Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_6 01 Feb 2023 19:04:19
    |
Craig Leres (leres)  |
security/vuxml: Mark zeek < 5.0.6 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.6
This release fixes the following potential DoS vulnerabilities:
- A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
- Receiving a series of packets that start with HTTP/1.0 and then
switch to HTTP/0.9 could cause Zeek to spend a large amount of
time processing the packets.
- Receiving large numbers of FTP commands sequentially from the
network with bad data in them could cause Zeek to spend a large
amount of time processing the packets, and generate a large
amount of events.
Reported by: Tim Wojtulewicz |
1.1_6 01 Feb 2023 05:02:56
    |
Matthias Fechner (mfechner)  |
security/vuxml: document gitlab vulnerabilities |
1.1_6 30 Jan 2023 11:28:30
    |
Nuno Teixeira (eduardo)  |
security/vuxml: Document CVE-2021-42835 for
multimedia/plexmediaserver{-plexpass} < 1.25.0
PR: 269226
Reported by: grahamperrin |
1.1_6 30 Jan 2023 10:26:13
    |
Fernando Apesteguía (fernape)  |
security/vuxml: add net-mgmt/prometheus basic authentication bypass
CVE-2022-46146
PR: 269153
Reported by: dor.bsd@xm0.uk (maintainer) |
1.1_6 25 Jan 2023 11:35:34
    |
Rene Ladan (rene)  |
security/vuxml: add www/*chromium < 109.0.5414.119
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html |
1.1_6 25 Jan 2023 08:11:56
    |
Nuno Teixeira (eduardo)  |
security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0
PR: 269147
Reported by: grahamperrin |
1.1_6 24 Jan 2023 20:37:23
    |
Florian Smeets (flo)  Author: Stefan Bethke |
security/vuxml: Record gitea vulnerability
PR: 269131 |
1.1_6 24 Jan 2023 06:46:41
    |
Fernando Apesteguía (fernape)  Author: Ralf van der Enden |
security/vuxml: register dns/powerdns-recursor vulnerability
CVE-2023-22617
PR: 269116 |
1.1_6 23 Jan 2023 13:20:06
    |
Fernando Apesteguía (fernape)  |
security/vuxml: register net/krill DoS vulnerability
CVE-2023-0158
PR: 269050 |
1.1_6 23 Jan 2023 13:08:45
    |
Fernando Apesteguía (fernape)  |
security/vuxml: register www/awstats vulnerability
PR: 269051 |
1.1_6 23 Jan 2023 12:55:09
    |
Fernando Apesteguía (fernape)  |
security/vuxml: register net/eternalterminal vulnerabilities
CVE-2022-48257 and CVE-2022-48258
PR: 269079 |
1.1_6 23 Jan 2023 12:42:21
    |
Fernando Apesteguía (fernape)  |
security/vuln: Fix file
It didn't pass `make validate`. |
1.1_6 21 Jan 2023 22:42:45
    |
Alan Somers (asomers)  |
security/vuxml: register shells/fish vulnerability
Arbitrary code execution if the attacker can convince the user to cd to
a directory the attacker controls.
