| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
01 Mar 2011 23:05:08
  |
beat  |
- Document mozilla -- multiple vulnerabilities |
1.1_1
01 Mar 2011 18:15:40
|
rene |
Document Chromium versions 9.0.597.[84,94,107]
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
1.1_1
25 Feb 2011 18:39:16
|
delphij |
Add two OpenLDAP security by-pass vulnerabilities. |
1.1_1
25 Feb 2011 14:01:15
|
mandree |
Fix broken linux-sun-jdk vulndb entries.
VuXML: 18e5428f-ae7c-11d9-837d-000e0c2e438a
VuXML: c93e4d41-75c5-11dc-b903-0016179b2dd5
PR: ports/154918 |
1.1_1
23 Feb 2011 14:43:41
|
miwi |
- Cleanup previous entry |
1.1_1
22 Feb 2011 21:30:19
|
flo |
- add asterisk -- Exploitable Stack and Heap Array Overflows |
1.1_1
20 Feb 2011 05:04:28
|
delphij |
Document PivotX administrator password reset vulnerability. |
1.1_1
15 Feb 2011 08:18:21
|
miwi |
- Update lastest tomcat entry (tomcat6/7 have the same problem)
Note: Please ask for review at ports-security@ THX! |
1.1_1
15 Feb 2011 08:00:38
|
wen |
- Document tomcat vulnerability |
1.1_1
11 Feb 2011 22:23:48
|
delphij |
Document two phpMyAdmin vulnerabilities. |
1.1_1
11 Feb 2011 21:39:03
|
nox |
Update to 10.2r152.
PR: ports/154630
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/4a3482da-3624-11e0-b995-001b2134ef46.html
Feature safe: yes |
1.1_1
11 Feb 2011 19:59:48
|
delphij |
Document mupdf PDF handling remote code execution vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:51:21
|
delphij |
Document rubygem-mail Remote Arbitrary Shell Command Injection Vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:48:03
|
delphij |
Document plone remote security bypass vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:40:12
|
delphij |
Document exim local privilege escalasion vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:36:45
|
delphij |
Document OpenOffice multiple vulnerabilities.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
10 Feb 2011 16:44:00
|
miwi |
- Cleanup previous commit |
1.1_1
10 Feb 2011 10:41:58
|
kwm |
Document multiple webkit-gtk2 security vulnabilities, fixed in 1.2.7. |
1.1_1
10 Feb 2011 00:44:26
|
delphij |
Document awstat multiple vulnerability.
Notified by: Tim Zingelman <tez netbsd.org> |
1.1_1
10 Feb 2011 00:28:17
|
delphij |
Document Opera multiple vulnerabilities.
Notified by: Tim Zingelman <tez netbsd.org> |
1.1_1
09 Feb 2011 21:37:55
|
delphij |
Document multiple vulnerabilities in Django.
Notified by: Jesco Freund <jesco.freund my-universe.com> |
1.1_1
09 Feb 2011 05:36:33
|
miwi |
- S/seriuos/serious |
1.1_1
09 Feb 2011 05:23:00
|
miwi |
- Document mediawiki - multiple vulnerabilites |
1.1_1
09 Feb 2011 04:53:13
|
miwi |
- Add chinese/wordpress-zh_CN and chinese/wordpress-zh_TW to the previous
wordpress entry |
1.1_1
05 Feb 2011 04:37:18
|
miwi |
- While here drop MD5 Support
Feature safe: yes |
1.1_1
05 Feb 2011 04:36:36
|
miwi |
- Add entry for wordpress - SQL injection vulnerability
PR: 153526
Submitted by: Mark Foster <mark@foster.cc>
Feature safe: yes |
1.1_1
02 Feb 2011 23:51:54
|
miwi |
- Cleanup previous commit
Feature safe: yes |
1.1_1
02 Feb 2011 15:45:11
|
kwm |
Add vlc - Insufficient input validation in MKV demuxer vulnability.
Feature safe: yes |
1.1_1
31 Jan 2011 14:02:34
|
miwi |
- Cleanup previous Entry
Feature safe: yes |
1.1_1
31 Jan 2011 09:47:54
|
decke |
- Document maradns -- denial of service when resolving a long DNS hostname
Submitted by: n j <nino80 at gmail dot com>
Feature safe: yes |
1.1_1
29 Jan 2011 00:23:19
|
wxs |
Adjust range for ISC DHCPv6 server crash.
Feature safe: yes |
1.1_1
29 Jan 2011 00:15:09
|
wxs |
Document ISC DHCPv6 server crash.
Feature safe: yes |
1.1_1
25 Jan 2011 15:07:36
|
skv |
Document "bugzilla" - multiple seriuos vulnerabilities.
Feature safe: yes |
1.1_1
24 Jan 2011 23:00:51
|
delphij |
Add dokuwiki multiple ACL escalation vulnerabilities.
Feature safe: yes |
1.1_1
23 Jan 2011 23:29:30
|
simon |
Try to unbreak vuxml portaudit build by removing use of HTML entity.
UTF-8 chars should be used.
This is not a fix, just a hack to get it working for now.
Feature safe: yes (really) |
1.1_1
23 Jan 2011 13:41:34
|
rene |
Describe www/chromium vulnerabilities between 8.0.552.215 and 8.0.552.237
Obtained from: http://googlechromereleases.blogspot.com/
Feature safe: yes |
1.1_1
21 Jan 2011 01:23:43
|
flo |
asterisk-1.8.2.1 is still vulnerable due to a botched merge upstream.
Feature safe: yes |
1.1_1
19 Jan 2011 09:19:48
|
flo |
- fix asterisk16 version string
Approved by: fjoe (mentor)
Feature safe: yes |
1.1_1
19 Jan 2011 08:46:28
|
flo |
- Document Exploitable Stack Buffer Overflow in asterisk
Approved by: fjoe (mentor)
Feature safe: yes |
1.1_1
19 Jan 2011 02:26:50
|
wxs |
Document tarsnap cryptographic nonce reuse vulnerability.
Discussed with: cperciva@
Feature safe: yes |
1.1_1
18 Jan 2011 09:26:18
|
delphij |
Add entry for moinmoin XSS vulnerabilities.
PR: ports/153898
Submitted by: Ruslan Mahmatkhanov <cvs-src yandex ru>
Feature safe: yes |
1.1_1
18 Jan 2011 02:14:53
|
delphij |
Document tor remote code execution and crash vulnerability.
Submitted by: Janne Snabb <snabb epipe com>
Feature safe: yes |
1.1_1
13 Jan 2011 14:09:25
|
rea |
security/sudo: document privilege escalation, CVE-2011-0010
PR: 153939
Approved by: delphij (secteam), erwin (mentor)
Feature safe: yes |
1.1_1
13 Jan 2011 12:53:14
|
rea |
devel/subversion: document security fixes in 1.6.15
Two DoS conditions:
- CVE-2010-4539, DoS via walking of SVNParentPath
collections;
- CVE-2010-4644, DoS via memory leaks triggered
by the option "-g" of the blame command.
Approved by: delphij (secteam), erwin (mentor)
Feature safe: yes |
1.1_1
13 Jan 2011 05:44:53
|
rea |
Split recent PHP entry into multiple ones
Many reasons:
- some vulnerabilities were present only in the specific
PHP modules and not in the core PHP;
- it is better to group vulnerabilities by-topic (DoS, code
execution, etc);
- PHAR vulnerability is present only in 5.3.x;
- extract() vulnerability was fixed both in 5.2 and 5.3:
http://www.mail-archive.com/php-cvs@lists.php.net/msg47722.html
- NULL-byte poisoning was fixed only in 5.3, 5.2.x is still
vulnerable to this design error;
- DFS-related fixes are not relevant for FreeBSD, since DFS
is Windows file system that is unsupported by us.
PR: 153433
Approved by: remko (secteam), erwin (mentor)
Feature safe: yes |
1.1_1
09 Jan 2011 09:12:09
|
ale |
Add entry for CVE-2010-4645 (php).
PR: ports/153766
Submitted by: Tom Judge <tom@tomjudge.com> |
1.1_1
08 Jan 2011 06:54:14
|
rea |
Document CVE-2010-4345: local exim -> root escalation
PR: 152983
Feature safe: yes
Reviewed by: remko (secteam)
Approved by: erwin (mentor), remko (secteam) |
1.1_1
06 Jan 2011 07:01:46
|
miwi |
- Cleanup |
1.1_1
06 Jan 2011 06:35:37
|
wen |
- Document the Clickjacking vulnerabilities of mediawiki |
1.1_1
01 Jan 2011 14:31:38
|
erwin |
Bump copyright year. |
1.1_1
30 Dec 2010 17:13:32
|
kwm |
Document webkit-gtk2 multiple vulnerabilities < 1.2.6.
Document some CVE's that didn't make it to release notes from older releases. |
1.1_1
29 Dec 2010 19:50:56
|
delphij |
Document django multiple vulnerabilities. |
1.1_1
28 Dec 2010 06:34:32
|
remko |
Add Drupal views plugin - Cross Site Scripting (XSS).
While here, improve previously added vuln entry by
following style a bit better.
PR: 153474
Submitted by: rea |
1.1_1
23 Dec 2010 14:12:21
|
decke |
- Document redmine -- multiple vulnerabilities |
1.1_1
22 Dec 2010 16:10:46
|
remko |
Add Tor remote crash and the possibility of remote code execution.
Submitted by: Janne Snabb <snabb at epipe dot com> |
1.1_1
16 Dec 2010 18:11:28
|
delphij |
Update to properly cover php52.
Noticed by: Chris St Denis <chris smartt com> |
1.1_1
15 Dec 2010 23:48:53
|
glarkin |
- Document JavaScript injection exploits in Yahoo UI (YUI) library |
1.1_1
13 Dec 2010 23:44:32
|
delphij |
Document PHP multiple vulnerabilities |
1.1_1
10 Dec 2010 11:48:31
|
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1
10 Dec 2010 01:02:04
|
stas |
- Document recent MIT krb5 checksum handling vulnerabilities. |
1.1_1
07 Dec 2010 18:02:47
|
rene |
Document the known vulnerabilities for www/chromium.
The [numbers] in the entry represent bug numbers which are clickable at
the referenced site, but most of them give a 403. |
1.1_1
04 Dec 2010 04:29:19
|
osa |
Document ProFTPD compromised source packages backdoor security issue. |
1.1_1
30 Nov 2010 03:00:12
|
sunpoet |
- Document phpMyAdmin XSS attack in database search |
1.1_1
24 Nov 2010 18:27:03
|
wxs |
Document net/isc-dhcp41-server DHCPv6 DoS. The update to the port is coming
shortly. |
1.1_1
24 Nov 2010 06:07:01
|
danfe |
Add entry for CVE-2010-4168: denial of service (server/client) via invalid
read in OpenTTD.
PR: ports/152529
Submitted by: kwm |
1.1_1
24 Nov 2010 04:54:24
|
danfe |
- Kill EOL whitespace and reformat to fit in standard terminal width better
- Clean up the way <p>...</p> tags are used throughout the file for consistency |
1.1_1
23 Nov 2010 19:02:12
|
thierry |
Add an entry for www/horde-base VCARD attachments XSS vulnerability.
Security: VuXML: a3314314-f731-11df-a757-0011098ad87f |
1.1_1
23 Nov 2010 17:42:24
|
simon |
Fix discovery date in last entry.
Pointy hat to: remko |
1.1_1
23 Nov 2010 16:38:51
|
remko |
Add proftpd remote root vulnerability.
Based on: Vladimir Nikolic <vladimir dot nikolic at amis dot net>
Feature proof: yes
With hat: secteam |
1.1_1
17 Nov 2010 11:09:34
|
dinoex |
- add security/openssl CVE-2010-3864 |
1.1_1
06 Nov 2010 17:55:52
|
nox |
- Update to 10.1r102 resp. 9.0r289.
- Drop MD5 hashes from distinfos
Security:
http://www.freebsd.org/ports/portaudit/76b597e4-e9c6-11df-9e10-001b2134ef46.html
Reported by: Matthias Apitz on -emulation |
1.1_1
06 Nov 2010 04:08:59
|
delphij |
Add wireshark CVE-2010-3445.
PR: ports/151891
Submitted by: Eygene Ryabinkin |
1.1_1
04 Nov 2010 01:50:23
|
sunpoet |
- Limit affected version of dovecot to 1.2.* before 1.2.8
(vid: 30211c45-e52a-11de-b5cd-00e0815b8da8)
Reported by: Adam McDougall <mcdouga9@egr.msu.edu>
Reference:
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html |
1.1_1
03 Nov 2010 20:29:56
|
wxs |
Document mailman XSS.
