| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
19 Jan 2012 18:27:36
  1.1_1
|
delphij  |
php52-exif no longer vulnerable to CVE-2011-4566 as of 5.2.17_6 |
19 Jan 2012 09:16:00
1.1_1
|
knu |
Fix the version range for ruby. The stock version is affected. |
19 Jan 2012 09:13:30
1.1_1
|
knu |
There was no patch release in rubygem-rack 1.3.5_*, so just say < 1.3.6. |
19 Jan 2012 07:32:11
1.1_1
|
sunpoet |
- Fix affected rubygem-rack version: it should be _3 for PORTREVISION=3 |
17 Jan 2012 09:53:13
1.1_1
|
danfe |
Fix CVE URL in recent OpenTTD entry. |
17 Jan 2012 08:36:56
1.1_1
|
danfe |
Unexpand (convert leading spaces to tabs when possible). |
17 Jan 2012 08:31:38
1.1_1
|
danfe |
Document recent vulnerability of OpenTTD game server.
Reported by: Ilya Arkhipov |
16 Jan 2012 09:57:28
1.1_1
|
knu |
PHP5 had its own entry for this vulnerability, so remove this.
Pointed out by: ohauer |
16 Jan 2012 03:23:44
1.1_1
|
knu |
Add node < 0.6.7 (for V8). |
16 Jan 2012 03:20:39
1.1_1
|
knu |
Add v8 < 3.8.5 (CVE-2011-5037). |
16 Jan 2012 03:16:01
1.1_1
|
knu |
Add PHP < 5.3.9 (CVE-2011-4885). |
16 Jan 2012 03:03:49
1.1_1
|
knu |
Add Multiple implementations denial-of-service via hash algorithm collision.
Currently only JRuby, Ruby, and Rack are mentioned. More to follow. |
14 Jan 2012 10:01:38
1.1_1
|
mm |
Add missing URL reference to last commit |
14 Jan 2012 09:46:31
1.1_1
|
mm |
Add relevant FFmpeg vulnerabilities from Ubuntu USN-1320-1 |
14 Jan 2012 04:36:22
1.1_1
|
miwi |
- clean up |
14 Jan 2012 02:47:41
1.1_1
|
zi |
- Document vulnerabilities in security/openssl
-- CVE-2011-4108, CVE-2011-4109, CVE-2011-4576
-- CVE-2011-4577, CVE-2011-4619, CVE-2012-0027 |
13 Jan 2012 12:10:37
1.1_1
|
zi |
- Document vulnerability in net/isc-dhcp42-server (CVE-2011-4868) |
12 Jan 2012 21:56:20
1.1_1
|
delphij |
Document PowerDNS DoS vulnerability.
PR: ports/164066
Submitted by: Ralf van der Enden <tremere cainites.net> |
11 Jan 2012 18:32:21
1.1_1
|
delphij |
Document PHP multiple vulnerabilities. |
09 Jan 2012 18:13:37
1.1_1
|
rene |
Document a untrusted local library exploit in games/torcs.
Security: CVE-2010-3384 |
09 Jan 2012 02:26:53
1.1_1
|
wxs |
Document spamdyke STARTTLS plaintext injection vulnerability. |
07 Jan 2012 23:44:17
1.1_1
|
simon |
Remove HTML entity from a VuXML entry as they are not allowed in
VuXML, only Unicode charecter entities are allowed.
This should fix the portaudit build.
If anyone care enough to insert the correct umlaut, feel free to fix. |
06 Jan 2012 18:35:42
1.1_1
|
rene |
Add new vulnerabilities for www/chromium.
Security: CVE-2011-[3919,3921-3922] |
05 Jan 2012 18:52:28
1.1_1
|
delphij |
Fix build. |
05 Jan 2012 17:29:25
1.1_1
|
ohauer |
- document bugzilla and bugzilla3 security issues |
03 Jan 2012 23:50:36
1.1_1
|
delphij |
Document wordpress xss vulnerability.
Feature safe: yes |
30 Dec 2011 01:05:34
1.1_1
|
cy |
Add additional MITKRB5 reference.
