A ports freeze means that commits will be few and far between and only by approval.

Number of commits found: 1770 (showing only 100 on this page)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11  »  [Last Page]

- Fix discovery from previous entry

- Document openoffice -- arbitrary code execution vulnerabilities

PR:             based on 129192
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document wordpress -- Header RSS Feed Script Insertion Vulnerability

- Document samba -- potential leakage of arbitrary memory contents
- Fix my previous entry

- Document hplip -- hpssd Denial of Service

PR:             based on 129097
Submitted by:   Eygene Ryabinkin

- Document cups -- multiple vulnerabilities

- Document a buffer overflow vulnerability in imlib2.

PR:             ports/129037
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Fix latest mozilla entry

Note:
        mail/thunderbird and mail/linux-thunderbird versions are wrong.
        All problems are fixed in 2.0.0.18 and not in 2.0.0.17.

Pointy hat to:  tabthorpe

- Document streamripper -- multiple buffer overflows

PR:             based on 128999

- Dokument -- Mantis: Session hijacking vulnerability

- Cleanup
- Fix a lot whitespaces

Document two ACL bypassing vulnerabilities of dovecot.

Submitted by:   Eygene Ryabinkin <rea-fbsd codelabs.ru> (with changes)
PR:             ports/129000

- Document libxml2 -- multiple vulnerabilities

- Document openfire -- multiple vulnerabilities

Document syslog-ng2 chroot vulnerability.

PR:             ports/128960
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by:    tabthorpe

- Add a missing new line between entries

- Add an entry for print/enscript and its slave ports

PR:             ports/128958
Submitted by:   Eygene Ryabinkin <rea-fbsd at codelabs.ru> (based on)
Reviewed by:    stas@

Add CVE identifier for clamav off-by-one error.

PR:             ports/128924
Submitted by:   Mark Foster <mark@foster.cc>

- Fix an indentation in the latest net-snmp entry.

- Document the recent chain validation vulnerability in gnutls.

PR:             ports/128868
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (based on)

- Fix formating

Add entry for net-snmp (fix will be followed).

PR:             ports128772, ports/128837
Submitted by:   "Mark D. Foster" <mark@foster.cc>,
                Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Cleanup
  * Add some more references to the faad2 entry
  * Fix formating for the last emacs and trac entry

- Document mozilla -- multiple vulnerabilities

Reviewed by:    simon

- Document faad2 -- heap overflow vulnerability

- Fix multimedia/vlc entry

Document vulnerability in Emacs python integration.

PR:             127168
Submitted by:   keramida

- Document clamav get_unicode_name() off-by-one buffer overflow, 0.94.1 have
  fixed the problem [1]
- Since i'm here, document clamav-devel either

PR:             ports/128749 [1]
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> [1]

Document trac wiki markup DoS issue

- Document vlc -- cue processing stack overflow

Document opera -- multiple vulnerabilities

With hat:       secteam
Requested by:   simon

Document qemu -- Heap overflow in Cirrus emulation

Fix BugTraq ID :(

Pointy hat to:  delphij

Add more reference with last commit

Document phpmyadmin XSS issue

Add linux-opera with opera entries. Remove the YYYYMMDD in the version (ie:
9.61.YYYYMMDD -> 9.61) as linux-opera does not do it anymore. It should not
affect anything on opera.

- Fix formating

- Document opera -- multiple vulnerabilities

PR:             ports/128264
Submitted by:   Arjan van Leeuwen <freebsd-maintainer opera.com>

- Document libspf2 -- Buffer overflow

- Document openx -- sql injection vulnerability

- Fix duplicate wording

- Document flyspray -- multiple vulnerabilities

Submitted by:   Nick Hilliard (nick@foobar.org) (based on)

Document wordpress snoopy shell command execution vulnerability

- Fix libxine entry

- Whitespace fix in last entry.

Document drupal multiple vulnerabilities.

Submitted by:   Nick Hilliard <nick foobar org>

Newer version of wordpress-mu has resolved the security vulnerability,
I have verified the code with respect to older release and to wordpress
changeset.

Reviewed by:    stas

The libxml2-2.6.32_1 now have two security fixed. If I edit it incorrect,
please fix it for me.

Document libxine denial of service vulnerability.

