Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 07 Oct 2021 02:24:55 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range of 9bad457e-b396-4452-8773-15bec67e1ceb
Sponsored by: The FreeBSD Foundation |
1.1_5 07 Oct 2021 02:22:48 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-10-06
Sponsored by: The FreeBSD Foundation |
1.1_5 06 Oct 2021 13:30:22 |
Bernard Spil (brnrd) |
security/vuxml: Only apache24 2.4.49 is vulnerable |
1.1_5 05 Oct 2021 18:51:23 |
Sergey A. Osokin (osa) |
security/vuxml: document multiple issues with databases/redis-devel |
1.1_5 05 Oct 2021 13:28:13 |
Sergey A. Osokin (osa) |
security/vuxml: document multiple issue with databases/redis{,5,6}
PR: 258935 |
1.1_5 05 Oct 2021 08:47:45 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulnerability |
1.1_5 05 Oct 2021 05:09:26 |
Matthias Fechner (mfechner) |
security/vuxml: Document bacula-web vulnerabilities |
1.1_5 01 Oct 2021 07:19:35 |
Wen Heping (wen) |
security/vuxml: Document mediawiki's multiple vulnerabilities |
1.1_5 30 Sep 2021 21:03:02 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 94.0.4606.71
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html |
1.1_5 30 Sep 2021 19:28:52 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5 30 Sep 2021 16:23:08 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix entry 7062bce0-1b17-11ec-9d9d-0022489ad614
This should also fix vuxml build.
PR: 258802
Sponsored by: The FreeBSD Foundation |
1.1_5 30 Sep 2021 02:02:47 |
Alex Kozlov (ak) |
security/vuxml: document archivers/ha vulnerabilities |
1.1_5 29 Sep 2021 05:52:41 |
Kyle Evans (kevans) |
security/vuxml: document recent nexus2-oss vulnerabilities
PR: 252564 |
1.1_5 28 Sep 2021 08:29:46 |
Bernard Spil (brnrd) |
security/vuxml: Fix range on latest cURL vuln
Submitted by: yasu
PR: 258586 |
1.1_5 28 Sep 2021 08:03:58 |
Bernard Spil (brnrd) |
security/vuxml: Fix double CVE- in latest httpd entry |
1.1_5 27 Sep 2021 08:39:45 |
Baptiste Daroussin (bapt) Author: Evgeniy Khramtsov |
security/vuxml: add www/webkit2-gtk3
PR: 255528
Obtained from: https://webkitgtk.org/security/WSA-2021-0005.html |
1.1_5 24 Sep 2021 20:38:25 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 94.0.4606.61
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html |
1.1_5 23 Sep 2021 01:03:25 |
Craig Leres (leres) |
security/vuxml: Fix missing <name> field
I wasn't able to see my mistake based on the error "make validate"
gave me:
Traceback (most recent call last):
File
"/usr/local/poudriere/ports/current-patched/security/vuxml/files/extra-validation.py",
line 99, in <module>
if (re_invalid_package_name.search(name.text) is not None):
TypeError: expected string or bytes-like object
*** Error code 1
Thanks to Dan for the pointy hat save.
Reported by: Dan Langille |
1.1_5 22 Sep 2021 22:09:30 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.4 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.4
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause
it to crash. Due to the possibility of this happening with packets
received from the network, this is a potential DoS vulnerability. |
1.1_5 22 Sep 2021 08:59:34 |
Bernard Spil (brnrd) |
security/vuxml: Document mod_auth_mellon vulnerability |
1.1_5 21 Sep 2021 20:27:13 |
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js August 2021 Security Releases (2)
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Sponsored by: Miles AS |
1.1_5 21 Sep 2021 20:26:42 |
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js August 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
Sponsored by: Miles AS |
1.1_5 21 Sep 2021 20:26:41 |
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js July 2021 Security Releases (2)
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
Sponsored by: Miles AS |
1.1_5 21 Sep 2021 20:26:35 |
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js July 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
Sponsored by: Miles AS |
1.1_5 21 Sep 2021 20:17:35 |
Rene Ladan (rene) |
security/vuxml: add chromium < 94.0.4606.54
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html |
1.1_5 21 Sep 2021 03:47:26 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document libssh vulnerability |
1.1_5 20 Sep 2021 06:26:06 |
Daniel Engberg (diizzy) Author: Robert Clausecker |
security/vuxml: Add entry for libpano13 < 2.9.20
PR: 258354
Approved by: tcberner
Differential Revision: https://reviews.freebsd.org/D31980 |
1.1_5 17 Sep 2021 21:37:59 |
Jan Beich (jbeich) |
security/vuxml: update seatd 0.6.{0,1} entry
- Discovered 1 day before announcement
- Assigned CVE-2021-41387 |
1.1_5 17 Sep 2021 19:15:56 |
Eugene Grosbein (eugen) |
security/vuxml: fix range in vid f55921aa-10c9-11ec-8647-00e0670f2660
Fix ranges for latest net/mpd5 vulnerability.
