |
1.1_1 17 Jan 2012 08:36:56 |
danfe |
Unexpand (convert leading spaces to tabs when possible). |
1.1_1 17 Jan 2012 08:31:38 |
danfe |
Document recent vulnerability of OpenTTD game server.
Reported by: Ilya Arkhipov |
1.1_1 16 Jan 2012 09:57:28 |
knu |
PHP5 had its own entry for this vulnerability, so remove this.
Pointed out by: ohauer |
1.1_1 16 Jan 2012 03:23:44 |
knu |
Add node < 0.6.7 (for V8). |
1.1_1 16 Jan 2012 03:20:39 |
knu |
Add v8 < 3.8.5 (CVE-2011-5037). |
1.1_1 16 Jan 2012 03:16:01 |
knu |
Add PHP < 5.3.9 (CVE-2011-4885). |
1.1_1 16 Jan 2012 03:03:49 |
knu |
Add Multiple implementations denial-of-service via hash algorithm collision.
Currently only JRuby, Ruby, and Rack are mentioned. More to follow. |
1.1_1 14 Jan 2012 10:01:38 |
mm |
Add missing URL reference to last commit |
1.1_1 14 Jan 2012 09:46:31 |
mm |
Add relevant FFmpeg vulnerabilities from Ubuntu USN-1320-1 |
1.1_1 14 Jan 2012 04:36:22 |
miwi |
- clean up |
1.1_1 14 Jan 2012 02:47:41 |
zi |
- Document vulnerabilities in security/openssl
-- CVE-2011-4108, CVE-2011-4109, CVE-2011-4576
-- CVE-2011-4577, CVE-2011-4619, CVE-2012-0027 |
1.1_1 13 Jan 2012 12:10:37 |
zi |
- Document vulnerability in net/isc-dhcp42-server (CVE-2011-4868) |
1.1_1 12 Jan 2012 21:56:20 |
delphij |
Document PowerDNS DoS vulnerability.
PR: ports/164066
Submitted by: Ralf van der Enden <tremere cainites.net> |
1.1_1 11 Jan 2012 18:32:21 |
delphij |
Document PHP multiple vulnerabilities. |
1.1_1 09 Jan 2012 18:13:37 |
rene |
Document a untrusted local library exploit in games/torcs.
Security: CVE-2010-3384 |
1.1_1 09 Jan 2012 02:26:53 |
wxs |
Document spamdyke STARTTLS plaintext injection vulnerability. |
1.1_1 07 Jan 2012 23:44:17 |
simon |
Remove HTML entity from a VuXML entry as they are not allowed in
VuXML, only Unicode charecter entities are allowed.
This should fix the portaudit build.
If anyone care enough to insert the correct umlaut, feel free to fix. |
1.1_1 06 Jan 2012 18:35:42 |
rene |
Add new vulnerabilities for www/chromium.
Security: CVE-2011-[3919,3921-3922] |
1.1_1 05 Jan 2012 18:52:28 |
delphij |
Fix build. |
1.1_1 05 Jan 2012 17:29:25 |
ohauer |
- document bugzilla and bugzilla3 security issues |
1.1_1 03 Jan 2012 23:50:36 |
delphij |
Document wordpress xss vulnerability.
Feature safe: yes |
1.1_1 30 Dec 2011 01:05:34 |
cy |
Add additional MITKRB5 reference.
Security: MITKRB5-SA-2011-008
Feature safe: yes |
1.1_1 29 Dec 2011 14:26:25 |
remko |
Fix build by adding a reference to the original URL. |
1.1_1 29 Dec 2011 13:04:24 |
crees |
Document XSS vulnerability in net-mgmt/zabbix-frontend
PR: ports/163691
Obtained from: https://support.zabbix.com/browse/ZBX-4015
Security: ZBX-4015 |
1.1_1 28 Dec 2011 12:24:32 |
mm |
Document remote DoS vulnerability in lighttpd HTTP authentication
Security: CVS-2011-4362 |
1.1_1 27 Dec 2011 04:00:15 |
eadler |
- Fix most of the duplicate words in vuxml, a few affect 'blockquotes' but that
should be okay as no information is lost. |
1.1_1 26 Dec 2011 23:23:29 |
wxs |
Don't wrap a couple of lines. No other entries wrap these lines, so when
in Rome... |
1.1_1 26 Dec 2011 23:00:58 |
wxs |
Whitespace cleanup in a BIND topic. |
1.1_1 26 Dec 2011 22:42:26 |
wxs |
Fix the build. Missing a quote on the blockquote citation and a missing </p>. |
1.1_1 26 Dec 2011 21:51:03 |
cy |
Document CVE-2011-4862 (FreeBSD-SA-11:08.telnetd) as it affects krb5-appl too.
Security: CVE-2011-4862, FreeBSD-SA-11:08.telnetd
Feature safe: yes |
1.1_1 23 Dec 2011 20:37:32 |
delphij |
Add vuxml entry for proftpd chroot vulnerability.
Feature safe: yes |
1.1_1 22 Dec 2011 12:11:17 |
zi |
- Document recent vulnerabilities in databases/phpmyadmin (PMASA-2011-19 and
PMASA-2011-20) |
1.1_1 21 Dec 2011 12:40:43 |
beat |
- Also fix SeaMonkey version range |
1.1_1 21 Dec 2011 11:28:37 |
beat |
- Fix cvename in latest mozilla vulnerability |
1.1_1 21 Dec 2011 07:48:50 |
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1 19 Dec 2011 13:15:50 |
sem |
unbound DoS vulnerability |
1.1_1 18 Dec 2011 14:24:38 |
miwi |
- Cleanup
* correct line limit
* sort cvename |
1.1_1 18 Dec 2011 13:30:50 |
zi |
- Correct package name in previous commit
Reported by: crees@ |