Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 18 Dec 2011 13:07:02 |
zi |
- Document vulnerabilities in www/typo3 and www/typo345 |
1.1_1 14 Dec 2011 04:07:06 |
zi |
- Document security/krb5 vulnerability as described in MITKRB5-SA-2011-007 |
1.1_1 14 Dec 2011 03:52:28 |
zi |
- Add CVE for recent asterisk vulnerabilities
Feature safe: yes |
1.1_1 13 Dec 2011 20:35:32 |
delphij |
Document Opera multiple vulnerabilities.
Requested by: tabthorpe
Feature safe: yes |
1.1_1 13 Dec 2011 20:17:29 |
rene |
Document vulnerabilities fixed in Chromium 16.0.912.63
Security: CVE-2011-[3903-3917] |
1.1_1 13 Dec 2011 17:45:46 |
mandree |
Add cvename tag with content CVE-2011-4607 for PuTTY password 'vulnerability'.
Feature safe: yes
Submitted by: eadler |
1.1_1 13 Dec 2011 17:34:52 |
zi |
- Correct package name for asterisk18
Feature safe: yes |
1.1_1 12 Dec 2011 19:57:18 |
mandree |
Update PuTTY to new upstream security and bug fix release 0.62,
and add a new VuXML entry.
Changelog:
http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html
Security: bbd5f486-24f1-11e1-95bc-080027ef73ec
Feature safe: yes |
1.1_1 09 Dec 2011 01:52:43 |
zi |
- Document asterisk vulnerabilities
Feature safe: yes |
1.1_1 07 Dec 2011 23:49:09 |
zi |
- Document vulnerabilities in isc-dhcp: CVE-2011-4539
Feature safe: yes |
1.1_1 01 Dec 2011 21:03:31 |
dougb |
Update to version 3.4.8
This is the formal release of the fix to CVE-2011-4634, but there are
no code differences from the preliminary fixes released in 3.4.8-rc1
except for the updated version number.
PMSA-2011-18 has now been published; vuxml entry attached.
PR: ports/163001
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Feature safe: yes |
1.1_1 30 Nov 2011 09:31:36 |
pav |
- Add a link to a nice documentation in PH
Suggested by: dougb
Feature safe: yes |
1.1_1 30 Nov 2011 08:45:12 |
pav |
- Add a quick guide to adding a new entry to this unfriendly file
Feature safe: yes |
1.1_1 19 Nov 2011 15:13:49 |
dinoex |
- mark 1.3.41+2.8.31_4 as not vulnerable
Feature safe: yes |
1.1_1 18 Nov 2011 22:38:17 |
cs |
hiawatha -- memory leak in PreventSQLi routine
Approved by: glarkin@ (mentor)
Feature safe: yes |
1.1_1 18 Nov 2011 20:20:27 |
delphij |
Bump modified date for previous commit.
Feature safe: yes |
1.1_1 18 Nov 2011 20:13:50 |
dougb |
The long-term URL for the latest BIND vulnerability is up at ISC,
so adjust accordingly.
Feature safe: yes |
1.1_1 17 Nov 2011 10:08:18 |
rene |
Mark chromium-15.0.874.120 vulnerable.
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-3900
Feature safe: yes |
1.1_1 16 Nov 2011 23:59:35 |
dougb |
Add an entry for the BIND DOS vulnerability announced today
Feature safe: yes |
1.1_1 14 Nov 2011 23:27:03 |
ohauer |
- document apache13 CVE-2011-3368
Feature safe: yes |
1.1_1 14 Nov 2011 03:25:46 |
miwi |
- Fix previous entry
Feature safe: yes |
1.1_1 14 Nov 2011 03:14:11 |
rakuco |
Add note about CVE-2011-2725 for ark in kdeutils4.
Approved by: avilla (mentor, implicit)
Feature safe: yes |
1.1_1 13 Nov 2011 22:28:09 |
ohauer |
- document apache apr-0.9 reimplementation of apr_fnmatch()
Feature safe: yes |
1.1_1 13 Nov 2011 02:20:57 |
dougb |
Fix the recent flash entry:
1. Only one <package> container is needed
2. Use of <lt> has to be relative to the latest (unvulnerable) version
3. Improve the range for the 11.x version to not tag all 10.x versions
4. Use https for the cite in blockquote
5. Fix a CVE entry
Feature safe: yes |
1.1_1 12 Nov 2011 16:13:48 |
miwi |
- Correct latest libxml(1) entrys
- Mark CVS-2009-2414 CVS-2009-2416 CVS-2011-1944 entrys as safe
- Fix whitespaces
- Bump modify date
- While here add missing blank lines between entries [1]
[1] This would not happened when committers use "make newentry" (sometimes RTFM
is really helpful)
Feature safe: yes |
1.1_1 12 Nov 2011 12:15:40 |
crees |
Document latest phpMyAdmin vulnerability
PR: ports/162442
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Security: CVE-2011-4107
Security: http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
CC: m.seaman@infracaninophile.co.uk
Feature safe: yes |
1.1_1 12 Nov 2011 05:39:50 |
eadler |
- update flash10 to 10.3r183.11
- add security issues to vuln.xml
Submitted by: nox
Reviewed by: dougb (vuxml)
Security: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457,
CVE-2011-2458, CVE-2011-2459, CVE-2011-2458
Feature safe: yesA |
1.1_1 11 Nov 2011 19:13:05 |
rene |
Add vulnerabilities for www/chromium < 15.0.874.120
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3892-3898]
Feature safe: yes |
1.1_1 10 Nov 2011 13:40:45 |
wxs |
Add missing blank lines between entries.
Feature safe: yes |
1.1_1 10 Nov 2011 07:58:08 |
delphij |
Fix build.
Feature safe: yes |
1.1_1 10 Nov 2011 07:19:25 |
bapt |
Register multiple libxml{1,2} vulnerabilities |
1.1_1 10 Nov 2011 04:44:43 |
miwi |
- Cleanup a bit |
1.1_1 10 Nov 2011 02:27:53 |
novel |
Document gnutls client session resumption vulnerability. |
1.1_1 08 Nov 2011 17:48:37 |
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1 07 Nov 2011 04:27:53 |
eadler |
- add vuxml entry for insecure use of temporary directories in caml-light
Reviewed by: dougb
Approved by: bapt,sahil (mentors, implicit) |
1.1_1 07 Nov 2011 04:23:54 |
eadler |
- add vuxml entry for insecure use of temporary directories in caml-light
Reviewed by: dougb
Approved by: bapt,sahil (mentors, implicit) |
1.1_1 03 Nov 2011 21:21:54 |
kwm |
Fix the freetype entry. The package name is freetype2 and fill in the comment. |
1.1_1 01 Nov 2011 18:00:56 |
bapt |
Fix vuln.xml |
1.1_1 01 Nov 2011 17:44:15 |
kwm |
Document vulnerabilities in handling Type 1 fonts in freetype. |
1.1_1 01 Nov 2011 08:46:08 |
delphij |
Properly match lower bound of version numbers.
Noticed by: Patrick Oonk <patrick.oonk pine.nl> |
1.1_1 01 Nov 2011 07:18:06 |
miwi |
- bid from latest PivotX entry [1]
- while remove a lot whitespaces
PR: 161734 [1]
Submitted by: Fumiyuki Shimizu <fumifumi@abacustech.jp> |
1.1_1 28 Oct 2011 17:06:58 |
kwm |
Document cacti security issues.
SQL injection issue with user login
Cross-site scripting issues.
PR: ports/162044
Reported by: moggie <moggie@elasticmind.net> |
1.1_1 28 Oct 2011 09:28:28 |
miwi |
- Cleanup & whitespace fixe |
1.1_1 26 Oct 2011 07:57:19 |
flo |
document phpmyfaq remote PHP code injection vulnerability |
1.1_1 25 Oct 2011 17:45:34 |
rene |
Mention vulnerabilities in www/chromium < 15.0.874.102
Obtained from: http://googlechromereleases.blogspot.com/
Security: CVE-2011-[2845, 3875-3891] |
1.1_1 24 Oct 2011 15:20:27 |
glarkin |
- Document phpldapadmin - remote PHP code injection vulnerability
PR: ports/161954
Submitted by: Ruslan Mahmatkhanov <cvs-src@yandex.ru> |
1.1_1 23 Oct 2011 16:16:48 |
rakuco |
Document CVE-2011-3365 and CVE-2011-3366.
Different CVE numbers for different software, but they share the same
KDE security advisory.
Approved by: makc (mentor) |
1.1_1 23 Oct 2011 16:14:49 |
rakuco |
Fix the port names of a few past KDE vulnerabilities.
The entries mentioned kdebase4-runtime, kdebase3, kdelibs4 etc, but
the port names are kdebase, kdelibs etc.
Adjust the names and the version ranges.
Approved by: makc (mentor) |
1.1_1 20 Oct 2011 11:01:41 |
flo |
add an entry for the recent piwik vulnerability, with the little information
that's available.
The only known fact is that Piwik rates this update critical. |
1.1_1 18 Oct 2011 18:53:16 |
delphij |
Fix discovery date. |
1.1_1 18 Oct 2011 18:24:29 |
kwm |
Document a File disclosure vulnerability and File permission change
vulnerability
in xorg-server.
Obtained from:
http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html
upstream xorg-server
Security: CVE-2011-4028, CVE-2011-4029 |
1.1_1 17 Oct 2011 19:49:23 |
amdmi3 |
- Fix entry dates for recently added OpenTTD vulns
Submitted by: "Ilya A. Arkhipov" <micro@heavennet.ru> |
1.1_1 17 Oct 2011 19:02:23 |
delphij |
Document asterisk -- remote crash vulnerability in SIP channel driver. |
1.1_1 17 Oct 2011 18:54:31 |
delphij |
Commit result of manually merged make tidy output. |
1.1_1 17 Oct 2011 18:52:16 |
delphij |
Document PivotX remote file inclusion vulnerability.
PR: ports/161734
Submitted by: Fumiyuki Shimizu <fumifumi abacustech jp> |
1.1_1 17 Oct 2011 03:50:23 |
amdmi3 |
- Fix quotation links
Reported by: danfe |
1.1_1 16 Oct 2011 18:39:44 |
amdmi3 |
Document openttd multiple vulnerabilities
PR: 161488
Submitted by: "Ilya A. Arkhipov" <micro@heavennet.ru> |
1.1_1 08 Oct 2011 10:56:33 |
mandree |
ca_root_nss - fix capitalization of topics
Security: 1b27af46-d6f6-11e0-89a6-080027ef73ec
Security: aa5bc971-d635-11e0-b3cf-080027ef73ec |
1.1_1 08 Oct 2011 10:54:58 |
mandree |
ca_root_nss - reword topic for clarity
Security: 1b27af46-d6f6-11e0-89a6-080027ef73ec |
1.1_1 07 Oct 2011 07:32:11 |
novel |
Be less grubby in specifying vulnerable gnutls-devel versions. |
1.1_1 06 Oct 2011 00:25:58 |
jlaffaye |
Latest pyblosxom version is not vulnerable |
1.1_1 05 Oct 2011 20:44:30 |
delphij |
Document quagga multiple vulnerabilities |
1.1_1 04 Oct 2011 18:24:47 |
rene |
Document latest vulnerabilities for www/chromium
Obtained from: http://googlechromereleases.blogspot.com/
Security: CVE-2011-[2876-2881, 3873] |
1.1_1 30 Sep 2011 18:06:53 |
delphij |
Correct tomcat version represetations.
Pointed out by: Tim Zingelman <tez netbsd.org> |
1.1_1 28 Sep 2011 15:58:02 |
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1 23 Sep 2011 20:02:19 |
delphij |
Properly mark version range for horde-imp. |
1.1_1 22 Sep 2011 20:47:10 |
nox |
- Update linux-f10-flashplugin to 10.3r183.10 . [1]
- Make gnome desktopfileutils dependency optional. [2]
PR: ports/160894 [1]
Submitted by: Garrett Cooper <yanegomi@gmail.com> [1]
Suggested by: Peter Jeremy <peterjeremy@acm.org> [2]
Security:
http://www.freebsd.org/ports/portaudit/53e531a7-e559-11e0-b481-001b2134ef46.html |
1.1_1 21 Sep 2011 11:35:28 |
zi |
Improve accuracy of krb5 vulnerability entries for upcoming port addition of
krb5-17.
(one entry was missed from the previous commit) |
1.1_1 21 Sep 2011 02:21:25 |
zi |
Improve accuracy of krb5 vulnerability entries for upcoming port addition
of krb5-17. |
1.1_1 20 Sep 2011 18:24:20 |
rene |
Document vulnerabilities in Chromium 13.0.x.y
Obtained from: http://googlechromereleases.blogspot.com/
Security: CVE-2011-[2834-2838, 2840-2844, 2846-2862, 2864, 2874-2875,
3234] |
1.1_1 14 Sep 2011 23:26:28 |
delphij |
Document phpMyAdmin multiple XSS vulnerability.
Update phpMyAdminn to 3.4.5 release. [1]
PR: ports/160589 [1]
Submitted by: maitainer [1] |
1.1_1 13 Sep 2011 17:50:29 |
delphij |
Document Django multiple vulnerabilities. |
1.1_1 13 Sep 2011 01:11:03 |
delphij |
Document roundcube XSS vulnerability. |
1.1_1 12 Sep 2011 18:38:31 |
olgeni |
Document libsndfile -- PAF file processing integer overflow.