Reported by: Clive Lin |
1.1_5 17 Sep 2021 17:40:47 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulns |
1.1_5 17 Sep 2021 10:52:12 |
Bernard Spil (brnrd) |
security/vuxml: Register cURL vulns |
1.1_5 16 Sep 2021 01:20:09 |
Jan Beich (jbeich) |
security/vuxml: consistently use -- in topic after e0992ef21346 |
1.1_5 16 Sep 2021 01:15:04 |
Jan Beich (jbeich) |
security/vuxml: mark seatd 0.6.{0,1} as vulnerable |
1.1_5 14 Sep 2021 16:55:06 |
Rene Ladan (rene) |
security/vuxml: add chromium < 93.0.4577.82
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html |
1.1_5 13 Sep 2021 18:14:24 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerabilities in Matrix clients
Security: 93eb0e48-14ba-11ec-875e-901b0e9408dc
Security: CVE-2021-40823
Security: CVE-2021-40824 |
1.1_5 11 Sep 2021 00:30:50 |
Brad Davis (brd) |
security/vuxml: document sysutils/consul vulnerability |
1.1_5 10 Sep 2021 17:21:33 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5 09 Sep 2021 12:11:13 |
Wen Heping (wen) |
security/vuxml: Document multiple vulnerabilities of python38 |
1.1_5 08 Sep 2021 22:02:51 |
Eugene Grosbein (eugen) |
security/vuxml: add net/mpd5 PPPoE Server remotely exploitable crash
Version 5.9_2 contains security fix for PPPoE servers.
Insufficient validation of incoming PPPoE Discovery request
specially crafted by unauthenticated user might lead to unexpected
termination of the process. The problem affects mpd versions since 5.0.
Installations not using PPPoE server configuration were not affected.
Reported by: Yannick C at SourceForge
Tested by: Yannick C at SourceForge, paul at SourceForge |
1.1_5 07 Sep 2021 07:12:37 |
Wen Heping (wen) |
security/vuxml: Document multiple vulnerabilities of python36 and python37 |
1.1_5 05 Sep 2021 11:32:07 |
Bernard Spil (brnrd) |
security/vuxml: Document WeeChat vulnerability |
1.1_5 02 Sep 2021 14:31:26 |
Ashish SHUKLA (ashish) |
security/vuxml: Document py-matrix-synapse vulnerabilities
PR: 258187
Reported by: Sascha Biberhofer <ports@skyforge.at>
Security: a67e358c-0bf6-11ec-875e-901b0e9408dc
Security: CVE-2021-39163
Security: CVE-2021-39164 |
1.1_5 02 Sep 2021 04:48:27 |
Wen Heping (wen) |
security/vuxml: Document python39 multiple vulnerabilities |
1.1_5 02 Sep 2021 03:41:34 |
Hajimu UMEMOTO (ume) |
security/vuxml: fix range
Reported by: rene |
1.1_5 01 Sep 2021 20:34:29 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 93.0.4577.63
Obtained
from: https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html |
1.1_5 01 Sep 2021 13:22:35 |
Hajimu UMEMOTO (ume) |
security/vuxml: Document cyrus-imapd vulnerability. |
1.1_5 31 Aug 2021 21:20:14 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5 26 Aug 2021 23:09:48 |
Matthias Andree (mandree) |
security/vuxml: document fetchmail TLS vulns
URL: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
Security: CVE-2021-39272
Security: 1d6410e8-06c1-11ec-a35d-03ca114d16d6 |
1.1_5 25 Aug 2021 06:14:17 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:17.openssl
Reference FreeBSD SA-21:17.openssl in the 16 February 2021
OpenSSL entry and note the fixed patch releases. |
1.1_5 25 Aug 2021 06:14:16 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:16.openssl
Reference FreeBSD SA-21:16.openssl in the 24 August 2021
OpenSSL entry and note the fixed patch releases. |
1.1_5 25 Aug 2021 06:14:16 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:15.libfetch |
1.1_5 25 Aug 2021 06:14:16 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:14.ggatec |
1.1_5 25 Aug 2021 06:14:15 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:13.bhyve |
1.1_5 24 Aug 2021 15:13:24 |
Bernard Spil (brnrd) |
security/vuxml: Fix openssl-devel version |
1.1_5 24 Aug 2021 15:10:04 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL vulnerabilities |
1.1_5 22 Aug 2021 15:28:16 |
Adam Weinberger (adamw) Author: Stefan Bethke |
vuxml: Add entry for gitea < 1.15.0
PR: 257994 |
1.1_5 20 Aug 2021 18:37:03 |
Adam Weinberger (adamw) Author: Stefan Bethke |
vuxml: Add entry for gitea < 1.14.6 |
1.1_5 20 Aug 2021 03:40:09 |
Kyle Evans (kevans) |
security/vuxml: Document vulnerabilities in java/bouncycastle15
MFH: 2021Q3
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc. |
1.1_5 18 Aug 2021 06:10:16 |
Fernando ApesteguÃa (fernape) Author: Yasuhiro Kimura |
security/vuxml: Excessive memory consumption vulnerability in binutils
Fixed in main a0e752df8013 and in 2021Q3 in 9c4ee12.
PR: 256133
Reviewed by: fluffy@, koobs@
Security: CVE-2021-3487 |
1.1_5 17 Aug 2021 12:35:20 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 92.0.4515.159
Obtained
from: https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html |
1.1_5 15 Aug 2021 07:11:46 |
Carlo Strub (cs) |
security/vuxml: Update release number for fixed lynx vulnerability
Security: e9200f8e-fd34-11eb-afb1-c85b76ce9b5a |
1.1_5 14 Aug 2021 19:41:58 |
Carlo Strub (cs) |
security/vuxml: Document credential leakage vulnerability
Security: e9200f8e-fd34-11eb-afb1-c85b76ce9b5a |
1.1_5 12 Aug 2021 16:22:50 |
Palle Girgensohn (girgen) |
security/vuxml: postgresql??-server vuln CVE-2021-3677 |
1.1_5 10 Aug 2021 00:42:24 |
Romain Tartière (romain) |
security/vuxml: document xtrlock CVE-2016-10894 |
1.1_5 09 Aug 2021 20:15:04 |
Cy Schubert (cy) |
security/vuxml: Document x11/cde local privilege escalation
Security: CVE-2020-2696, VU#308289 |
1.1_5 05 Aug 2021 23:00:59 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5 04 Aug 2021 08:29:40 |
Matthias Fechner (mfechner) |
security/vuxml: Security vulnerabilities for gitlab-ce |
1.1_5 04 Aug 2021 08:10:56 |
Bernard Spil (brnrd) |
security/vuxml: Mark MariaDB vulnerable |
1.1_5 03 Aug 2021 18:22:00 |
Li-Wen Hsu (lwhsu) Author: Thomas Morper |
security/vuxml: Add net-im/prosody CVE-2021-37601
PR: 257597 |
1.1_5 03 Aug 2021 18:19:14 |
Matthias Andree (mandree) |
security/vuxml: update fetchmail CVE-2021-36386 vuln
this vuln was a reintroduction of CVE-2008-2711 which got fixed in
fetchmail 6.3.9, when 6.3.17 refactored code.
- restrict range (>= 6.3.9 < 6.3.17 unaffected)
- add reference to old CVE-2008-2711
URL: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
Security: cbfd1874-efea-11eb-8fe9-036bd763ff35
Security: CVE-2021-36386
Security: CVE-2008-2711 |
1.1_5 03 Aug 2021 17:17:22 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 92.0.4515.131
Obtained
from: https://chromereleases.googleblog.com/search/label/Stable%20updates |
1.1_5 02 Aug 2021 09:52:36 |
Dave Cottlehuber (dch) |
security/vuxml: document net/rabbitmq CVE-2021-22116
https://tanzu.vmware.com/security/cve-2021-22116 |
1.1_5 01 Aug 2021 21:57:10 |
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-33037
PR: 257153 |
1.1_5 01 Aug 2021 21:52:40 |
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-30640
PR: 257153 |
1.1_5 01 Aug 2021 21:42:39 |
Kevin Bowling (kbowling) |
security/vuxml: correct tomcat package name/versions
PR: 257153
Fixes: 9462edd84baf |
1.1_5 01 Aug 2021 21:35:55 |
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-30639
PR: 257153 |
1.1_5 28 Jul 2021 21:36:56 |
Matthias Andree (mandree) |
security/vuxml: add fetchmail < 6.4.20 vuln
Security: cbfd1874-efea-11eb-8fe9-036bd763ff35
Security: CVE-2021-36386 |
1.1_5 27 Jul 2021 10:24:10 |
Li-Wen Hsu (lwhsu) Author: Yasuhiro Kimura |
security/vuxml: Document integer overflow vulnerability in redis
PR: 257325 |
1.1_5 27 Jul 2021 09:00:51 |
Li-Wen Hsu (lwhsu) Author: rob2g2 |
security/vuxml: Document dns/powerdns CVE-2021-36754
PR: 257435 |
1.1_5 24 Jul 2021 16:59:42 |
Craig Leres (leres) |
security/vuxml: Mark mosquitto >= 2.0.0, < 2.0.10 vulnerable as per:
https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt
- If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault.
PR: 255229
Reported by: Daniel Engberg |
1.1_5 23 Jul 2021 23:14:14 |
Guido Falsi (madpilot) |
security/vuxml: Document new pjsip vulnerability |
1.1_5 23 Jul 2021 21:21:10 |
Guido Falsi (madpilot) |
security/vuxml: Document new asterisk vulnerabilities |
1.1_5 21 Jul 2021 14:10:34 |
Rene Ladan (rene) |
security/vuxml: document Chromium < 92.0.4515.107 |
1.1_5 21 Jul 2021 13:40:45 |
Rene Ladan (rene) |
security/vuxml: fix `make validate' |
1.1_5 21 Jul 2021 10:31:00 |
Bernard Spil (brnrd) |
security/vuxml: Document cURL 7.77.0 vulnerabilities |
1.1_5 20 Jul 2021 08:55:32 |
Bernard Spil (brnrd) |
security/vuxml: Document MySQL vulnerabilities Jul2021 |
1.1_5 18 Jul 2021 21:27:11 |
Guangyuan Yang (ygy) Author: stb |
security/vuxml: Document vulnerabilities in www/gitea
PR: 257221
Approved by: lwhsu (mentor) |
1.1_5 18 Jul 2021 17:54:30 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix make validate after 069e58611c7933431ec82b0b9c119677e8d6cc21
Reported by: lwhsu
Approved by: delphij (ports-secteam) |
1.1_5 16 Jul 2021 20:31:59 |
Rene Ladan (rene) |
security/vuxml: document chromium < 91.0.4472.164
Obtained
from: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html |
1.1_5 14 Jul 2021 17:26:34 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document ruby vulnerability |
1.1_5 14 Jul 2021 16:10:51 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix make test
- Respect VUXML_FILE and VUXML_FLAT_FILE [1]
It allows run "make test" on read-only media (e.g. poudriere jail)
- Copy all vuln XML file to the test directory [2]
Since vuln.xml has been split into multiple XML files, all of them must be
copied to the test directory.
Without [1], the error message is as follows:
===> Testing for vuxml-1.1_5
xmllint -noent vuln.xml > vuln-flat.xml
/bin/sh: cannot create vuln-flat.xml: Read-only file system
*** Error code 2
Stop.
Without [2], the error message is as follows: (Only the first 15 lines of the commit message are shown above ) |
1.1_5 13 Jul 2021 12:01:52 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5 10 Jul 2021 12:51:01 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in databases/mantis
PR: 257068
Reported by: Zoltan ALEXANDERSON BESSE <zab@zltech.eu> |
1.1_5 08 Jul 2021 06:49:57 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerability |
1.1_5 04 Jul 2021 20:55:52 |
Tobias C. Berner (tcberner) Author: Daniel Engberg |
security/vuxml: document vulnerabilities in graphics/exiv2
PR: 256803 |
1.1_5 03 Jul 2021 05:01:44 |
Matthias Andree (mandree) |
security/vuxml: document openexr < 3.0.5 vulns
Security: f2596f27-db4c-11eb-8bc6-c556d71493c9 |
1.1_5 02 Jul 2021 07:34:26 |
Matthias Fechner (mfechner) |
security/vuxml: Documented gitlab vulnerabilities. |
1.1_5 01 Jul 2021 07:30:09 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Let vuln-flat.xml depend on all vuln xml files
So it can get rebuilt when any of vuln xml file changed.
Approved by: ports-secteam (fluffy, implicitly) |
1.1_5 01 Jul 2021 07:28:36 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-06-30
Sponsored by: The FreeBSD Foundation |
1.1_5 30 Jun 2021 15:39:09 |
Juraj Lutter (otis) |
security/vuxml: Fix dovecot entry
Fix stray ">" character in a CVE URL. |