| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
13 May 2011 23:33:17
  1.1_1
|
ohauer  |
- document Apache APR DoS vulnerabilities |
13 May 2011 15:06:00
1.1_1
|
glarkin |
- Document www/zend-framework (potential SQL injection when using PDO_MySQL)
Security: http://framework.zend.com/security/advisory/ZF2011-02 |
12 May 2011 23:46:14
1.1_1
|
wxs |
Document mediawiki multiple vulnerabilities.
PR: ports/156914
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
12 May 2011 20:13:50
1.1_1
|
rene |
Document CVE-2011-1799 and CVE-2011-1800 for www/chromium |
12 May 2011 18:09:28
1.1_1
|
wxs |
Incorporate changes recommended by the tidy target. While here, properly
label dc9f8335-2b3b-11e0-a91b-00e0815b8da8. |
09 May 2011 13:11:11
1.1_1
|
sahil |
Document CVE-2011-1720: Postfix memory corruption error. |
30 Apr 2011 09:25:16
1.1_1
|
rene |
Document www/chromium vulnerabilities fixed in version 11.0.696.57
Security: CVE-2011-[1303-1305, 1434-1452, 1454-1456] |
29 Apr 2011 06:26:34
1.1_1
|
flo |
Document mozilla -- multiple vulnerabilities |
21 Apr 2011 22:41:45
1.1_1
|
flo |
- document recent asterisk vulnerabilities
- fix topic in RT entry |
17 Apr 2011 20:31:01
1.1_1
|
jsa |
Document VideoLAN-SA-1103. Heap corruption in MP4 demultiplexer in VLC. |
17 Apr 2011 18:32:15
1.1_1
|
nox |
Update to 10.2r159.1 .
Security:
http://www.freebsd.org/ports/portaudit/32b05547-6913-11e0-bdc4-001b2134ef46.html |
17 Apr 2011 10:59:05
1.1_1
|
flo |
Document multiple vulnerabilities in RT www/rt36 and www/rt38 |
14 Apr 2011 22:14:58
1.1_1
|
rene |
Document www/chromium vulnerabilities
Security: CVE-2011-1301, CVE-2011-1302 |
14 Apr 2011 21:08:30
1.1_1
|
simon |
Unbreak file format:
- Place <vuxml> tag at the start of the file.
- Close topic tags.
Pointy hat to: cy |
14 Apr 2011 19:51:41
1.1_1
|
cy |
Add the following for security/krb5:
MITKRB5-SA-2011-001 - kpropd denial of service
MITKRB5-SA-2011-002 - KDC denial of service attacks
MITKRB5-SA-2011-003 - KDC vulnerable to double-free when PKINIT enabled
MITKRB5-SA-2011-004 - kadmind invalid pointer free() |
14 Apr 2011 07:43:06
1.1_1
|
kwm |
Document a root exploit via rogue hostname in xrdb. |
13 Apr 2011 11:01:09
1.1_1
|
bapt |
Limit affected mupdf version to <0.8
Submitted by: tobez@ (irc) |
12 Apr 2011 17:52:28
1.1_1
|
skv |
Document "otrs" - several XSS attacks possible. |
12 Apr 2011 15:36:44
1.1_1
|
erwin |
Fix typo
Submitted by: Dan Langille <dan@langille.org> |
10 Apr 2011 21:39:37
1.1_1
|
wxs |
Document isc-dhcp41-client and isc-dhcp31-client vulnerabilities.
PR: ports/156246
Submitted by: Douglas Thrift <douglas@douglasthrift.net> |
09 Apr 2011 01:41:36
1.1_1
|
wxs |
Add CVE entry for recent tinyproxy vulnerability. |
08 Apr 2011 07:39:58
1.1_1
|
pav |
- tinyproxy |
01 Apr 2011 18:03:50
1.1_1
|
sem |
Document two quagga DoS vulnerabilities |
29 Mar 2011 13:50:13
1.1_1
|
kwm |
Add a missing </p>.
Pointed out by: jadawin@ |
29 Mar 2011 13:38:24
1.1_1
|
kwm |
Document gdm privilege escalation vulnerability |
26 Mar 2011 20:13:47
1.1_1
|
rene |
Document vulnerabilities before Chromium 10.0.648.204
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
25 Mar 2011 11:09:07
1.1_1
|
ale |
Add entries for php5-exif and php5-zip before 5.3.6 release.
