| Commit History - (may be incomplete: see SVNWeb link above for full details) |
| Date | By | Description |
25 May 2020 18:04:40
  1.1_4
|
pi  |
security/vuxml: add three CVEs for qmail
PR: 245010
Submitted by: erdgeist@erdgeist.org |
24 May 2020 18:55:35
1.1_4
|
rene |
Document new vulnerabilities in www/chromium 83.0.4103.61.
The website is somewhat crippled and does not show the full text. |
23 May 2020 12:31:37
1.1_4
|
joneum |
Add entry for piwigo
PR: 245153
Sponsored by: Netzkommune GmbH |
23 May 2020 09:22:21
1.1_4
|
joneum |
Add entry for tomcat
PR: 246657
Sponsored by: Netzkommune GmbH |
22 May 2020 22:20:22
1.1_4
|
delphij |
Document unbound multiple vulnerabilities. |
22 May 2020 13:07:46
1.1_4
|
joneum |
Add entry for drual7
Sponsored by: Netzkommune GmbH |
20 May 2020 11:41:05
1.1_4
|
dbaio |
security/vuxml: Document net-mgmt/zabbix3 issue
Security: CVE-2020-11800 |
19 May 2020 23:35:17
1.1_4
|
sunpoet |
Document rails vulnerability |
19 May 2020 14:18:34
1.1_4
|
wen |
- Document CVE-2019-18348, CVE-2020-8492 for python38 |
18 May 2020 19:00:35
1.1_4
|
ler |
security/vuxml: Report multiple dovecot vulnerabilities. |
17 May 2020 20:42:25
1.1_4
|
zi |
- Document security/clamav vulnerabilities |
17 May 2020 20:18:31
1.1_4
|
sunpoet |
Update json-c vulnerability
- While I'm here, fix format
json-c 0.14 will land the ports tree along with the fix, thus I change it to
0.14.
PR: 246389 |
17 May 2020 18:33:09
1.1_4
|
sunpoet |
Document rails vulnerability |
16 May 2020 09:17:26
1.1_4
|
brnrd |
security/vuxml: MariaDB vulnerabilities |
16 May 2020 06:45:08
1.1_4
|
woodsb02 |
Add new sysutils/py-salt vulnerabilities
PR: 246061
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2020-11651
Security: CVE-2020-11652 |
14 May 2020 11:29:20
1.1_4
|
mandree |
devel/json-c: CVE-2020-12762 integer overflow, out of bounds write
Reported by: Daniel Engberg
Security: abc3ef37-95d4-11ea-9004-25fadb81abf4
Security: CVE-2020-12762 |
13 May 2020 20:44:18
1.1_4
|
sunpoet |
Document typo3 vulnerability |
13 May 2020 15:16:46
1.1_4
|
gordon |
Add proper links for the html output of vuln.xml.
Add freebsdsa as a proper type.
Correct link to CVEs.
Reviewed by: gjb, joneum
Approved by: ports-secteam (joneum)
Differential Revision: https://reviews.freebsd.org/D24824 |
12 May 2020 18:37:02
1.1_4
|
gordon |
Add data for today's SA batch.
Approved by: so |
09 May 2020 16:02:59
1.1_4
|
novel |
security/vuxml: log www/qutebrowser CVE-2020-11054 |
09 May 2020 10:08:14
1.1_4
|
wen |
- Document python27 CVE-2019-18348 |
09 May 2020 08:23:42
1.1_4
|
joneum |
add entry for www/glpi
PR: 244971
Sponsored by: Netzkommune GmbH |
07 May 2020 19:56:01
1.1_4
|
mandree |
mail/mailman: extend content injection vuln via private archive login
This led up to mailman 2.1.33 today.
https://bugs.launchpad.net/mailman/+bug/1877379
https://launchpadlibrarian.net/478684932/private.diff
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
Approved by: ports-secteam@ (blanket for security fixes)
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
06 May 2020 23:26:49
1.1_4
|
leres |
security/vuxml: Mark zeek < 3.0.6 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
Various issues including buffer over-reads, uninitialized field
access, memory leak, and stack overflows. |
06 May 2020 15:02:40
1.1_4
|
salvadore |
security/vuxml: Update discovery date for CVE-2020-1730
Update discovery date for CVE-2020-1730 based on information obtained from
the libssh team.
Approved by: gerald (mentor) |
06 May 2020 05:14:42
1.1_4
|
sunpoet |
Document wagtail vulnerability |
05 May 2020 22:55:22
1.1_4
|
mandree |
Permit mail/mailman vulnerability to be fixed in 2.1.30_3 already
...not in 2.1.31 only. We can't just easily backport 2.1.31 to 2020Q2.
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
05 May 2020 17:51:49
1.1_4
|
mandree |
new mailman < 2.1.31 content injection vulnerability
similar to CVE-2018-13796 (not sure if they'll reuse that no. so
not including in Security: tags below)
https://bugs.launchpad.net/mailman/+bug/1873722
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
05 May 2020 05:32:48
1.1_4
|
fjoe |
Fix version range for 97fcc60a-6ec0-11ea-a84a-4c72b94353b5:
phpMyAdmin 4.9.5 is not vulnerable
PR: 245096 |
04 May 2020 23:23:15
1.1_4
|
dbaio |
security/vuxml: Document net-mgmt/cacti issue
PR: 246164
Submitted by: Michael Muenz <m.muenz@gmail.com>
Security: CVE-2020-7106 |
03 May 2020 21:28:58
1.1_4
|
pi |
security/vuxml: add squid 4.10 CVEs
PR: 245433
Submitted by: Michael Muenz <m.muenz@gmail.com> |
03 May 2020 07:46:28
1.1_4
|
tcberner |
Document audio/taglib vulnerability |
01 May 2020 09:44:40
1.1_4
|
mfechner |
Documented gitlab vulnerabilities. |
29 Apr 2020 22:31:08
1.1_4
|
dbaio |
security/vuxml: Add other flavors of py-yaml |
29 Apr 2020 18:48:51
1.1_4
|
tcberner |
Document multimedia/vlc vulnerabilities
Security: CVE-2019-19721 CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077
CVE-2020-6078 CVE-2020-6079 |
29 Apr 2020 15:03:41
1.1_4
|
timur |
Add an entry about CVE-2020-10700, CVE-2020-10704 in samba410 and 411.
Security: CVE-2020-10700
CVE-2020-10704 |
29 Apr 2020 06:08:20
1.1_4
|
fluffy |
net/ceph14: document CVE-2020-1759, CVE-2020-1760 |
29 Apr 2020 01:35:22
1.1_4
|
delphij |
Document OpenLDAP CVE-2020-12243.
PR: 213895
Submitted by: rob2g2 <spam123 bitbert com> |
27 Apr 2020 19:47:27
1.1_4
|
jpaetzel |
Add entry for py-yaml vulnerability |
26 Apr 2020 17:39:27
1.1_4
|
dbaio |
security/vuxml: Document www/py-bleach issue
PR: 245943
Security: CVE-2020-6817 |
23 Apr 2020 12:25:39
1.1_4
|
brnrd |
security/vuxml: MySQL Server 2020Q2 vulnerabilities |
23 Apr 2020 12:23:50
1.1_4
|
brnrd |
security/vuxml: MySQL client 2020Q2 vulnerabilities |
23 Apr 2020 11:48:08
1.1_4
|
brnrd |
security/vuxml: Register Nextcloud vulnerabilities |
23 Apr 2020 01:17:13
1.1_4
|
dbaio |
security/vuxml: Document lang/python issue
PR: 245819
Security: CVE-2020-8492 |
22 Apr 2020 21:33:18
1.1_4
|
sunpoet |
Document wagtail vulnerability |
22 Apr 2020 20:29:14
1.1_4
|
gordon |
11.3 isn't vulenrable to the recent OpenSSL vulnerability.
Approved by: so
X-Pointy-Hat to: gordon |
22 Apr 2020 20:02:55
1.1_4
|
leres |
security/vuxml: Restore openssl port version range to the 2020-04-21 entry
I tested that this passes "make validate" and correctly flags
openssl-1.1.1f,1 as vulnerable.
Approved by: gjb |
22 Apr 2020 11:11:17
1.1_4
|
gjb |
Revert r532466, adding back 'FreeBSD' to the topic.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
22 Apr 2020 11:09:17
1.1_4
|
gjb |
The vuxml build is now fixed. Remove the 'ignore' block and its
contents.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
22 Apr 2020 11:07:32
1.1_4
|
gjb |
Comment the second name tag, which I believe is what is causing the
vuxml build to fail. If I am wrong, I will revert this commit.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
22 Apr 2020 11:03:50
1.1_4
|
gjb |
Um, ok. Third attempt to try to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
22 Apr 2020 10:44:59
1.1_4
|
gjb |
Attempt number 2 to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
22 Apr 2020 10:36:57
1.1_4
|
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
22 Apr 2020 09:38:05
1.1_4
|
brnrd |
security/vuxml: Fix OpenSSL port commit |
22 Apr 2020 08:20:12
1.1_4
|
brnrd |
security/vuxml: Mark OpenSSL 1.1.1f from ports vulnerable too |
21 Apr 2020 19:48:03
1.1_4
|
sunpoet |
Document libntlm vulnerability |
21 Apr 2020 18:29:59
1.1_4
|
gordon |
Add new entries for SA-20:10 and SA-20:11. |
21 Apr 2020 12:25:01
1.1_4
|
dbaio |
security/vuxml: Document devel/py-twisted vulnerabilities
PR: 245252
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Reported by: contact@evilham.com |
19 Apr 2020 12:58:21
1.1_4
|
salvadore |
security/vuxml: Add CVE-2020-1730 affecting security/libssh
Approved by: gerald (mentor)
Differential Revision: https://reviews.freebsd.org/D24377 |
18 Apr 2020 11:35:25
1.1_4
|
kwm |
Document webkit2-gtk3 vulnability |
18 Apr 2020 04:13:41
1.1_4
|
acm |
- Add www/drupal8 entry |
17 Apr 2020 22:29:36
1.1_4
|
bofh |
sysutils/ansible*: Add multiple Vulnerabilities
- Add vuxml entry for CVE-2020-1737, CVE-2020-1739 and CVE-2020-1740
Security: CVE-2020-1737
Security: CVE-2020-1739
Security: CVE-2020-1740 |
16 Apr 2020 16:16:25
1.1_4
|
rene |
Document new vulnerabilities in www/chromium < 81.0.4044.113
Obtained from: Google Chrome Releases |
16 Apr 2020 09:32:25
1.1_4
|
mandree |
document security/openvpn{,-mbedtls,-devel} illegal client float DoS
URL: https://community.openvpn.net/openvpn/ticket/1272
Reported by: Lev Stipakov
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f |
15 Apr 2020 13:30:03
1.1_4
|
tijl |
Document Mbed TLS CVE-2020-10932.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 |
15 Apr 2020 06:21:20
1.1_4
|
mfechner |
Document gitlab vulnerabilities. |
14 Apr 2020 20:53:37
1.1_4
|
leres |
security/vuxml: Mark zeek < 3.0.4 as vulnerable as per:
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
An attacker can crash Zeek remotely via crafted packet sequence via
a stack overflow in POP3 analyzer. |
12 Apr 2020 10:06:00
1.1_4
|
rene |
Document new vulnerabilities in www/chromium < 81.0.4044.92 |
02 Apr 2020 19:32:40
1.1_4
|
rene |
Document partial new vulnerabilities in www/chromium < 80.0.3987.162 |
02 Apr 2020 18:12:58
1.1_4
|
flo |
Add an entry for the HAproxy vulnerability announced today. The ports have
already been fixed.
PR: 245282
Discussed with: demon |
02 Apr 2020 12:21:59
1.1_4
|
sunpoet |
Fix rubygem-json entry (40194e1c-6d89-11ea-8082-80ee73419af3)
rubygem-json 2.3.0 was erroneously marked as vulnerable.
% cd /usr/ports/devel/rubygem-json
% make fetch
===> rubygem-json-2.3.0 has known vulnerabilities:
rubygem-json-2.3.0 is vulnerable:
rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix)
CVE: CVE-2020-10663
WWW: https://vuxml.FreeBSD.org/freebsd/40194e1c-6d89-11ea-8082-80ee73419af3.html
1 problem(s) in 1 installed package(s) found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make: stopped in /usr/ports/devel/rubygem-json |
02 Apr 2020 07:23:32
1.1_4
|
joneum |
Add entry for Apache 2.4
Sponsored by: Netzkommune GmbH |
01 Apr 2020 22:06:18
1.1_4
|
woodsb02 |
Document multiple vulnerabilities in net-mgmt/cacti < 1.2.10
PR: 245205
Submitted by: Michael Muenz <m.muenz@gmail.com> |
31 Mar 2020 15:52:42
1.1_4
|
tijl |
Add entry for GNUTLS-SA-2020-03-31 (flaw in DTLS).
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 |
29 Mar 2020 19:50:00
1.1_4
|
girgen |
Fix validation error |
29 Mar 2020 19:46:16
1.1_4
|
girgen |
Add vuxml entry for CVE-2020-1720 |
27 Mar 2020 13:48:12
1.1_4
|
wen |
- Document mediawiki's multiple vulnerabilities |
26 Mar 2020 20:43:10
1.1_4
|
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
26 Mar 2020 20:27:30
1.1_4
|
mfechner |
Document gitlab vulnerabilities. |
26 Mar 2020 04:40:23
1.1_4
|
meta |
security/vuxml: Document CVE-2020-10663 (devel/rubygem-json)
PR: 245023 |
25 Mar 2020 18:25:15
1.1_4
|
lwhsu |
Document Jenkins Security Advisory 2020-03-25
Sponsored by: The FreeBSD Foundation |
25 Mar 2020 17:59:50
1.1_4
|
joneum |
Add entry for phpmyadmin
Sponsored by: Netzkommune GmbH |
23 Mar 2020 17:34:41
1.1_4
|
romain |
Add details for two Puppet-related CVEs |
19 Mar 2020 18:00:34
1.1_4
|
gordon |
Add details for today's SAs.
Approved by: so |
18 Mar 2020 07:23:22
1.1_4
|
koobs |
security/vuxml: Add www/py-bleach entry |
15 Mar 2020 22:31:28
1.1_4
|
leres |
security/vuxml: Mark zeek < 3.0.3 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/9dda3602a760f00d9532c6314ea79108106033fa/NEWS
There are a number of potential denial of service issues due to
memory leaks, buffer overflows, and a null pointer dereference.
Approved by: matthew (mentor, implicit) |
13 Mar 2020 05:48:23
1.1_4
|
tcberner |
scurity/vuxml: fix range |
13 Mar 2020 05:39:12
1.1_4
|
tcberner |
Document security issue in graphics/okular
https://kde.org/info/security/advisory-20200312-1.txt:
Overview
========
Okular can be tricked into executing local binaries via specially crafted
PDF files.
This binary execution can require almost no user interaction.
No parameters can be passed to those local binaries.
We have not been able to identify any binary that will cause actual damage,
be it in the hardware or software level, when run without parameters. (Only the first 15 lines of the commit message are shown above  ) |
12 Mar 2020 10:05:33
1.1_4
|
mfechner |
Document gitlab-ce vulnerability. |
12 Mar 2020 01:31:29
1.1_4
|
wen |
- Document django's potential SQL injection vulnerability |
11 Mar 2020 10:58:20
1.1_4
|
decke |
Document py-matrix-synapse vulnerabilities
PR: 244279
Submitted by: Sascha Biberhofer <ports@skyforge.at> |
09 Mar 2020 21:54:54
1.1_4
|
bhughes |
security/vuxml: document recent Node.js vulnerabilities
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
While here, fix errors from `make validate` for the preceeding gitea
vulnerabilities.
Sponsored by: Miles AS |
07 Mar 2020 20:25:52
1.1_4
|
adamw |
Fix closing tag
Reported by: joneum |
07 Mar 2020 18:31:08
1.1_4
|
adamw |
Add entry for www/gitea
PR: 244025
Submitted by: maintainer |
07 Mar 2020 00:41:13
1.1_4
|
woodsb02 |
Document vulnerability in sysutils/py-salt
PR: 243908
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2019-17361 |
06 Mar 2020 07:25:43
1.1_4
|
mfechner |
Documment gitlab vulnerabilities. |
04 Mar 2020 15:23:15
1.1_4
|
cy |
Document the latest nwtime.org ntp security advisory found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele
No CVEs have been documented yet.
Security: http://support.ntp.org/bin/view/Main/NtpBug3610
http://support.ntp.org/bin/view/Main/NtpBug3596
http://support.ntp.org/bin/view/Main/NtpBug3592 |
02 Mar 2020 18:32:07
1.1_4
|
kwm |
Document librsvg2 vulnabilities.
Security: CVE-2019-20446 |
02 Mar 2020 08:56:46
1.1_4
|
0mp |
Document some audio/timidity++* vulnerabilities
PR: 244429
Reported by: pi
Security: CVE-2017-11546
Security: CVE-2017-11547
Security: CVE-2017-11549 |
29 Feb 2020 09:59:14
1.1_4
|
mfechner |
Document apache-solr vulnerabilities. |
As an Amazon Associate I earn from qualifying purchases.