PR: ports/151918
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
1.1_1
03 Nov 2010 15:45:50
|
skv |
Document "otrs" - multiple XSS and denial of service vulnerabilities. |
1.1_1
28 Oct 2010 09:17:23
|
beat |
- Document mozilla -- Heap buffer overflow mixing document.write and DOM
insertion |
1.1_1
26 Oct 2010 16:46:27
|
dinoex |
- www/opera
PR: 151471
Submitted by: Arjan van Leeuwen |
1.1_1
25 Oct 2010 16:03:49
|
sunpoet |
- Add bzip2 integer overflow vulnerability
Approved by: pgollucci (mentor, implicit) |
1.1_1
25 Oct 2010 14:58:41
|
wxs |
Add the missing FreeBSD SA entries. We used to add these but stopped a while
back. This should catch us up.
According to cperciva@ the reason we stopped was that it was causing a lot of
false positives. I ran portaudit with these changes and did not see any false
positives but if it turns out to be too noisy I will remove them.
Submitted by: Christopher J. Umina (private mail)
Approved by: cperciva@ |
1.1_1
24 Oct 2010 17:08:03
|
rene |
Add monotone denial of service.
Security: http://www.monotone.ca/NEWS |
1.1_1
20 Oct 2010 21:13:40
|
pgollucci |
- Add devel/apr0 to list of packages that is affect. |
1.1_1
20 Oct 2010 15:12:52
|
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1
20 Oct 2010 12:42:51
|
kwm |
Add multiple vulnabilities in webkit-gtk2. |
1.1_1
06 Oct 2010 05:44:01
|
pgollucci |
- set modified date |
1.1_1
06 Oct 2010 05:41:27
|
pgollucci |
- these 2 urls are covered by the <cvename/> tags
Suggested by: stas |
1.1_1
06 Oct 2010 05:36:56
|
pgollucci |
- Fix a minor typo
Reported by: stas |
1.1_1
06 Oct 2010 05:29:50
|
pgollucci |
Document devel/apr1's apr-util vunerabilities
Security: http://secunia.com/advisories/41701
Reviewed by: secteam (cperciva) via irc |
1.1_1
02 Oct 2010 11:16:58
|
niels |
Documented phpMyFaq XSS vulnerability
PR: ports/151055
Submitted by: Florian Smeets <flo@smeets.im>
Approved by: itetcu (mentor, implicit)
Security: http://www.phpmyfaq.de/advisory_2010-09-28.php |
1.1_1
28 Sep 2010 18:04:46
|
thierry |
Report an XSS vulnerability in ftp/horde-gollem. |
1.1_1
28 Sep 2010 17:48:19
|
thierry |
Report a XSS vulnerability in mail/horde-dimp. |
1.1_1
28 Sep 2010 17:30:10
|
thierry |
Report a XSS vulnerability in mail/horde-imp. |
1.1_1
28 Sep 2010 17:09:35
|
thierry |
Report 2 vulnerabilities in www/horde-base. |
1.1_1
26 Sep 2010 13:32:10
|
niels |
Documented remote code execution vulnerability in OpenX
PR: ports/150610
Approved by: itetcu (mentor, implicit)
Security: ttp://blog.openx.org/09/security-update/ |
1.1_1
24 Sep 2010 20:24:37
|
niels |
Documented squid denial of service vulnerability
PR: ports/150364
Submitted by: Thomas-Martin Seck <tmseck@web.de>
Approved by: itetcu (mentor, implicit)
Security: CVE-2010-3072
Security: http://www.squid-cache.org/Advisories/SQUID-2010_3.txt |
1.1_1
22 Sep 2010 17:45:56
|
nox |
Update to 10.1r85 resp. 9.0r283 [1].
Security:
http://www.freebsd.org/ports/portaudit/8a34d9e6-c662-11df-b2e1-001b2134ef46.html
PR: ports/150832 [2]
Submitted by: pointyhat via pav [1], Tsurutani Naoki
<turutani@scphys.kyoto-u.ac.jp> [2] |
1.1_1
17 Sep 2010 20:07:07
|
delphij |
Correct discovery date, my bad :( |
1.1_1
17 Sep 2010 19:31:59
|
delphij |
Document django XSS vulnerability. |
1.1_1
15 Sep 2010 15:37:24
|
decke |
- Add libxul as affected package to the latest mozilla entry
Approved by: beat (co-mentor) |
1.1_1
10 Sep 2010 13:41:57
|
jadawin |
- Fix CVE name for webkit-gtk2 |
1.1_1
10 Sep 2010 13:03:20
|
kwm |
Document webkit-gtk2 - multiple vulnerabilities.
Also add 1 extra CVE to the previous webkit-gtk2 entry that was fixed but
didn't make it to the release notes. |
As an Amazon Associate I earn from qualifying purchases.
