Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 01 Jun 2005 16:09:53 |
nectar |
Document squirrelmail vulnerabilities. |
1.1_1 01 Jun 2005 15:53:40 |
nectar |
correct version number for mailman password generation issue |
1.1_1 01 Jun 2005 15:51:41 |
nectar |
Document vulnerability in set-user-ID sympa application. |
1.1_1 01 Jun 2005 15:36:40 |
nectar |
Another older mailman vulnerability, somewhat minor |
1.1_1 01 Jun 2005 15:27:01 |
nectar |
Add year-old mailman vulnerability, that seems to not have been
previously documented here. |
1.1_1 01 Jun 2005 14:48:38 |
nectar |
document Apache Jakarta Tomcat 5.x XSS issue |
1.1_1 29 May 2005 15:01:14 |
simon |
Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflow
vulnerability".
Reminded by: NAKAJI Hiroyuki <nakaji@jp.freebsd.org> |
1.1_1 29 May 2005 03:06:35 |
kuriyama |
- Update to 3.5.8 (including XSS problem fix).
Submitted by: Toshiya SAITOH <toshiya@saitoh.nu>
PR: ports/81520 |
1.1_1 22 May 2005 13:27:45 |
remko |
Remove a forgotten :.
Spotted by: simon |
1.1_1 22 May 2005 13:18:12 |
remko |
Document the following issues:
o freeradius -- sql injection and denial of service vulnerability
o ppxp -- local root exploit
o oops -- format string vulnerability
Approved by: simon |
1.1_1 19 May 2005 19:56:44 |
simon |
Fix entry dates for latest squid entries. |
1.1_1 19 May 2005 19:48:15 |
remko |
Reword the cdrdao entry, this includes comments from Simon which i overlooked.
Forgotten by: remko
Spotted by: simon |
1.1_1 19 May 2005 14:17:01 |
pav |
- Update Squid to 2.5.STABLE10
PR: ports/81213
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer) |
1.1_1 19 May 2005 04:17:32 |
remko |
Document cdrdao -- unspecified privilege escalation vulnerability.
Approved by: simon |
1.1_1 14 May 2005 03:43:46 |
simon |
Document two gaim issues. |
1.1_1 13 May 2005 16:24:43 |
nectar |
Add FreeBSD-SA-05:09.htt. |
1.1_1 13 May 2005 15:34:49 |
nectar |
$EDITOR should not be quoted. It might be "emacsclient -a vi" or
something. |
1.1_1 13 May 2005 15:33:48 |
nectar |
MAINTAINER -> security@FreeBSD.org |
1.1_1 13 May 2005 15:32:12 |
nectar |
Update some leafnode references.
Add new leafnode vulnerability.
PR: ports/80724
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1 12 May 2005 09:59:32 |
simon |
Document two new vulnerabilities in mozilla/firefox. |
1.1_1 11 May 2005 19:00:50 |
simon |
Document mozilla -- code execution via javascript: IconURL vulnerability. |
1.1_1 09 May 2005 07:04:53 |
okazaki |
Document some vulnerabilities in groff.
- pic2graph and eqn2graph are vulnerable to symlink attack through temporary
files
- groffer uses temporary files unsafely
PR: ports/80671
Submitted by: KOMATSU Shinichiro |
1.1_1 03 May 2005 10:14:19 |
sem |
- gnu-radius exploitation was fixed in maintenance release 1.2.94
as reported in
http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
PR: ports/80558 (follow-up)
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru> |
1.1_1 02 May 2005 18:57:26 |
glewis |
. Update the version for the jar(1) vulnerability so that 1.2.2p11_4 is
no longer considered vulnerable. Adjust the modified date for the entry. |
1.1_1 01 May 2005 14:33:38 |
remko |
Document sharutils -- unshar insecure temporary file creation
Approved by: simon |
1.1_1 01 May 2005 12:25:14 |
remko |
Document rsnapshot -- local privilege escalation
Approved by: simon |
1.1_1 01 May 2005 00:30:17 |
brooks |
coppermine -- IP spoofing and XSS vulnerability |
1.1_1 29 Apr 2005 15:00:58 |
glewis |
. Correct the range of vulnerable jdk14 ports for the jar(1) vulnerability
and update the modified time for the entry. |
1.1_1 27 Apr 2005 21:35:57 |
simon |
Document ImageMagick -- ReadPNMImage() heap overflow vulnerability. |
1.1_1 27 Apr 2005 21:24:36 |
simon |
Bump modified date for last commit. |
1.1_1 27 Apr 2005 20:46:04 |
glewis |
. Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable to
the jar(1) vulnerability but is still marked vulnerable to the browser
plugin vulnerability (although the plugin is no longer built by default). |
1.1_1 25 Apr 2005 21:53:20 |
simon |
Document mplayer & libxine -- MMS and Real RTSP buffer overflow
vulnerabilities. |
1.1_1 25 Apr 2005 21:10:40 |
simon |
Document some older vulnerabilities in GAIM. |
1.1_1 23 Apr 2005 11:40:18 |
simon |
Document kdewebdev -- kommander untrusted code execution vulnerability. |
1.1_1 22 Apr 2005 21:53:43 |
remko |
Fix a typo in the kdelibs - kimgio entry. |
1.1_1 22 Apr 2005 21:52:07 |
remko |
junkbuster -- heap corruption vulnerability and configuration modification
vulnerability
Approved by: simon |
1.1_1 22 Apr 2005 08:22:59 |
simon |
Document kdelibs -- kimgio input validation errors. |
1.1_1 19 Apr 2005 22:09:46 |
simon |
Mark latest openoffice 1.1 as fixed wrt. openoffice -- DOC document
heap overflow vulnerability.
Informed by: maho |
1.1_1 19 Apr 2005 11:14:24 |
remko |
Document gld -- format string and buffer overflow vulnerabilities |
1.1_1 17 Apr 2005 15:34:43 |
naddy |
Document remote buffer overflow in ftp/axel. |
1.1_1 16 Apr 2005 22:52:07 |
simon |
Document firefox -- PLUGINSPAGE privileged javascript execution (also
from the < 1.0.3 batch). |
1.1_1 16 Apr 2005 22:35:09 |
remko |
Document jdk - jar directory traversal vulnerability.
Approved by: simon |
1.1_1 16 Apr 2005 16:12:02 |
simon |
Document several mozilla/firefox issues. |
1.1_1 15 Apr 2005 21:47:10 |
simon |
Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities"
entry.
Info provided by: sf |
1.1_1 13 Apr 2005 23:17:14 |
simon |
Document openoffice -- DOC document heap overflow vulnerability. |
1.1_1 12 Apr 2005 08:24:48 |
simon |
Fix and document insecure temporary file handling in portupgrade.
Security: CAN-2005-0610
Security:
http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html
Approved by: erwin (mentor), maintainer timeout
OK'ed by: portmgr
Reviewed by: nectar |
1.1_1 10 Apr 2005 19:41:46 |
simon |
Document three GAIM vulnerabilities. |
1.1_1 10 Apr 2005 18:47:06 |
simon |
Document an old PHP issue. |
1.1_1 10 Apr 2005 10:22:18 |
simon |
Document squid -- DoS on failed PUT/POST requests vulnerability.
Submitted by: Devon H. O'Dell <dodell@offmyserver.com> (original version) |
1.1_1 09 Apr 2005 20:42:03 |
pav |
- Fix closing tag on the entry I just touched.
Pointed out by: still Chimera
Blaming: too much bear earlier tonight |
1.1_1 09 Apr 2005 20:38:37 |
pav |
- Add <modified> to the entry I just touched
Prodded by: Chimera |
1.1_1 09 Apr 2005 20:21:48 |
pav |
- CAN-2005-0133 is fixed in clamav-devel-20050408
PR: ports/79688
Submitted by: Renato Botelho <freebsd@galle.com.br> |
1.1_1 05 Apr 2005 20:57:06 |
simon |
Bump modified date for entry modified last commit. |
1.1_1 05 Apr 2005 20:03:49 |
ume |
add CVE name to latest vuln of Cyrus IMAPd. |
1.1_1 05 Apr 2005 19:57:09 |
thierry |
Add an entry for a XSS vulnerabilty fixed in horde-3.0.4. |
1.1_1 04 Apr 2005 20:06:01 |
simon |
Document wu-ftpd -- remote globbing DoS vulnerability. |
1.1_1 03 Apr 2005 06:53:58 |
simon |
Add CVE name to hashash entry. |
1.1_1 02 Apr 2005 23:15:17 |
naddy |
Document hashcash format string vulnerability. |
1.1_1 26 Mar 2005 20:49:40 |
simon |
Document clamav -- zip handling DoS vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1 24 Mar 2005 14:15:05 |
nectar |
Document Wine information disclosure.
Based on an entry that was
Submitted by: Devon H. O'Dell <dodell@offmyserver.com>
Approved by: portmgr (blanket, VuXML) |
1.1_1 24 Mar 2005 14:08:28 |
nectar |
Document the most serious of the recently disclosed
Mozilla/Firefox/Thunderbird vulnerabilities.
Based on entries that were
Submitted by: Devon H. O'Dell <dodell@offmyserver.com>
Approved by: portmgr (blanket, VuXML) |
1.1_1 23 Mar 2005 18:29:15 |
nectar |
Document Sylpheed buffer overflow.
Reminded by: netchild
Approved by: portmgr (blanket, VuXML) |
1.1_1 21 Mar 2005 21:19:21 |
simon |
Document xv -- filename handling format string vulnerability.
Approved by: portmgr (implicit, VuXML) |
1.1_1 21 Mar 2005 20:27:19 |
simon |
Document kdelibs -- local DCOP denial of service vulnerability.
Approved by: portmgr (implicit, VuXML) |
1.1_1 18 Mar 2005 19:16:10 |
simon |
Mark grip port as fixed for recent vulnerability.
Requested by: ahze |
1.1_1 15 Mar 2005 21:13:28 |
simon |
Document phpmyadmin -- increased privilege vulnerability. |
1.1_1 15 Mar 2005 19:40:24 |
danfe |
Note that recent Quake2-LNX is fixed. |
1.1_1 15 Mar 2005 14:27:02 |
ale |
Recent mysql snapshot import fixed several vulnerabilities. |
1.1_1 14 Mar 2005 21:55:47 |
simon |
Document ethereal -- multiple protocol dissectors vulnerabilities. |
1.1_1 14 Mar 2005 20:19:29 |
simon |
Document "grip -- CDDB response multiple matches buffer overflow
vulnerability". |
1.1_1 14 Mar 2005 19:49:15 |
simon |
Update references for latest MySQL entry:
- Use bid tag for Bugtraq ID reference.
- Add CVE names. |
1.1_1 14 Mar 2005 15:16:35 |
ale |
Document multiple mysql remote vulnerabilities. |
1.1_1 13 Mar 2005 10:31:19 |
thierry |
Add an entry about rxvt-unicode bufer overflow. |
1.1_1 08 Mar 2005 22:52:19 |
simon |
Document two phpMyAdmin issues. |
1.1_1 08 Mar 2005 21:26:23 |
simon |
Document libexif -- buffer overflow vulnerability. |
1.1_1 07 Mar 2005 15:45:13 |
nectar |
Fix invalid date.
Noticed by: Kang Liu <liukang@bjut.edu.cn> |
1.1_1 06 Mar 2005 17:06:32 |
nectar |
Add <modified> date for recent commit to phpbb vulnerability.
Forgotten by: delphij
While here, add msgids for recent phpbb addition. |
1.1_1 05 Mar 2005 15:53:42 |
delphij |
Document a low risk HTML injection (configuration bypass)
vulnerability [1] of phpBB.
(maintainer contacted and is preparing a fix)
[1] http://marc.theaimsgroup.com/?l=bugtraq&m=110987231502274 |
1.1_1 05 Mar 2005 15:42:50 |
delphij |
Add bugtraq bug ID for phpbb vulnerability.
Submitted by: Kang LIU <liukang bjut edu cn> |
1.1_1 04 Mar 2005 18:14:28 |
nectar |
Document two phpnuke vulnerabilities, and a Linux RealPlayer
vulnerability.
Based on entries that were
Submitted by: Devon H. O'Dell <dodell@sitetronics.com> |
1.1_1 03 Mar 2005 22:20:45 |
simon |
- Document ImageMagick -- format string vulnerability.
- Fix typo on older tiff entry. |
1.1_1 02 Mar 2005 13:17:25 |
nobutaka |
Document the privilege escalation vulnerability in uim. |
1.1_1 01 Mar 2005 13:39:29 |
nectar |
Fix typo in linux-tiff version number for
http://vuxml.freebsd.org/8f86d8b5-6025-11d9-a9e7-0001020eed82.html
Reported by: Ian Moore <no-spam@swiftdsl.com.au> |
1.1_1 01 Mar 2005 13:23:53 |
nectar |
Document lighttpd information disclosure bug.
This entry is based on one that was
Submitted by: Devon H. O'Dell <dodell@offmyserver.com> |
1.1_1 28 Feb 2005 13:41:19 |
nectar |
Fix typo in linux-tiff version number for
http://vuxml..freebsd.org/fc7e6a42-6012-11d9-a9e7-0001020eed82.html
Reported by: Ian Moore <no-spam@swiftdsl.com.au> |
1.1_1 28 Feb 2005 10:48:54 |
delphij |
Document latest phpBB critical security vulnerabilities.
Submitted by: Kang LIU <liukang bjut edu cn> |
1.1_1 28 Feb 2005 03:42:01 |
nectar |
Correct the linux-tiff version number for several entries.
Reported by: netchild |
1.1_1 27 Feb 2005 21:24:04 |
simon |
Document curl -- authentication buffer overflow vulnerability. |
1.1_1 27 Feb 2005 20:34:17 |
simon |
- Document cyrus-imapd -- multiple buffer overflow vulnerabilities. [1]
- Use bid tag for a reference in sup entry.
Advice from: ume [1] |
1.1_1 27 Feb 2005 13:21:10 |
hrs |
Document format string vulnerabilities in net/sup. |
1.1_1 26 Feb 2005 21:12:13 |
simon |
- Just use mozilla in title for last entry for consistency.
- Document mozilla -- insecure temporary directory vulnerability. |
1.1_1 26 Feb 2005 20:36:40 |
simon |
Update list of affected mozilla/firefox ports by the web browsers --
window injection vulnerabilities entry. |
1.1_1 26 Feb 2005 14:25:31 |
simon |
Document mozilla & firefox -- arbitrary code execution vulnerability.
Submitted by: Devon H. O'Dell <dodell@sitetronics.com> (original version) |
1.1_1 25 Feb 2005 04:55:52 |
nectar |
Improve the description of the latest phpBB information disclosure
bugs.
Submitted by: delphij (in part) |
1.1_1 24 Feb 2005 15:43:23 |
hrs |
Document a format string vulnerability in mkbold-mkitalic.
Reviewed by: simon |
1.1_1 23 Feb 2005 16:20:58 |
nectar |
Add CVE names for wget. |
1.1_1 23 Feb 2005 15:11:02 |
nectar |
De-confuse latest AWStats entry: rewrite description, and add relevant
references. There were so many bugs, it was hard to keep them straight
(^_^). |
1.1_1 23 Feb 2005 14:37:05 |
nectar |
Format the <topic> of the most recent entry so that it is more
consistent with other entries. |
1.1_1 23 Feb 2005 13:13:44 |
delphij |
Document latest phpbb vulnerabilities.
Discussed with: phpbb maintainer |
1.1_1 23 Feb 2005 05:15:32 |
simon |
Add more references to recent putty vulnerability. |