PR: ports/155922
Submitted by: Chris Tandiono <christandiono@tbp.berkeley.edu> |
24 Mar 2011 18:40:35
1.1_1
|
nox |
Update to 10.2r153.
Security:
http://www.freebsd.org/ports/portaudit/501ee07a-5640-11e0-985a-001b2134ef46.html
PR: ports/155874
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
24 Mar 2011 00:56:30
1.1_1
|
beat |
- Document mozilla -- update to HTTPS certificate blacklist |
19 Mar 2011 06:10:04
1.1_1
|
sahil |
Document CVE-2011-0411: Postfix "STARTTLS" Plaintext
Injection Vulnerability.
Reviewed by: miwi (secteam) |
17 Mar 2011 17:42:19
1.1_1
|
glarkin |
- Documented integer overflow in hiawatha web server
Submitted by: C-S <c-s@c-s.li> |
17 Mar 2011 00:03:10
1.1_1
|
delphij |
Document asterisk multiple vulnerabilities. |
14 Mar 2011 18:34:08
1.1_1
|
rene |
Mark chromium-9.0.597.107 and chromium-10.0.648.127 as vulnerable. |
14 Mar 2011 16:46:27
1.1_1
|
miwi |
- Cleanup a bit |
14 Mar 2011 16:25:12
1.1_1
|
miwi |
- Add correct infos to the avahi issus
- Add url to original advisory |
14 Mar 2011 16:14:06
1.1_1
|
kwm |
Fix date in avahi entry. |
14 Mar 2011 16:04:07
1.1_1
|
kwm |
Add avahi denial of services attack. |
10 Mar 2011 15:01:11
1.1_1
|
wxs |
Fix discovery for mailman XSS vulnerabilities.
Noticed by: erwin@
Pointyhat to: wxs@ |
10 Mar 2011 14:31:36
1.1_1
|
wxs |
Document mail/mailman XSS vulnerabilities. |
07 Mar 2011 21:31:26
1.1_1
|
decke |
- Document redmine -- XSS vulnerability |
05 Mar 2011 12:21:44
1.1_1
|
lev |
Document subversion -- remote HTTP DoS vulnerability
Obtained from http://subversion.apache.org/security/CVE-2011-0715-advisory.txt |
01 Mar 2011 23:05:08
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities |
01 Mar 2011 18:15:40
1.1_1
|
rene |
Document Chromium versions 9.0.597.[84,94,107]
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
25 Feb 2011 18:39:16
1.1_1
|
delphij |
Add two OpenLDAP security by-pass vulnerabilities. |
25 Feb 2011 14:01:15
1.1_1
|
mandree |
Fix broken linux-sun-jdk vulndb entries.
VuXML: 18e5428f-ae7c-11d9-837d-000e0c2e438a
VuXML: c93e4d41-75c5-11dc-b903-0016179b2dd5
PR: ports/154918 |
23 Feb 2011 14:43:41
1.1_1
|
miwi |
- Cleanup previous entry |
22 Feb 2011 21:30:19
1.1_1
|
flo |
- add asterisk -- Exploitable Stack and Heap Array Overflows |
20 Feb 2011 05:04:28
1.1_1
|
delphij |
Document PivotX administrator password reset vulnerability. |
15 Feb 2011 08:18:21
1.1_1
|
miwi |
- Update lastest tomcat entry (tomcat6/7 have the same problem)
Note: Please ask for review at ports-security@ THX! |
15 Feb 2011 08:00:38
1.1_1
|
wen |
- Document tomcat vulnerability |
11 Feb 2011 22:23:48
1.1_1
|
delphij |
Document two phpMyAdmin vulnerabilities. |
11 Feb 2011 21:39:03
1.1_1
|
nox |
Update to 10.2r152.
PR: ports/154630
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/4a3482da-3624-11e0-b995-001b2134ef46.html
Feature safe: yes |
11 Feb 2011 19:59:48
1.1_1
|
delphij |
Document mupdf PDF handling remote code execution vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
11 Feb 2011 19:51:21
1.1_1
|
delphij |
Document rubygem-mail Remote Arbitrary Shell Command Injection Vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
11 Feb 2011 19:48:03
1.1_1
|
delphij |
Document plone remote security bypass vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
11 Feb 2011 19:40:12
1.1_1
|
delphij |
Document exim local privilege escalasion vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
11 Feb 2011 19:36:45
1.1_1
|
delphij |
Document OpenOffice multiple vulnerabilities.
Submitted by: Tim Zingelman <tez netbsd.org> |
10 Feb 2011 16:44:00
1.1_1
|
miwi |
- Cleanup previous commit |
10 Feb 2011 10:41:58
1.1_1
|
kwm |
Document multiple webkit-gtk2 security vulnabilities, fixed in 1.2.7. |
10 Feb 2011 00:44:26
1.1_1
|
delphij |
Document awstat multiple vulnerability.
Notified by: Tim Zingelman <tez netbsd.org> |
10 Feb 2011 00:28:17
1.1_1
|
delphij |
Document Opera multiple vulnerabilities.
Notified by: Tim Zingelman <tez netbsd.org> |
09 Feb 2011 21:37:55
1.1_1
|
delphij |
Document multiple vulnerabilities in Django.
Notified by: Jesco Freund <jesco.freund my-universe.com> |
09 Feb 2011 05:36:33
1.1_1
|
miwi |
- S/seriuos/serious |
09 Feb 2011 05:23:00
1.1_1
|
miwi |
- Document mediawiki - multiple vulnerabilites |
09 Feb 2011 04:53:13
1.1_1
|
miwi |
- Add chinese/wordpress-zh_CN and chinese/wordpress-zh_TW to the previous
wordpress entry |
05 Feb 2011 04:37:18
1.1_1
|
miwi |
- While here drop MD5 Support
Feature safe: yes |
05 Feb 2011 04:36:36
1.1_1
|
miwi |
- Add entry for wordpress - SQL injection vulnerability
PR: 153526
Submitted by: Mark Foster <mark@foster.cc>
Feature safe: yes |
02 Feb 2011 23:51:54
1.1_1
|
miwi |
- Cleanup previous commit
Feature safe: yes |
02 Feb 2011 15:45:11
1.1_1
|
kwm |
Add vlc - Insufficient input validation in MKV demuxer vulnability.
Feature safe: yes |
31 Jan 2011 14:02:34
1.1_1
|
miwi |
- Cleanup previous Entry
Feature safe: yes |
31 Jan 2011 09:47:54
1.1_1
|
decke |
- Document maradns -- denial of service when resolving a long DNS hostname
Submitted by: n j <nino80 at gmail dot com>
Feature safe: yes |
29 Jan 2011 00:23:19
1.1_1
|
wxs |
Adjust range for ISC DHCPv6 server crash.
Feature safe: yes |
29 Jan 2011 00:15:09
1.1_1
|
wxs |
Document ISC DHCPv6 server crash.
Feature safe: yes |
25 Jan 2011 15:07:36
1.1_1
|
skv |
Document "bugzilla" - multiple seriuos vulnerabilities.
Feature safe: yes |
24 Jan 2011 23:00:51
1.1_1
|
delphij |
Add dokuwiki multiple ACL escalation vulnerabilities.
Feature safe: yes |
23 Jan 2011 23:29:30
1.1_1
|
simon |
Try to unbreak vuxml portaudit build by removing use of HTML entity.
UTF-8 chars should be used.
This is not a fix, just a hack to get it working for now.
Feature safe: yes (really) |
23 Jan 2011 13:41:34
1.1_1
|
rene |
Describe www/chromium vulnerabilities between 8.0.552.215 and 8.0.552.237
Obtained from: http://googlechromereleases.blogspot.com/
Feature safe: yes |
21 Jan 2011 01:23:43
1.1_1
|
flo |
asterisk-1.8.2.1 is still vulnerable due to a botched merge upstream.
Feature safe: yes |
19 Jan 2011 09:19:48
1.1_1
|
flo |
- fix asterisk16 version string
Approved by: fjoe (mentor)
Feature safe: yes |
19 Jan 2011 08:46:28
1.1_1
|
flo |
- Document Exploitable Stack Buffer Overflow in asterisk
Approved by: fjoe (mentor)
Feature safe: yes |
19 Jan 2011 02:26:50
1.1_1
|
wxs |
Document tarsnap cryptographic nonce reuse vulnerability.
Discussed with: cperciva@
Feature safe: yes |
18 Jan 2011 09:26:18
1.1_1
|
delphij |
Add entry for moinmoin XSS vulnerabilities.
PR: ports/153898
Submitted by: Ruslan Mahmatkhanov <cvs-src yandex ru>
Feature safe: yes |
18 Jan 2011 02:14:53
1.1_1
|
delphij |
Document tor remote code execution and crash vulnerability.
Submitted by: Janne Snabb <snabb epipe com>
Feature safe: yes |
13 Jan 2011 14:09:25
1.1_1
|
rea |
security/sudo: document privilege escalation, CVE-2011-0010
PR: 153939
Approved by: delphij (secteam), erwin (mentor)
Feature safe: yes |
13 Jan 2011 12:53:14
1.1_1
|
rea |
devel/subversion: document security fixes in 1.6.15
Two DoS conditions:
- CVE-2010-4539, DoS via walking of SVNParentPath
collections;
- CVE-2010-4644, DoS via memory leaks triggered
by the option "-g" of the blame command.
Approved by: delphij (secteam), erwin (mentor)
Feature safe: yes |
13 Jan 2011 05:44:53
1.1_1
|
rea |
Split recent PHP entry into multiple ones
Many reasons:
- some vulnerabilities were present only in the specific
PHP modules and not in the core PHP;
- it is better to group vulnerabilities by-topic (DoS, code
execution, etc);
- PHAR vulnerability is present only in 5.3.x;
- extract() vulnerability was fixed both in 5.2 and 5.3:
php-cvs@lists.php.net/msg47722.html">http://www.mail-archive.com/php-cvs@lists.php.net/msg47722.html
- NULL-byte poisoning was fixed only in 5.3, 5.2.x is still
vulnerable to this design error;
- DFS-related fixes are not relevant for FreeBSD, since DFS
is Windows file system that is unsupported by us.
PR: 153433
Approved by: remko (secteam), erwin (mentor)
Feature safe: yes |
09 Jan 2011 09:12:09
1.1_1
|
ale |
Add entry for CVE-2010-4645 (php).
PR: ports/153766
Submitted by: Tom Judge <tom@tomjudge.com> |
08 Jan 2011 06:54:14
1.1_1
|
rea |
Document CVE-2010-4345: local exim -> root escalation
PR: 152983
Feature safe: yes
Reviewed by: remko (secteam)
Approved by: erwin (mentor), remko (secteam) |
06 Jan 2011 07:01:46
1.1_1
|
miwi |
- Cleanup |
06 Jan 2011 06:35:37
1.1_1
|
wen |
- Document the Clickjacking vulnerabilities of mediawiki |
01 Jan 2011 14:31:38
1.1_1
|
erwin |
Bump copyright year. |
30 Dec 2010 17:13:32
1.1_1
|
kwm |
Document webkit-gtk2 multiple vulnerabilities < 1.2.6.
Document some CVE's that didn't make it to release notes from older releases. |
29 Dec 2010 19:50:56
1.1_1
|
delphij |
Document django multiple vulnerabilities. |
28 Dec 2010 06:34:32
1.1_1
|
remko |
Add Drupal views plugin - Cross Site Scripting (XSS).
While here, improve previously added vuln entry by
following style a bit better.
PR: 153474
Submitted by: rea |
23 Dec 2010 14:12:21
1.1_1
|
decke |
- Document redmine -- multiple vulnerabilities |
22 Dec 2010 16:10:46
1.1_1
|
remko |
Add Tor remote crash and the possibility of remote code execution.
Submitted by: Janne Snabb <snabb at epipe dot com> |
16 Dec 2010 18:11:28
1.1_1
|
delphij |
Update to properly cover php52.
Noticed by: Chris St Denis <chris smartt com> |
15 Dec 2010 23:48:53
1.1_1
|
glarkin |
- Document JavaScript injection exploits in Yahoo UI (YUI) library |
13 Dec 2010 23:44:32
1.1_1
|
delphij |
Document PHP multiple vulnerabilities |
10 Dec 2010 11:48:31
1.1_1
|
beat |
- Document mozilla -- multiple vulnerabilities |
If you buy from Amazon USA, please support us by using this link.