Security: MITKRB5-SA-2011-008
Feature safe: yes |
29 Dec 2011 14:26:25
1.1_1
|
remko |
Fix build by adding a reference to the original URL. |
29 Dec 2011 13:04:24
1.1_1
|
crees |
Document XSS vulnerability in net-mgmt/zabbix-frontend
PR: ports/163691
Obtained from: https://support.zabbix.com/browse/ZBX-4015
Security: ZBX-4015 |
28 Dec 2011 12:24:32
1.1_1
|
mm |
Document remote DoS vulnerability in lighttpd HTTP authentication
Security: CVS-2011-4362 |
27 Dec 2011 04:00:15
1.1_1
|
eadler |
- Fix most of the duplicate words in vuxml, a few affect 'blockquotes' but that
should be okay as no information is lost. |
26 Dec 2011 23:23:29
1.1_1
|
wxs |
Don't wrap a couple of lines. No other entries wrap these lines, so when
in Rome... |
26 Dec 2011 23:00:58
1.1_1
|
wxs |
Whitespace cleanup in a BIND topic. |
26 Dec 2011 22:42:26
1.1_1
|
wxs |
Fix the build. Missing a quote on the blockquote citation and a missing </p>. |
26 Dec 2011 21:51:03
1.1_1
|
cy |
Document CVE-2011-4862 (FreeBSD-SA-11:08.telnetd) as it affects krb5-appl too.
Security: CVE-2011-4862, FreeBSD-SA-11:08.telnetd
Feature safe: yes |
23 Dec 2011 20:37:32
1.1_1
|
delphij |
Add vuxml entry for proftpd chroot vulnerability.
Feature safe: yes |
22 Dec 2011 12:11:17
1.1_1
|
zi |
- Document recent vulnerabilities in databases/phpmyadmin (PMASA-2011-19 and
PMASA-2011-20) |
21 Dec 2011 12:40:43
1.1_1
|
beat |
- Also fix SeaMonkey version range |
21 Dec 2011 11:28:37
1.1_1
|
beat |
- Fix cvename in latest mozilla vulnerability |
21 Dec 2011 07:48:50
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities |
19 Dec 2011 13:15:50
1.1_1
|
sem |
unbound DoS vulnerability |
18 Dec 2011 14:24:38
1.1_1
|
miwi |
- Cleanup
* correct line limit
* sort cvename |
18 Dec 2011 13:30:50
1.1_1
|
zi |
- Correct package name in previous commit
Reported by: crees@ |
18 Dec 2011 13:07:02
1.1_1
|
zi |
- Document vulnerabilities in www/typo3 and www/typo345 |
14 Dec 2011 04:07:06
1.1_1
|
zi |
- Document security/krb5 vulnerability as described in MITKRB5-SA-2011-007 |
14 Dec 2011 03:52:28
1.1_1
|
zi |
- Add CVE for recent asterisk vulnerabilities
Feature safe: yes |
13 Dec 2011 20:35:32
1.1_1
|
delphij |
Document Opera multiple vulnerabilities.
Requested by: tabthorpe
Feature safe: yes |
13 Dec 2011 20:17:29
1.1_1
|
rene |
Document vulnerabilities fixed in Chromium 16.0.912.63
Security: CVE-2011-[3903-3917] |
13 Dec 2011 17:45:46
1.1_1
|
mandree |
Add cvename tag with content CVE-2011-4607 for PuTTY password 'vulnerability'.
Feature safe: yes
Submitted by: eadler |
13 Dec 2011 17:34:52
1.1_1
|
zi |
- Correct package name for asterisk18
Feature safe: yes |
12 Dec 2011 19:57:18
1.1_1
|
mandree |
Update PuTTY to new upstream security and bug fix release 0.62,
and add a new VuXML entry.
Changelog:
http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html
Security: bbd5f486-24f1-11e1-95bc-080027ef73ec
Feature safe: yes |
09 Dec 2011 01:52:43
1.1_1
|
zi |
- Document asterisk vulnerabilities
Feature safe: yes |
07 Dec 2011 23:49:09
1.1_1
|
zi |
- Document vulnerabilities in isc-dhcp: CVE-2011-4539
Feature safe: yes |
01 Dec 2011 21:03:31
1.1_1
|
dougb |
Update to version 3.4.8
This is the formal release of the fix to CVE-2011-4634, but there are
no code differences from the preliminary fixes released in 3.4.8-rc1
except for the updated version number.
PMSA-2011-18 has now been published; vuxml entry attached.
PR: ports/163001
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Feature safe: yes |
30 Nov 2011 09:31:36
1.1_1
|
pav |
- Add a link to a nice documentation in PH
Suggested by: dougb
Feature safe: yes |
30 Nov 2011 08:45:12
1.1_1
|
pav |
- Add a quick guide to adding a new entry to this unfriendly file
Feature safe: yes |
19 Nov 2011 15:13:49
1.1_1
|
dinoex |
- mark 1.3.41+2.8.31_4 as not vulnerable
Feature safe: yes |
18 Nov 2011 22:38:17
1.1_1
|
cs |
hiawatha -- memory leak in PreventSQLi routine
Approved by: glarkin@ (mentor)
Feature safe: yes |
18 Nov 2011 20:20:27
1.1_1
|
delphij |
Bump modified date for previous commit.
Feature safe: yes |
18 Nov 2011 20:13:50
1.1_1
|
dougb |
The long-term URL for the latest BIND vulnerability is up at ISC,
so adjust accordingly.
Feature safe: yes |
17 Nov 2011 10:08:18
1.1_1
|
rene |
Mark chromium-15.0.874.120 vulnerable.
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-3900
Feature safe: yes |
16 Nov 2011 23:59:35
1.1_1
|
dougb |
Add an entry for the BIND DOS vulnerability announced today
Feature safe: yes |
14 Nov 2011 23:27:03
1.1_1
|
ohauer |
- document apache13 CVE-2011-3368
Feature safe: yes |
14 Nov 2011 03:25:46
1.1_1
|
miwi |
- Fix previous entry
Feature safe: yes |
14 Nov 2011 03:14:11
1.1_1
|
rakuco |
Add note about CVE-2011-2725 for ark in kdeutils4.
Approved by: avilla (mentor, implicit)
Feature safe: yes |
13 Nov 2011 22:28:09
1.1_1
|
ohauer |
- document apache apr-0.9 reimplementation of apr_fnmatch()
Feature safe: yes |
13 Nov 2011 02:20:57
1.1_1
|
dougb |
Fix the recent flash entry:
1. Only one <package> container is needed
2. Use of <lt> has to be relative to the latest (unvulnerable) version
3. Improve the range for the 11.x version to not tag all 10.x versions
4. Use https for the cite in blockquote
5. Fix a CVE entry
Feature safe: yes |
12 Nov 2011 16:13:48
1.1_1
|
miwi |
- Correct latest libxml(1) entrys
- Mark CVS-2009-2414 CVS-2009-2416 CVS-2011-1944 entrys as safe
- Fix whitespaces
- Bump modify date
- While here add missing blank lines between entries [1]
[1] This would not happened when committers use "make newentry" (sometimes RTFM
is really helpful)
Feature safe: yes |
12 Nov 2011 12:15:40
1.1_1
|
crees |
Document latest phpMyAdmin vulnerability
PR: ports/162442
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Security: CVE-2011-4107
Security: http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
CC: m.seaman@infracaninophile.co.uk
Feature safe: yes |
12 Nov 2011 05:39:50
1.1_1
|
eadler |
- update flash10 to 10.3r183.11
- add security issues to vuln.xml
Submitted by: nox
Reviewed by: dougb (vuxml)
Security: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457,
CVE-2011-2458, CVE-2011-2459, CVE-2011-2458
Feature safe: yesA |
11 Nov 2011 19:13:05
1.1_1
|
rene |
Add vulnerabilities for www/chromium < 15.0.874.120
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3892-3898]
Feature safe: yes |
10 Nov 2011 13:40:45
1.1_1
|
wxs |
Add missing blank lines between entries.
Feature safe: yes |
10 Nov 2011 07:58:08
1.1_1
|
delphij |
Fix build.