- Fix formating from previous entry

- Fix previous commit

- Document linux-flashplugin -- multiple vulnerabilities

Reviewed by:    stas

Document libxml2 vulnerabilities.

- Fix a small typo

- Document drupal -- multiple vulnerabilities

Document cups multiple vulnerabilities.

Update mysql entries.

- Fix formating and remove whitespaces from previous commit.

Add two www/opera vulnarabilities which affect versions <9.60.20081004

PR:             ports/127941
Submitted by:   Arjan van Leeuwen (opera maintainer)

- Capitalize "Secunia" word in all entries.

Reviewed by:    tabthorpe

- Mplayer vulnerability has been fixed in 0.99.11_7.

- Document mysql-client input validation vulnerability.

- Document mplayer integer overflows.

Bump copyright year.

Really fix firefox 3 part of the latest mozilla entry.  Now it doesn't
match fixed firefox 2 versions.

Cluebat:        Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Pointyhat:      simon (for too quick review of last update)

- Fix bad firefox3 specification

PR:             127712
Reported by:    Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by:    simon

lighttpd -- multiple vulnerabilities

- Fix last thunderbird entrys
- Bump modified date

- Cleanup previous entry.

Add irc/bitlbee entry.

- Update samba entries so they don't match upcomming Samba 3.2 which
  doesn't have PORTEPOCH in the version number.
- Bump modified date for all updated entries.

Requested by:   timur

- Fix firefox version

Reported by:    bsam@

- Fix a typo (s/reportss/reports)

Submitted by:   tabthorpe/remko

- Document mozilla --  multiple vulnerabilities

- Mark ftp/proftpd as safe
- Add more references to the last phpMyAdmin entry

- Document squirrelmail -- Session hijacking vulnerability

- Fix discovery from my previous commit

- Document proftpd -- Long Command Processing Vulnerability

- Document phpmyadmin -- cross-site scripting vulnerability

- Document gallery -- multiple vulnerabilities

Approved by:    portmgr (secteam blanked)

- Replace phpmyadmin with phpMyAdmin to fix portaudit

Note:
        portaudit does not flag phpmyadmin as vulnerable,
        so we need to change it to the pkgname (phpMyAdmin).

Reported by:    glarkin@
Reviewed by:    simon
Discussion on:  ports-security@
Approved by:    portmgr (secteam blanked)

- Document phpmyadmin -- Code execution vulnerability

Approved by:    portmgr (secteam blanked)

- Fix previous commit

Approved by:    portmgr (secteam blanked)

- Mark www/twiki FORBIDDEN due to security exploit

Approved by:    beech (mentor, implicit)
Approved by:    portmgr (pav)
Security:       http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195

- corrects the bid number from me previous commit

Approved by:    portmgr (secteam blanked)

- Document neon -- NULL pointer dereference in Digest domain support

Approved by:    portmgr (secteam blanked)

Document clamav CHM parser DoS issue.

Approved by:    portmgr (vuxml blanket)

- Document horde -- multiple vulnerabilities

Approved by:    portmgr (secteam blanked)

- Document python -- multiple vulnerabilities

Reviewed by:    remko/tabthorpe
Approved by:    portmgr (secteam blanked)

- Mark www/wordpress and german/wordpress as safe

Approved by:    portmgr (secteam approved: remko, blanket vuxml)

- Document wordpress, rails and mysql vulnerabilties.

Reviewed by:    remko
Approved by:    portmgr (secteam approved: remko, blanket vuxml)

Extend the Nagios entry to cover Nagios 3.x < 3.0.2. This covers the edge case
of `portupgrade -o net-mgmt/nagios-devel nagios'.

Approved by:    portmgr (simon@ using secteam blanket)

Add FreeBSD-SA-08:09.icmp6

Add FreeBSD-SA-08:08.nmount

Add FreeBSD-SA-08:07.amd64.

Hat:    secteam

Update for php5 safe_mode fix.

Fix XML in openvpn-devel entry: – was used but as vuln.xml does
not import HTML named entities this is not allowed - use –
instead which produces the same end result.

- Document opera -- multiple vulnerabilities

gnutls -- "gnutls_handshake()" Denial of Service

Use joomla15 as name for the vulnerability

Number of commits found: 1770 (showing only 100 on this page)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11  »  [Last Page]

14 vulnerabilities affecting 30 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities