Number of commits found: 2715 (showing only 100 on this page)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11  »  [Last Page]

Correct spelling mistake, FreeSD -> FreeBSD

Reviewed by:    nox

- document security issue for haproxy

PR:     ports/165035
Submitted by:   jgh@
Security:       CVE-2012-2391

Document RT vulnerabilities.

(I'm only committing this as matthew is still waiting for mentor approval, and
we found it important enough to commit it right now)

Submitted by:   matthew

- inspircd 1.2.9 is not vulnerable

PR:     ports/167975
Spotted by: feld@feld.me

Add an entry for mail/sympa < 6.1.11 (CVE-2012-2352)

Add www/foswiki < 1.1.5 entry (CVE-2012-1004)

- Correct b8ae4659-a0da-11e1-a294-bcaec565249c entry [1]
- Formating and cleanup

Submitted by:   Neal Dias <ndias@cisco.com> [1]

Document and fix a off-by-one vulnability in libxml2.

Obtained from:  libxml upstream
Security:       b8ae4659-a0da-11e1-a294-bcaec565249c

- fix date in 725ab25a-987b-11e1-a2ef-001fd0af1a4c

- revert unintentional date change in aa71daaa-9f8c-11e1-bd0a-0082a0c18826
- update date in f5f00804-a03b-11e1-a284-0023ae8e59f0
- adjust dates in 3d55b961-9a2e-11e1-a2ef-001fd0af1a4c
a1d0911f-987a-11e1-a2ef-001fd0af1a4c for ordering

- Update inspircd to 2.0.5 [1]
- document CVE-2012-1836 [2]

PR:     ports/167975
Submitted by:   maintainer, feld@feld.me [1], jgh@ [2]
Security:       CVE-2012-1836

Fix some nits:
        The url in the cite attribute must appear as a reference
        The CVE automatically gets expanded to a url so the mitre url is not
needed

- fix spelling in b3435b68-9ee8-11e1-997c-002354ed89bc

Versions 3.2.0 and earlier of the pidgin-otr plugin contain
a format string security flaw. This flaw could potentially be
exploited by a remote attacker to cause arbitrary code to be
executed on the user's machine.

The flaw is in pidgin-otr, not in libotr. Other applications
that use libotr are not affected.

Document sudo netmask vulnerability. Patch for port forthcoming.

- Security update OpenSSL 1.0.1c

Document vulnerabilities for www/chromium < 19.0.1084.46

Security:       CVE-2011-[3083-3097], CVE-2011-[3099-3100]

- Document vulnerability in net/socat (CVE-2012-0219)

Fix pivotx vuln.xml

- 59b68b1e-9c78-11e1-b5e0-000c299b62e1 also applies to lang/php52

- Document recent vulnerabilities in PHP (CVE-2012-2311 and CVE-2012-2329)

Add an entry for CVE-2012-2214 for an XMPP crash in libpurple.

- Document CVE-2012-2274 for port www/pivotx

PR:             ports/167819
Submitted by:   Fumiyuki Shimizu <fumifumi at abacustech.jp>
Security:       CVE-2012-2274

Belated VuXML entry for recent NVIDIA Unix driver arbitrary system memory
access vulnerability.

Reviewed by:    eadler, delphij
Security:       CVE-2012-0946

- Add entry for rubygem-mail

Revert my "correction" for php52. All the 5.2.x still affected to NULL
poison bug. Just tested both latest 5.2 and 5.3 with the script from here:
https://bugs.php.net/bug.php?id=39863
Sorry.

Mark php52 >= 5.2.15 as not vulnerable to NULL byte poisoning [1]. This problem
was fixed in 5.3.4 and 5.2.15 simultaneously.

[1] http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html

Reported by:     Svyatoslav Lempert <svyatoslav.lempert at gmail dot com>

- Add entry for www/node

- Add entry for p5-Config-IniFiles

Add references for the portupgrade advisory. Some code actually expects content
in this section.

Reported by:    dvl
Reviewed by:    wxs,zi

Unbreak vuln.xml format.
While here fix a long line.

Pointyhat:      scheidell

- Account for repocopy of php5 -> php53
- Account for php52 backport fix
- Add entry for php54 (which will be named php5)

Submitted by:   scheidell@ (me)

- Third time the charm. remove extra (

Submitted by:   scheidell@ (me)

- All versions of PHP between 2004 release and May 3rd, 2012 are vulnerable to
cmdarg attacks
- Note:  PHP 5.2.12 and 5.4.2 were created to address this issue, but did not.
- See WWW: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- An additional, unreleased version is needed.

Submitted by:   scheidell@ (me)
Obtained from:  WWW:www.php.net/archive/2012.php#id2012-05-03-1
Security:       CVE-2012-1823

Fix PHP entry to match the actual package name

Submitted by:   simon

- Document www/webcalendar-devel - multiple vulnerabilities

Requested by:   eadler, Hanno Boeck <hanno@hboeck.de>

Document vulnerabilities in www/chromium < 18.0.1025.168

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3078-3081], CVE-2012-1521

- Document vulnerability in lang/php5

Document samba incorrect permission checks vulnerability.

Inform users that ports-mgmt/portupgrade-devel had unchecked distinfo

- Document vulnerability in net-mgmt/net-snmp (CVE-2012-2141)

- Document mozilla -- multiple vulnerabilities

Document dokuwiki CSRF vulnerability.

Document multiple asterisk vulnerabilities

Inform users of security vulns in wordpress

PR:             ports/167157

Unbreak vuxml by removing stray 'p'

Submitted by:   vuxml buildbot

Fix formatting in the first 10% of VuXML database file.

Fix whitespace: run through unexpand(1), spelling, wrap overly long lines.

Inform users about the recent openssl vuln

Reviewed by:    dinoex

- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry

Approved by:    skv (implicit)
Security:       https://bugzilla.mozilla.org/show_bug.cgi?id=728639
                https://bugzilla.mozilla.org/show_bug.cgi?id=745397
                CVE-2012-0465
                CVE-2012-0466

- document typo3 vulnerability

PR:     ports/167029

Add information about the recent nginx security vulnerability

PR:             ports/166990
Submitted by:   rodrigo osorio <rodrigo@bebik.net>

Document phpmyfaq -- Remote PHP Code Execution Vulnerability

- Slight cleanups for my puppet entry

- Document security issue with Puppet
- Update puppet for security issue

Security:       607d2108-a0e4-423a-bf78-846f2a8f01b0

Document samba root code execution vulnerability.

- document bugzilla Cross-Site Request Forgery

Document recent flash player vulnerabilities

Reviewed by:    nox

- Document vulnerability in graphics/png (CVE-2011-3048)
- Fix wording/spelling in 462e2d6c-8017-11e1-a571-bcaec565249c

Feature safe:   yes

As requested by eadler, revert the commit about the move of the
<!-- EOF --> tag. I cannot reproduce the error anymore, so it
might have been the reviewal entry or something else was locally
wrong.

I did a make validate before committing this to make sure it's
OK at this point, if someone encounters the same problem, please
let us know!

Feature safe:   yes

Document freetype 2 multiple vulnabilities.

Feature safe:   yes

- Fix vulnerability CVE-2011-1429.
- Add a patch to the mutt pager that handles non-breaking space
  characters (0xA0) in an UTF8 environment correctly.
- Bump PORTREVISION.

PR:             ports/166659
Submitted by:   Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
Security:      
http://www.freebsd.org/ports/portaudit/49314321-7fd4-11e1-9582-001b2134ef46.html
Feature safe:   yes

Mention vulnerabilities in www/chromium < 18.0.1025.151

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3066-3077]
Feature safe:   yes

Someone forgot to do a make validate after adding the <!--EOF
line. It breaks the make validate.

Feature safe:   yes

Add a record for CVE-2012-1178.

Reported by:    Peter Jeremy <peterjeremy@acm.org>
Feature safe:   yes

Fix formatting so that "make tidy" passes

Feature safe:   yes

Another phpmyadmin security update.

ChangeLog:

http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10.2/phpMyAdmin-3.4.10.2-notes.html/download

Welcome to phpMyAdmin 3.4.10.2, a minor security release.

3.4.10.2 (2012-03-28)
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-2

Advisory:

http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php

Approved by:    shaun (mentor)
Feature safe:   yes
Security:       a81161d2-790f-11e1-ac16-e0cb4e266481

Document vulnerabilities in www/chromium < 18.0.1025.142

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3057-3065]
Feature safe:   yes

- quagga-re affected the last vulnerability too.

Feature safe:   Yes

Document CVE-2012-0037 for textproc/raptor and textproc/raptor2.

Security:       CVE-2012-0037
Feature safe:   yes

Fix formatting so that "make tidy" passes

Feature safe:   yes

- Document recent vulnerabilities in net/quagga (CVE-2012-0249, CVE-2012-0250,
CVE-2012-0255)

Feature safe:   yes

Correct version ranges.

Feature safe:   yes

Document Apache Traffic Server -- heap overflow vulnerability

Feature safe:   yes

Document vulnerabilities for www/chromium < 17.0.963.83

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3045,3049-3057]
Feature safe:   yes

Document GNUtls and libtasn1 security vulnerabilities.

Feature safe:   yes

- Cleanup

Feature safe:   yes

- Correct the last 3 firefox 3.6 entrys

PR:             166207
Submitted by:   Sergey Kandaurov <pluknet@gmail.com>
Feature safe:   yes

Document recent asterisk vulnerabilities.

Feature safe:   yes

Document CVE-2012-0884.

Feature safe:   yes

Document nginx -- potential information leak.

Feature safe:   yes

- Document mozilla -- multiple vulnerabilities

Feature safe:   yes

Do proper input validation for libXfont. This is for CVE-2011-2895.

Feature safe:   yes

Typo fix.

Feature safe:   yes

- Document portaudit -- auditfile remote code execution.
- Update (c) year.

Feature safe:   yes

Appease the tidy target. ;)

Feature safe:   yes

Document vulnerabilities in www/chromium < 17.0.963.79

Security:       CVE-2011-3047
Feature safe:   yes

Fix formatting so that "make tidy" passes

Feature safe:   yes

Document the latest flash player vulnerabilities

Reviewed by:    nox
Feature safe:   yes

Mark chromium < 17.0.963.78 as vulnerable.

Security:       CVE-2011-3046
Feature safe:   yes

Document jenkins XSS vulnerability.

Submitted by:   Gersom van de Bunt <gersom.vandebunt@pine.nl>

Add new vulnerabilities for www/chromium < 17.0.963.65

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3031-3044]

Document dropbear security issue

Approved by:    eadler (mentor)

Whitespace cleanup and stick to ASCII in recent openx entry.

document latest openx security issue

PR:     ports/165613

Document latest PostgreSQL vulnerabilities

Security:       http://www.postgresql.org/about/news/1377/

- Add information about make tidy checking now that it actually functions
- use ' instead of `
- add a note about ports-security

Document recent flash vulns

Reviewed by:    nox

Pacify 'make tidy' and use valid XML.
While make diff against the tidy version a canconical test.

Add libxml2 vulnability.

PR:             ports/164270
Submitted by:   kj <b4039413@nwldx.com>

Number of commits found: 2715 (showing only 100 on this page)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11  »  [Last Page]

12 vulnerabilities affecting 17 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities