| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
22 Sep 2011 20:47:10
  1.1_1
|
nox  |
- Update linux-f10-flashplugin to 10.3r183.10 . [1]
- Make gnome desktopfileutils dependency optional. [2]
PR: ports/160894 [1]
Submitted by: Garrett Cooper <yanegomi@gmail.com> [1]
Suggested by: Peter Jeremy <peterjeremy@acm.org> [2]
Security:
http://www.freebsd.org/ports/portaudit/53e531a7-e559-11e0-b481-001b2134ef46.html |
21 Sep 2011 11:35:28
1.1_1
|
zi |
Improve accuracy of krb5 vulnerability entries for upcoming port addition of
krb5-17.
(one entry was missed from the previous commit) |
21 Sep 2011 02:21:25
1.1_1
|
zi |
Improve accuracy of krb5 vulnerability entries for upcoming port addition
of krb5-17. |
20 Sep 2011 18:24:20
1.1_1
|
rene |
Document vulnerabilities in Chromium 13.0.x.y
Obtained from: http://googlechromereleases.blogspot.com/
Security: CVE-2011-[2834-2838, 2840-2844, 2846-2862, 2864, 2874-2875,
3234] |
14 Sep 2011 23:26:28
1.1_1
|
delphij |
Document phpMyAdmin multiple XSS vulnerability.
Update phpMyAdminn to 3.4.5 release. [1]
PR: ports/160589 [1]
Submitted by: maitainer [1] |
13 Sep 2011 17:50:29
1.1_1
|
delphij |
Document Django multiple vulnerabilities. |
13 Sep 2011 01:11:03
1.1_1
|
delphij |
Document roundcube XSS vulnerability. |
12 Sep 2011 18:38:31
1.1_1
|
olgeni |
Document libsndfile -- PAF file processing integer overflow.
Security: CVE-2011-2696 |
10 Sep 2011 07:41:22
1.1_1
|
ashish |
Re-revise emacs vulnerability to limit with >= 22 and < 22.2_1 instead of
>21.* and <22.2_1 which didn't work as expected |
08 Sep 2011 22:30:43
1.1_1
|
ashish |
- Limit emacs vulnerability to > 21.* and <= 22.2 instead of just <= 22.2 |
07 Sep 2011 18:30:42
1.1_1
|
delphij |
Document two OpenSSL vulnerabilities.
(There is no OpenSSL 0.9.8s in the ports so mark <1.0.0 as vulnerable). |
06 Sep 2011 21:12:04
1.1_1
|
flo |
fix last thunderbird entry |
06 Sep 2011 20:12:45
1.1_1
|
flo |
add firefox, thunderbird and seamonkey to the DigiNotar.nl entry
Security:
http://www.vuxml.org/freebsd/aa5bc971-d635-11e0-b3cf-080027ef73ec.html |
05 Sep 2011 16:24:22
1.1_1
|
bapt |
Fix vuln.xml, while here fix indentation |
05 Sep 2011 15:55:38
1.1_1
|
eadler |
- Update to 1.2.7
PR: ports/160368
Submitted by: gjb
Approved by: dvl (maintainer), bapt (mentor)
Security: CVE-2011-2938 |
04 Sep 2011 20:15:52
1.1_1
|
crees |
- Document cfs buffer overflow vulnerability.
- While here, unbreak packaudit -- it doesn't like newlines in the
middle of tags. Perhaps a comment should say something? |
04 Sep 2011 13:14:22
1.1_1
|
mandree |
Revise nss/ca_root_nss working around Mozilla,
limit ca_root_nss vuln to < 3.12.11 from <= 3.12.11.
Add a new entry for the ca_root_nss bug that caused extraction of untrusted
certificates to the trust bundle.
PR: ports/160455 |
04 Sep 2011 11:46:47
1.1_1
|
sunpoet |
- Correct affected plone versions |
04 Sep 2011 04:09:43
1.1_1
|
dinoex |
- bump modifiled for CVE-2007-5137 |
03 Sep 2011 16:28:49
1.1_1
|
dinoex |
- update CVE-2007-5137 |
03 Sep 2011 16:18:19
1.1_1
|
mandree |
Update range to exclude nss 3.12.11 from vuln, as kwm@'s commit
to upgrade nss to 3.12.11 included the newer CKBI 1.87 that explicitly
distrusts DigiNotar. |
03 Sep 2011 15:43:39
1.1_1
|
mandree |
Add a security notice for the DigiNotar incident, listing nss/ca_root/nss. |
03 Sep 2011 12:49:13
1.1_1
|
flo |
- only match vulnerable versions in the hlstats entry
- add additional CVEs |
02 Sep 2011 17:15:58
1.1_1
|
crees |
Final modification for apache22 vulnerability; include slave ports as well
Pointed out by: flo
Reviewed by: eadler |
01 Sep 2011 19:06:27
1.1_1
|
crees |
Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.
Submitted by: Aleksandr Stankevic (sysmonk on IRC/Freenode##FreeBSD)
Security: CVE-2011-3192 |
30 Aug 2011 22:29:14
1.1_1
|
shaun |
Put a lower bound on the last php entry, as the bug was introduced in
5.3.7-RC5.
Submitted by: "jaset" via #bsdports |
30 Aug 2011 13:21:27
1.1_1
|
sbz |
- Fix entry date and use two ranges
Reviewed by: gahr@
Approved by: jadawin@ (mentor) |
30 Aug 2011 12:01:13
1.1_1
|
sbz |
- Document CVE-2011-3192 for recent apache DoS vulnerability
Approved by: jadawin@ (mentor)
Security:
http://vuxml.org/freebsd/7f6108d2-cea8-11e0-9d58-0800279895ea.html |
26 Aug 2011 18:12:00
1.1_1
|
delphij |
Upstream indicates that this only affects 4.40 and 4.41 so add a <ge> tag
to indicate that. |
26 Aug 2011 18:10:39
1.1_1
|
delphij |
Document stunnel heap corruption vulnerability. |
24 Aug 2011 22:43:04
1.1_1
|
bapt |
Fix discovery date |
24 Aug 2011 22:20:14
1.1_1
|
delphij |
DOcument phpMyAdmin CVE-2011-3181 (multiple XSS). |
23 Aug 2011 17:02:34
1.1_1
|
rene |
Document new Chromium vulnerabilities.
Obtained from: http://google-chrome-browser.com/releases
Security: CVE-2011-[2821, 2823-2829, 2839] |
23 Aug 2011 00:58:34
1.1_1
|
delphij |
Mark PHP5 < 5.3.7_2 as vulnerable to PHP bug #55439: crypt() returns only
the salt for MD5. |
20 Aug 2011 00:43:49
1.1_1
|
delphij |
Document multiple PHP vulnerabilities. |
19 Aug 2011 18:42:12
1.1_1
|
delphij |
Document Rails multiple vulnerabilities. |
19 Aug 2011 17:46:10
1.1_1
|
delphij |
Document dovecot DoS vulnerability. |
18 Aug 2011 19:06:26
1.1_1
|
skv |
Document "otrs" - vulnerabilities in OTRS-Core allows read access
to any file on local file system. |
16 Aug 2011 18:12:50
1.1_1
|
flo |
document recent mozilla vulnerabilities |
16 Aug 2011 17:36:06
1.1_1
|
delphij |
Document samba vulnerabilities of SWAT web interface. |
15 Aug 2011 20:00:37
1.1_1
|
wxs |
Adjust dates in 510b630e-c43b-11e0-916c-00e0815b8da8.
Noticed by: kwm@ |
14 Aug 2011 01:41:10
1.1_1
|
wxs |
- Document ISC DHCP server DoS. |
13 Aug 2011 18:19:06
1.1_1
|
skv |
Document "bugzilla" - multiple vulnerabilities. |
13 Aug 2011 15:02:29
1.1_1
|
crees |
Document dtc security issues
PR: ports/159736
Submitted by: Ansgar Burchardt <ansgar@debian.org> |
11 Aug 2011 08:37:56
1.1_1
|
kwm |
Document freetype2 and libXfont vulnabilities. |
10 Aug 2011 20:27:26
1.1_1
|
nox |
Update linux-f10-flashplugin to 10.3r183.5 .
Submitted by: pointyhat via erwin
Security:
http://www.freebsd.org/ports/portaudit/2c12ae0c-c38d-11e0-8eb7-001b2134ef46.html |
02 Aug 2011 17:57:05
1.1_1
|
rene |
Document new vulnerabilities for www/chromium ( < 13.0.782.107)
Obtained from: http://googlechromereleases.blogspot.com/
Security: CVE-2011-{2358-2361, 2782-2805, 2818-2819} |
28 Jul 2011 19:18:37
1.1_1
|
kwm |
Document libsoup security hole. |
28 Jul 2011 07:10:38
1.1_1
|
delphij |
Fix match of phpmyadmin in recent revisions. |
26 Jul 2011 02:12:47
1.1_1
|
swills |
- Add CVE reference for OpenSAML2 issue
- Use official citation |
26 Jul 2011 01:12:25
1.1_1
|
zi |
Document phpmyadmin vulnerabilities
Approved by: wxs (mentor) |
25 Jul 2011 23:47:57
1.1_1
|
swills |
Document OpenSAML2 issue |
20 Jul 2011 20:50:19
1.1_1
|
delphij |
Document rsync DoS issue (CVE-2011-1097). |
05 Jul 2011 23:39:46
1.1_1
|
dougb |
Document BIND vulnerabilities for ports. This was inspired by the PR,
but re-formatted and edited by me, so responsibility for errors is mine.
PR: ports/158672
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
03 Jul 2011 13:32:49
1.1_1
|
jlaffaye |
Document phpMyAdmin multiple vulnerabilities
Reviewed by: flo
Approved by: rene (mentor vacation) |
29 Jun 2011 10:15:18
1.1_1
|
flo |
document one more vulnerability in the recent asterisk entry |
28 Jun 2011 22:50:51
1.1_1
|
rene |
Document new vulnerabilities for www/chromium ( < 12.0.742.112)
Security: CVE-2011-[2345-2351] |
28 Jun 2011 00:57:09
1.1_1
|
wxs |
Add modified tag to 8a5770b4-54b5-11db-a5ae-00508d6a62df.
Noticed by: sahil@ |
27 Jun 2011 14:39:37
1.1_1
|
wxs |
Now that www/mambo is updated, fix the range in
8a5770b4-54b5-11db-a5ae-00508d6a62df. |
25 Jun 2011 22:48:01
1.1_1
|
flo |
document recent asterisk vulnerabilities |
24 Jun 2011 13:46:51
1.1_1
|
ashish |
- Document ejabberd vulnerability fixed in 2.1.8
PR: ports/158137
Submitted by: Ruslan Mahamatkhanov <cvs-src@yandex.ru>
Security:
http://vuxml.org/freebsd/01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6.html |
23 Jun 2011 12:36:04
1.1_1
|
flo |
- also mark firefox35 vulnerable |
21 Jun 2011 20:26:57
1.1_1
|
flo |
- document recent mozilla vulnerabilities [1]
- while here also document an older samba Denial of service vulnerability [2]
Security:
http://www.vuxml.org/freebsd/dfe40cff-9c3f-11e0-9bec-6c626dd55a41.html [1]
http://www.vuxml.org/freebsd/bfdbc7ec-9c3f-11e0-9bec-6c626dd55a41.html [2]
Requested by: timur [2] |
21 Jun 2011 17:50:00
1.1_1
|
culot |
Document piwik remote command execution vulnerability. |
20 Jun 2011 22:59:44
1.1_1
|
delphij |
Document dokuwiki XSS vulnerability. |
15 Jun 2011 19:53:02
1.1_1
|
nox |
Update linux-f10-flashplugin to 10.3r181.26 .
PR: ports/157900
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/55a528e8-9787-11e0-b24a-001b2134ef46.html |
15 Jun 2011 12:43:37
1.1_1
|
brix |
- Document CVE-2011-1408 in www/ikiwiki |
12 Jun 2011 05:15:32
1.1_1
|
miwi |
- Cleanup |
08 Jun 2011 20:49:57
1.1_1
|
nox |
Update to 10.3r181.22 .
PR: ports/157696
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/57573136-920e-11e0-bdc9-001b2134ef46.html |
07 Jun 2011 17:30:30
1.1_1
|
rene |
Document www/chromium vulnerabilities fixed in version 12.0.742.91
Security: CVE-2011-{1808-1819,2332,2342} |
07 Jun 2011 00:24:35
1.1_1
|
wxs |
- Document CVE-2011-1910
PR: ports/157548
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
06 Jun 2011 12:45:20
1.1_1
|
mandree |
Add CVE-2011-1947: fetchmail STARTTLS denial of service. |
03 Jun 2011 03:36:15
1.1_1
|
miwi |
- Cleanup |
02 Jun 2011 20:39:54
1.1_1
|
flo |
- document asterisk remote crash vulnerability
Security:
http://www.vuxml.org/freebsd/34ce5817-8d56-11e0-b5a2-6c626dd55a41.html |
02 Jun 2011 14:19:28
1.1_1
|
lev |
Document CVE-2011-1752, CVE-2011-1783 and CVE-2011-1921 in devel/subversion |
26 May 2011 13:54:08
1.1_1
|
wxs |
Document drupal6 multiple vulnerabilities.
Submitted by: Nick Hilliard <nick@foobar.org> |
25 May 2011 21:14:43
1.1_1
|
olgeni |
Document Erlang R14B02 ssh library vulnerability (cryptographically
weak RNG).
Security: CVE-2011-0766 |
25 May 2011 16:38:56
1.1_1
|
rene |
Document latest www/chromium vulnerabilities.
Security: CVE-2011-1801, -1804, -1806, -1807 |
25 May 2011 10:58:15
1.1_1
|
miwi |
- Cleanup Part 1
PS: wonder when pplz start to ask ports-security for review ... |
25 May 2011 09:44:01
1.1_1
|
sem |
- Document the last unbound vulnerability |
24 May 2011 23:51:21
1.1_1
|
ohauer |
- revert last change of apr-* entry
Broken build reported by wxs@ |
24 May 2011 22:59:52
1.1_1
|
ohauer |
- use apr-* and add <gt></gt> entries for all apr0/apr1 issues
(<gt> .. is needed else the parser cannot make a difference
between apr0 and apr1)
- lowercase ViewVC -> viewvc
Thanks Jun Kuriyama ( kuriyama@ ) for the notice and the patch
for the apr entries. |
24 May 2011 16:05:58
1.1_1
|
brooks |
Update the mod_pubcookie entry with an ap20 prefix. The port has alwasy
has USE_APACHE=2.0 in it so we can avoid enumarating all values of
APACHE_PKGNAMEPREFIX.
Pointy hat: brooks |
24 May 2011 06:19:13
1.1_1
|
simon |
Unbreak VuXML web build by changing "ap*-" to "ap-" in package name for
1ca8228f-858d-11e0-a76c-000743057ca2 / mod_pubcookie -- Empty
Authentication Security Advisory.
While the new one is likely not correct, this fixes the build until
somebody can put in the right thing. |
24 May 2011 05:55:10
1.1_1
|
delphij |
Fix build. |
23 May 2011 23:04:41
1.1_1
|
brooks |
Partially address several years of neglect of pubcookie. Indicate the
security issues in two two ports.
I've not use pubcookie in several year and given the lack of complaint
about the deprication of mod_pubcookie, I doubt anyone else uses it from
ports. The mod_pubcookie port has already expired and I've set a two
week expriation for pubcookie-login-server. If not maintainer
appears I will send both to the Attic on June 6th.
While I'm here, address the use of CONF_FILES and CONF_DIRS in
pubcookie-login-server to avoid getting in the way of progress. [0]
PR: ports/157164 [0]
Security: vuxml:115a1389-858e-11e0-a76c-000743057ca2
vuxml:1ca8228f-858d-11e0-a76c-000743057ca2 |
23 May 2011 22:22:44
1.1_1
|
ohauer |
- add entry for ViewVC < 1.1.11
- add entry for apr1 (CVE-2011-1928)
- correct version in previous apr1 entry
- run tidy |
23 May 2011 21:17:51
1.1_1
|
nox |
Update to 10.3r181.14 .
PR: ports/156996
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/d226626c-857f-11e0-95cc-001b2134ef46.html |
23 May 2011 10:58:03
1.1_1
|
mandree |
Document Opera Frameset unload code injection vulnerability. |
23 May 2011 09:58:16
1.1_1
|
delphij |
Document pure-ftpd multiple vulnerabilities prior to 1.0.32. |
14 May 2011 17:48:33
1.1_1
|
rea |
mail/exim: document CVE-2011-1764 and CVE-2011-1407
Both vulnerabilities are in the DKIM code and were fixed in 4.76.
Approved-by: erwin (mentor)
Feature-safe: yes |
13 May 2011 23:33:17
1.1_1
|
ohauer |
- document Apache APR DoS vulnerabilities |
13 May 2011 15:06:00
1.1_1
|
glarkin |
- Document www/zend-framework (potential SQL injection when using PDO_MySQL)
Security: http://framework.zend.com/security/advisory/ZF2011-02 |
12 May 2011 23:46:14
1.1_1
|
wxs |
Document mediawiki multiple vulnerabilities.
PR: ports/156914
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
12 May 2011 20:13:50
1.1_1
|
rene |
Document CVE-2011-1799 and CVE-2011-1800 for www/chromium |
12 May 2011 18:09:28
1.1_1
|
wxs |
Incorporate changes recommended by the tidy target. While here, properly
label dc9f8335-2b3b-11e0-a91b-00e0815b8da8. |
09 May 2011 13:11:11
1.1_1
|
sahil |
Document CVE-2011-1720: Postfix memory corruption error. |
30 Apr 2011 09:25:16
1.1_1
|
rene |
Document www/chromium vulnerabilities fixed in version 11.0.696.57
Security: CVE-2011-[1303-1305, 1434-1452, 1454-1456] |
29 Apr 2011 06:26:34
1.1_1
|
flo |
Document mozilla -- multiple vulnerabilities |
21 Apr 2011 22:41:45
1.1_1
|
flo |
- document recent asterisk vulnerabilities
- fix topic in RT entry |
If you buy from Amazon USA, please support us by using this link.