Feature safe: yes |
10 Nov 2011 07:19:25
1.1_1
|
bapt |
Register multiple libxml{1,2} vulnerabilities |
10 Nov 2011 04:44:43
1.1_1
|
miwi |
- Cleanup a bit |
10 Nov 2011 02:27:53
1.1_1
|
novel |
Document gnutls client session resumption vulnerability. |
08 Nov 2011 17:48:37
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities |
07 Nov 2011 04:27:53
1.1_1
|
eadler |
- add vuxml entry for insecure use of temporary directories in caml-light
Reviewed by: dougb
Approved by: bapt,sahil (mentors, implicit) |
07 Nov 2011 04:23:54
1.1_1
|
eadler |
- add vuxml entry for insecure use of temporary directories in caml-light
Reviewed by: dougb
Approved by: bapt,sahil (mentors, implicit) |
03 Nov 2011 21:21:54
1.1_1
|
kwm |
Fix the freetype entry. The package name is freetype2 and fill in the comment. |
01 Nov 2011 18:00:56
1.1_1
|
bapt |
Fix vuln.xml |
01 Nov 2011 17:44:15
1.1_1
|
kwm |
Document vulnerabilities in handling Type 1 fonts in freetype. |
01 Nov 2011 08:46:08
1.1_1
|
delphij |
Properly match lower bound of version numbers.
Noticed by: Patrick Oonk <patrick.oonk pine.nl> |
01 Nov 2011 07:18:06
1.1_1
|
miwi |
- bid from latest PivotX entry [1]
- while remove a lot whitespaces
PR: 161734 [1]
Submitted by: Fumiyuki Shimizu <fumifumi@abacustech.jp> |
28 Oct 2011 17:06:58
1.1_1
|
kwm |
Document cacti security issues.
SQL injection issue with user login
Cross-site scripting issues.
PR: ports/162044
Reported by: moggie <moggie@elasticmind.net> |
28 Oct 2011 09:28:28
1.1_1
|
miwi |
- Cleanup & whitespace fixe |
26 Oct 2011 07:57:19
1.1_1
|
flo |
document phpmyfaq remote PHP code injection vulnerability |
25 Oct 2011 17:45:34
1.1_1
|
rene |
Mention vulnerabilities in www/chromium < 15.0.874.102
Obtained from: http://googlechromereleases.blogspot.com/
Security: CVE-2011-[2845, 3875-3891] |
24 Oct 2011 15:20:27
1.1_1
|
glarkin |
- Document phpldapadmin - remote PHP code injection vulnerability
PR: ports/161954
Submitted by: Ruslan Mahmatkhanov <cvs-src@yandex.ru> |
23 Oct 2011 16:16:48
1.1_1
|
rakuco |
Document CVE-2011-3365 and CVE-2011-3366.
Different CVE numbers for different software, but they share the same
KDE security advisory.
Approved by: makc (mentor) |
23 Oct 2011 16:14:49
1.1_1
|
rakuco |
Fix the port names of a few past KDE vulnerabilities.
The entries mentioned kdebase4-runtime, kdebase3, kdelibs4 etc, but
the port names are kdebase, kdelibs etc.
Adjust the names and the version ranges.
Approved by: makc (mentor) |
20 Oct 2011 11:01:41
1.1_1
|
flo |
add an entry for the recent piwik vulnerability, with the little information
that's available.
The only known fact is that Piwik rates this update critical. |
18 Oct 2011 18:53:16
1.1_1
|
delphij |
Fix discovery date. |
18 Oct 2011 18:24:29
1.1_1
|
kwm |
Document a File disclosure vulnerability and File permission change
vulnerability
in xorg-server.
Obtained from:
http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html
upstream xorg-server
Security: CVE-2011-4028, CVE-2011-4029 |
17 Oct 2011 19:49:23
1.1_1
|
amdmi3 |
- Fix entry dates for recently added OpenTTD vulns
Submitted by: "Ilya A. Arkhipov" <micro@heavennet.ru> |
17 Oct 2011 19:02:23
1.1_1
|
delphij |
Document asterisk -- remote crash vulnerability in SIP channel driver. |
17 Oct 2011 18:54:31
1.1_1
|
delphij |
Commit result of manually merged make tidy output. |
17 Oct 2011 18:52:16
1.1_1
|
delphij |
Document PivotX remote file inclusion vulnerability.
PR: ports/161734
Submitted by: Fumiyuki Shimizu <fumifumi abacustech jp> |
17 Oct 2011 03:50:23
1.1_1
|
amdmi3 |
- Fix quotation links
Reported by: danfe |
16 Oct 2011 18:39:44
1.1_1
|
amdmi3 |
Document openttd multiple vulnerabilities
PR: 161488
Submitted by: "Ilya A. Arkhipov" <micro@heavennet.ru> |
If you buy from Amazon USA, please support us by using this link.