Security: CVE-2011-2696 |
1.1_1 10 Sep 2011 07:41:22 |
ashish |
Re-revise emacs vulnerability to limit with >= 22 and < 22.2_1 instead of
>21.* and <22.2_1 which didn't work as expected |
1.1_1 08 Sep 2011 22:30:43 |
ashish |
- Limit emacs vulnerability to > 21.* and <= 22.2 instead of just <= 22.2 |
1.1_1 07 Sep 2011 18:30:42 |
delphij |
Document two OpenSSL vulnerabilities.
(There is no OpenSSL 0.9.8s in the ports so mark <1.0.0 as vulnerable). |
1.1_1 06 Sep 2011 21:12:04 |
flo |
fix last thunderbird entry |
1.1_1 06 Sep 2011 20:12:45 |
flo |
add firefox, thunderbird and seamonkey to the DigiNotar.nl entry
Security:
http://www.vuxml.org/freebsd/aa5bc971-d635-11e0-b3cf-080027ef73ec.html |
1.1_1 05 Sep 2011 16:24:22 |
bapt |
Fix vuln.xml, while here fix indentation |
1.1_1 05 Sep 2011 15:55:38 |
eadler |
- Update to 1.2.7
PR: ports/160368
Submitted by: gjb
Approved by: dvl (maintainer), bapt (mentor)
Security: CVE-2011-2938 |
1.1_1 04 Sep 2011 20:15:52 |
crees |
- Document cfs buffer overflow vulnerability.
- While here, unbreak packaudit -- it doesn't like newlines in the
middle of tags. Perhaps a comment should say something? |
1.1_1 04 Sep 2011 13:14:22 |
mandree |
Revise nss/ca_root_nss working around Mozilla,
limit ca_root_nss vuln to < 3.12.11 from <= 3.12.11.
Add a new entry for the ca_root_nss bug that caused extraction of untrusted
certificates to the trust bundle.
PR: ports/160455 |
1.1_1 04 Sep 2011 11:46:47 |
sunpoet |
- Correct affected plone versions |
1.1_1 04 Sep 2011 04:09:43 |
dinoex |
- bump modifiled for CVE-2007-5137 |
1.1_1 03 Sep 2011 16:28:49 |
dinoex |
- update CVE-2007-5137 |
1.1_1 03 Sep 2011 16:18:19 |
mandree |
Update range to exclude nss 3.12.11 from vuln, as kwm@'s commit
to upgrade nss to 3.12.11 included the newer CKBI 1.87 that explicitly
distrusts DigiNotar. |
1.1_1 03 Sep 2011 15:43:39 |
mandree |
Add a security notice for the DigiNotar incident, listing nss/ca_root/nss. |
1.1_1 03 Sep 2011 12:49:13 |
flo |
- only match vulnerable versions in the hlstats entry
- add additional CVEs |
1.1_1 02 Sep 2011 17:15:58 |
crees |
Final modification for apache22 vulnerability; include slave ports as well
Pointed out by: flo
Reviewed by: eadler |
1.1_1 01 Sep 2011 19:06:27 |
crees |
Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
Submitted by: Aleksandr Stankevic (sysmonk on IRC/Freenode##FreeBSD)
Security: CVE-2011-3192 |
1.1_1 30 Aug 2011 22:29:14 |
shaun |
Put a lower bound on the last php entry, as the bug was introduced in
5.3.7-RC5.
Submitted by: "jaset" via #bsdports |
1.1_1 30 Aug 2011 13:21:27 |
sbz |
- Fix entry date and use two ranges
Reviewed by: gahr@
Approved by: jadawin@ (mentor) |
1.1_1 30 Aug 2011 12:01:13 |
sbz |
- Document CVE-2011-3192 for recent apache DoS vulnerability
Approved by: jadawin@ (mentor)
Security:
http://vuxml.org/freebsd/7f6108d2-cea8-11e0-9d58-0800279895ea.html |
1.1_1 26 Aug 2011 18:12:00 |
delphij |
Upstream indicates that this only affects 4.40 and 4.41 so add a <ge> tag
to indicate that. |
1.1_1 26 Aug 2011 18:10:39 |
delphij |
Document stunnel heap corruption vulnerability. |
1.1_1 24 Aug 2011 22:43:04 |
bapt |
Fix discovery date |
1.1_1 24 Aug 2011 22:20:14 |
delphij |
DOcument phpMyAdmin CVE-2011-3181 (multiple XSS). |
1.1_1 23 Aug 2011 17:02:34 |
rene |
Document new Chromium vulnerabilities.
Obtained from: http://google-chrome-browser.com/releases
Security: CVE-2011-[2821, 2823-2829, 2839] |
1.1_1 23 Aug 2011 00:58:34 |
delphij |
Mark PHP5 < 5.3.7_2 as vulnerable to PHP bug #55439: crypt() returns only
the salt for MD5. |