| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
08 May 2012 20:23:11
  1.1_1
|
rm  |
Mark php52 >= 5.2.15 as not vulnerable to NULL byte poisoning [1]. This problem
was fixed in 5.3.4 and 5.2.15 simultaneously.
[1] http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html
Reported by: Svyatoslav Lempert <svyatoslav.lempert at gmail dot com> |
08 May 2012 02:20:11
1.1_1
|
swills |
- Add entry for www/node |
08 May 2012 01:54:57
1.1_1
|
swills |
- Add entry for p5-Config-IniFiles |
06 May 2012 15:45:47
1.1_1
|
eadler |
Add references for the portupgrade advisory. Some code actually expects content
in this section.
Reported by: dvl
Reviewed by: wxs,zi |
05 May 2012 13:53:46
1.1_1
|
simon |
Unbreak vuln.xml format.
While here fix a long line.
Pointyhat: scheidell |
05 May 2012 13:21:06
1.1_1
|
scheidell |
- Account for repocopy of php5 -> php53
- Account for php52 backport fix
- Add entry for php54 (which will be named php5)
Submitted by: scheidell@ (me) |
05 May 2012 11:12:07
1.1_1
|
scheidell |
- Third time the charm. remove extra (
Submitted by: scheidell@ (me) |
05 May 2012 11:02:13
1.1_1
|
scheidell |
- All versions of PHP between 2004 release and May 3rd, 2012 are vulnerable to
cmdarg attacks
- Note: PHP 5.2.12 and 5.4.2 were created to address this issue, but did not.
- See WWW: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- An additional, unreleased version is needed.
Submitted by: scheidell@ (me)
Obtained from: WWW:www.php.net/archive/2012.php#id2012-05-03-1
Security: CVE-2012-1823 |
05 May 2012 02:04:49
1.1_1
|
eadler |
Fix PHP entry to match the actual package name
Submitted by: simon |
02 May 2012 15:33:39
1.1_1
|
glarkin |
- Document www/webcalendar-devel - multiple vulnerabilities
Requested by: eadler, Hanno Boeck <hanno@hboeck.de> |
01 May 2012 12:56:26
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 18.0.1025.168
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3078-3081], CVE-2012-1521 |
30 Apr 2012 22:03:45
1.1_1
|
swills |
- Document vulnerability in lang/php5 |
30 Apr 2012 17:51:46
1.1_1
|
delphij |
Document samba incorrect permission checks vulnerability. |
30 Apr 2012 03:03:54
1.1_1
|
eadler |
Inform users that ports-mgmt/portupgrade-devel had unchecked distinfo |
27 Apr 2012 02:45:24
1.1_1
|
zi |
- Document vulnerability in net-mgmt/net-snmp (CVE-2012-2141) |
24 Apr 2012 17:51:47
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities |
23 Apr 2012 23:41:13
1.1_1
|
delphij |
Document dokuwiki CSRF vulnerability. |
23 Apr 2012 20:20:05
1.1_1
|
flo |
Document multiple asterisk vulnerabilities |
23 Apr 2012 15:26:51
1.1_1
|
eadler |
Inform users of security vulns in wordpress
PR: ports/167157 |
22 Apr 2012 18:30:38
1.1_1
|
eadler |
Unbreak vuxml by removing stray 'p'
Submitted by: vuxml buildbot |
22 Apr 2012 18:02:00
1.1_1
|
danfe |
Fix formatting in the first 10% of VuXML database file. |
22 Apr 2012 15:22:21
1.1_1
|
danfe |
Fix whitespace: run through unexpand(1), spelling, wrap overly long lines. |
21 Apr 2012 23:43:57
1.1_1
|
eadler |
Inform users about the recent openssl vuln
Reviewed by: dinoex |
21 Apr 2012 17:37:42
1.1_1
|
ohauer |
- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry
Approved by: skv (implicit)
Security: https://bugzilla.mozilla.org/show_bug.cgi?id=728639
https://bugzilla.mozilla.org/show_bug.cgi?id=745397
CVE-2012-0465
CVE-2012-0466 |
19 Apr 2012 03:12:32
1.1_1
|
jgh |
- document typo3 vulnerability
PR: ports/167029 |
16 Apr 2012 15:34:57
1.1_1
|
eadler |
Add information about the recent nginx security vulnerability
PR: ports/166990
Submitted by: rodrigo osorio <rodrigo@bebik.net> |
14 Apr 2012 16:45:06
1.1_1
|
flo |
Document phpmyfaq -- Remote PHP Code Execution Vulnerability |
12 Apr 2012 15:48:52
1.1_1
|
swills |
- Slight cleanups for my puppet entry |
12 Apr 2012 00:16:50
1.1_1
|
eadler |
Add logic to check for tidy differences in the 'make validate' target.
Approved by: secteam (simon, maintainer) |
11 Apr 2012 01:44:20
1.1_1
|
swills |
- Document security issue with Puppet
- Update puppet for security issue
Security: 607d2108-a0e4-423a-bf78-846f2a8f01b0 |
10 Apr 2012 21:16:53
1.1_1
|
delphij |
Document samba root code execution vulnerability. |
10 Apr 2012 05:32:14
1.1_1
|
ohauer |
- document bugzilla Cross-Site Request Forgery |
09 Apr 2012 23:15:23
1.1_1
|
eadler |
Document recent flash player vulnerabilities
Reviewed by: nox |
08 Apr 2012 22:27:16
1.1_1
|
zi |
- Document vulnerability in graphics/png (CVE-2011-3048)
- Fix wording/spelling in 462e2d6c-8017-11e1-a571-bcaec565249c
Feature safe: yes |
08 Apr 2012 07:47:38
1.1_1
|
remko |
As requested by eadler, revert the commit about the move of the
<!-- EOF --> tag. I cannot reproduce the error anymore, so it
might have been the reviewal entry or something else was locally
wrong.
I did a make validate before committing this to make sure it's
OK at this point, if someone encounters the same problem, please
let us know!
Feature safe: yes |
06 Apr 2012 18:44:36
1.1_1
|
kwm |
Document freetype 2 multiple vulnabilities.
Feature safe: yes |
06 Apr 2012 16:07:06
1.1_1
|
nox |
- Fix vulnerability CVE-2011-1429.
- Add a patch to the mutt pager that handles non-breaking space
characters (0xA0) in an UTF8 environment correctly.
- Bump PORTREVISION.
PR: ports/166659
Submitted by: Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
Security:
http://www.freebsd.org/ports/portaudit/49314321-7fd4-11e1-9582-001b2134ef46.html
Feature safe: yes |
05 Apr 2012 20:59:08
1.1_1
|
rene |
Mention vulnerabilities in www/chromium < 18.0.1025.151
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3066-3077]
Feature safe: yes |
03 Apr 2012 17:55:33
1.1_1
|
remko |
Someone forgot to do a make validate after adding the <!--EOF
line. It breaks the make validate.
Feature safe: yes |
01 Apr 2012 23:57:23
1.1_1
|
marcus |
Add a record for CVE-2012-1178.
Reported by: Peter Jeremy <peterjeremy@acm.org>
Feature safe: yes |
29 Mar 2012 01:23:15
1.1_1
|
eadler |
Fix formatting so that "make tidy" passes
Feature safe: yes |
28 Mar 2012 23:50:42
1.1_1
|
matthew |
Another phpmyadmin security update.
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10.2/phpMyAdmin-3.4.10.2-notes.html/download
Welcome to phpMyAdmin 3.4.10.2, a minor security release.
3.4.10.2 (2012-03-28)
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-2
Advisory:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php
Approved by: shaun (mentor)
Feature safe: yes
Security: a81161d2-790f-11e1-ac16-e0cb4e266481 |
28 Mar 2012 20:10:11
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 18.0.1025.142
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3057-3065]
Feature safe: yes |
26 Mar 2012 11:56:55
1.1_1
|
sem |
- quagga-re affected the last vulnerability too.
Feature safe: Yes |
25 Mar 2012 17:20:54
1.1_1
|
rakuco |
Document CVE-2012-0037 for textproc/raptor and textproc/raptor2.
Security: CVE-2012-0037
Feature safe: yes |
24 Mar 2012 15:12:45
1.1_1
|
eadler |
Fix formatting so that "make tidy" passes
Feature safe: yes |
24 Mar 2012 14:11:55
1.1_1
|
zi |
- Document recent vulnerabilities in net/quagga (CVE-2012-0249, CVE-2012-0250,
CVE-2012-0255)
Feature safe: yes |
24 Mar 2012 08:00:14
1.1_1
|
delphij |
Correct version ranges.
Feature safe: yes |
24 Mar 2012 07:20:53
1.1_1
|
lwhsu |
Document Apache Traffic Server -- heap overflow vulnerability
Feature safe: yes |
22 Mar 2012 10:57:29
1.1_1
|
rene |
Document vulnerabilities for www/chromium < 17.0.963.83
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3045,3049-3057]
Feature safe: yes |
21 Mar 2012 21:58:05
1.1_1
|
delphij |
Document GNUtls and libtasn1 security vulnerabilities.
Feature safe: yes |
18 Mar 2012 04:39:27
1.1_1
|
miwi |
- Cleanup
Feature safe: yes |
18 Mar 2012 04:30:56
1.1_1
|
miwi |
- Correct the last 3 firefox 3.6 entrys
PR: 166207
Submitted by: Sergey Kandaurov <pluknet@gmail.com>
Feature safe: yes |
15 Mar 2012 23:11:09
1.1_1
|
flo |
Document recent asterisk vulnerabilities.
Feature safe: yes |
15 Mar 2012 15:21:03
1.1_1
|
wxs |
Document CVE-2012-0884.
Feature safe: yes |
15 Mar 2012 13:45:55
1.1_1
|
osa |
Document nginx -- potential information leak.
Feature safe: yes |
14 Mar 2012 09:16:51
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities
Feature safe: yes |
13 Mar 2012 09:37:28
1.1_1
|
kwm |
Do proper input validation for libXfont. This is for CVE-2011-2895.
Feature safe: yes |
12 Mar 2012 02:23:59
1.1_1
|
wxs |
Typo fix.
Feature safe: yes |
11 Mar 2012 21:37:43
1.1_1
|
simon |
- Document portaudit -- auditfile remote code execution.
- Update (c) year.
Feature safe: yes |
11 Mar 2012 16:07:58
1.1_1
|
wxs |
Appease the tidy target. ;)
Feature safe: yes |
11 Mar 2012 11:16:48
1.1_1
|
rene |
Document vulnerabilities in www/chromium < 17.0.963.79
Security: CVE-2011-3047
Feature safe: yes |
10 Mar 2012 01:47:32
1.1_1
|
eadler |
Fix formatting so that "make tidy" passes
Feature safe: yes |
10 Mar 2012 01:45:52
1.1_1
|
eadler |
Document the latest flash player vulnerabilities
Reviewed by: nox
Feature safe: yes |
09 Mar 2012 10:03:54
1.1_1
|
rene |
Mark chromium < 17.0.963.78 as vulnerable.
Security: CVE-2011-3046
Feature safe: yes |
07 Mar 2012 18:44:29
1.1_1
|
lwhsu |
Document jenkins XSS vulnerability.
Submitted by: Gersom van de Bunt <gersom.vandebunt@pine.nl> |
05 Mar 2012 18:16:18
1.1_1
|
rene |
Add new vulnerabilities for www/chromium < 17.0.963.65
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3031-3044] |
04 Mar 2012 23:07:08
1.1_1
|
ak |
Document dropbear security issue
Approved by: eadler (mentor) |
04 Mar 2012 01:00:34
1.1_1
|
wxs |
Whitespace cleanup and stick to ASCII in recent openx entry. |
02 Mar 2012 21:32:37
1.1_1
|
jgh |
document latest openx security issue
PR: ports/165613 |
28 Feb 2012 19:19:01
1.1_1
|
crees |
Document latest PostgreSQL vulnerabilities
Security: http://www.postgresql.org/about/news/1377/ |
28 Feb 2012 00:09:56
1.1_1
|
eadler |
- Add information about make tidy checking now that it actually functions
- use ' instead of `
- add a note about ports-security |
28 Feb 2012 00:04:11
1.1_1
|
eadler |
Document recent flash vulns
Reviewed by: nox |
27 Feb 2012 23:49:42
1.1_1
|
eadler |
Pacify 'make tidy' and use valid XML.
While make diff against the tidy version a canconical test. |
27 Feb 2012 23:10:36
1.1_1
|
kwm |
Add libxml2 vulnability.
PR: ports/164270
Submitted by: kj <b4039413@nwldx.com> |
27 Feb 2012 03:04:47
1.1_1
|
wxs |
Fixup python entry. No need to have python metaport listed.
Reviewed by: miwi@ |
20 Feb 2012 04:28:51
1.1_1
|
eadler |
Minor whitespace fixup |
19 Feb 2012 22:27:33
1.1_1
|
rene |
Include PORTREVISION in plib version number to fix previous commit. |
19 Feb 2012 22:14:32
1.1_1
|
rene |
Document a remote code execution via a buffer overflow in PLIB.
Security: CVE-2011-4620 |
18 Feb 2012 15:00:46
1.1_1
|
matthew |
Security update to 3.4.10.1
XSS in replication setup
ChangeLog:
Welcome to phpMyAdmin 3.4.10.1, a minor security release.
3.4.10.1 (2012-02-18)
- [security] XSS in replication setup, see PMASA-2012-1
Security Advisory:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php
Approved by: shaun (mentor) |
17 Feb 2012 21:21:41
1.1_1
|
jgh |
- document latest piwik security vulnerability
PR: ports/165217 |
17 Feb 2012 19:38:33
1.1_1
|
flo |
- document recent mozilla vulnerabilities
- wrap a long line |
15 Feb 2012 23:16:02
1.1_1
|
rene |
Document vulnerabilities in chromium < 17.0.963.56
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3015-3027] |
15 Feb 2012 19:58:37
1.1_1
|
glarkin |
- Updated the recent WebCalendar entry to match <= 1.2.4 instead of < 1.2.4,
since 1.2.4 (not yet in tree) is vulnerable, and 1.2.5 has not been
released by upstream yet
- Fixed the URL in the recent WebCalendar entry
- Canonicalized naming in other WebCalendar entries
- Fixed various nits flagged by "make tidy" |
15 Feb 2012 00:03:39
1.1_1
|
eadler |
This vuln also affects pypy |
14 Feb 2012 03:32:30
1.1_1
|
eadler |
typo |
14 Feb 2012 03:31:46
1.1_1
|
eadler |
Inform users of the DoS issue in the python SimpleXMLRPCServer function |
13 Feb 2012 16:27:11
1.1_1
|
eadler |
Add the recently assigned cve number |
12 Feb 2012 04:17:13
1.1_1
|
eadler |
Inform users of the XSS issue in the latest version of WebCalendar.
It seems that there has been no response from the vendor
and users may want to switch to an alternate product that fits their needs. |
11 Feb 2012 18:17:27
1.1_1
|
wxs |
Whitespace fixes. |
11 Feb 2012 10:50:39
1.1_1
|
beat |
- Document mozilla -- use after free in nsXBLDocumentInfo::ReadPrototypeBindings |
11 Feb 2012 04:55:42
1.1_1
|
eadler |
Inform bip users of buffer overflow (CVE-2012-0806) |
11 Feb 2012 01:27:56
1.1_1
|
eadler |
Inform users of the private information disclosure bug in surf (CVE-2012-0842)
Reviewed by: dougb |
10 Feb 2012 10:26:07
1.1_1
|
jadawin |
Fix style
Reported by: flo@ via irc |
10 Feb 2012 10:11:49
1.1_1
|
jadawin |
Document last glpi vulnerabilities
Submitted by: Mathias Monnerville <mathias@monnerville.com> via email |
09 Feb 2012 12:48:48
1.1_1
|
rene |
Document new Chromium < 17.0.963.46 vulnerabilities.
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: fe1976c2-5317-11e1-9e99-00262d5ed8ee |
07 Feb 2012 23:11:21
1.1_1
|
delphij |
Document Drupal core multiple vulnerabilities. |
07 Feb 2012 04:13:47
1.1_1
|
wxs |
Fix up 3fd040be-4f0b-11e1-9e32-0025900931f by giving a better description. |
06 Feb 2012 12:01:22
1.1_1
|
skv |
Document "bugzilla" - multiple vulnerabilities. |
04 Feb 2012 08:40:01
1.1_1
|
delphij |
Document PHP remote code vulnerability. |
If you buy from Amazon USA, please support us by using this link.