CVE-2022-20001
PR: 263506 |
1.1_6 21 Jan 2023 21:48:04
    |
Bernard Spil (brnrd)  |
security/vuxml: Document 2023Q1 MySQL vulns |
1.1_6 20 Jan 2023 22:06:35
    |
Florian Smeets (flo)  |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_6 19 Jan 2023 02:29:32
    |
Yasuhiro Kimura (yasu)  |
security/vuxml: Document multiple vulnerabilities in rack |
1.1_6 18 Jan 2023 04:42:20
    |
Yasuhiro Kimura (yasu)  |
security/vuxml: Add redis6 as affecting package to
5fa68bd9-95d9-11ed-811a-080027f5fec9 |
1.1_6 17 Jan 2023 20:16:54
    |
Bernard Spil (brnrd)  |
security/vuxml: Document www/apache24 vulnerabilities |
1.1_6 17 Jan 2023 00:39:26
    |
Yasuhiro Kimura (yasu)  |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6 16 Jan 2023 13:28:27
    |
Fernando Apesteguía (fernape)  |
security/vuxml: register security/keycloak vulnerability
Two Xstream related CVEs that might cause a DoS attack:
* CVE-2022-40151
* CVE-2022-41966
PR: 268939 |
1.1_6 14 Jan 2023 13:05:20
    |
Rene Ladan (rene)  |
security/vuxml: add security/tor < 0.4.7.13 for TROVE-2022-002
Obtained from: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730 |
1.1_6 13 Jan 2023 15:56:28
    |
Dan Langille (dvl)  |
security/vuxml: Correct range for devel/viewvc-devel
Changing a - to a . in the version
PR: 268754 |
1.1_6 13 Jan 2023 01:29:00
    |
Yasuhiro Kimura (yasu)  |
security/vuxml: Document arbitary shell command execution vulnerability in Emacs |
1.1_6 11 Jan 2023 17:48:22
    |
Fernando Apesteguía (fernape)  |
security/vuxml: cassandra3 multiple vulnerabilities
CVE-2022-42003
CVE-2022-4200
CVE-2022-25857
CVE-2019-2684
CVE-2020-7238
CVE-2022-24823
CVE-2021-44521
CVE-2015-0886
PR: 267624 |
1.1_6 11 Jan 2023 15:38:34
    |
Jan Beich (jbeich)  |
security/vuxml: mark xorg-server < 21.1.5,1 as vulnerable |
1.1_6 11 Jan 2023 12:38:13
    |
Matthias Fechner (mfechner)  |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_6 10 Jan 2023 19:46:56
    |
Rene Ladan (rene)  |
security/vuxml: add www/*chromium < 109.0.5414.74
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html |
1.1_6 09 Jan 2023 10:15:47
    |
Li-Wen Hsu (lwhsu)  Author: Michael Glaus |
security/vuxml: Fix `make validate`
PR: 268837 |
1.1_6 09 Jan 2023 10:11:42
    |
Li-Wen Hsu (lwhsu)  Author: Michael Glaus |
security/vuxml: Add 2023 to the main XML file
PR: 268837 |
1.1_6 05 Jan 2023 19:34:06
    |
Fernando Apesteguía (fernape)  |
security/vuxml: Add net-mgmt/cacti vulnerability
A command injection vulnerability allows an unauthenticated user to execute
arbitrary code on a server running Cacti, if a specific data source was selected
for any monitored device.
PR: 268742 |
1.1_6 05 Jan 2023 19:08:43
    |
Dan Langille (dvl)  |
security/vuxml: amend entry adding CVE-2023-22456 in devel/viewvc-devel
PR: 268754
Security: CVE-2023-22456 |
1.1_6 05 Jan 2023 17:28:58
    |
Dan Langille (dvl)  |
security/vuxml: add an entry for CVE-2023-22464 in devel/viewvc-devel
Security: CVE-2023-22464 |
1.1_6 03 Jan 2023 11:12:27
    |
Thierry Thomas (thierry)  |
security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode
Security: CVE-2022-4170 |
1.1_6 02 Jan 2023 03:37:26
    |
Li-Wen Hsu (lwhsu)  Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268667 |
1.1_6 29 Dec 2022 13:11:38
    |
Wen Heping (wen)  |
security/vuxml: Remove the uncorrect <cvsname> line in my previous commit |
1.1_6 29 Dec 2022 11:22:22
    |
Nuno Teixeira (eduardo)  |
security/vuxml: Document Webtrees vulnerability
PR: 267466 |
1.1_6 29 Dec 2022 03:42:17
    |
Wen Heping (wen)  |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6 28 Dec 2022 00:06:50
    |
Ben Woods (woodsb02)  |
security/vuxml: Document Netdata multiple vulnerabilities |
1.1_6 24 Dec 2022 15:48:09
    |
Nuno Teixeira (eduardo)  |
security/vuxml: Document FreeRDP multiple vulnerabilities
PR: 268539 |
1.1_6 23 Dec 2022 08:38:15
    |
Nuno Teixeira (eduardo)  Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268512 |
1.1_6 23 Dec 2022 04:03:22
    |
Graham Perrin (grahamperrin)  |
VuXML: fix typo in 2021 entry for accountsservice
Fixes: d227a2fea96e Document accountsservice vulnerability
Approved by: ports-secteam (riggs)
Differential revision: https://reviews.freebsd.org/D37721 |
1.1_6 17 Dec 2022 09:22:47
    |
Wen Heping (wen)  |
security/vuxml: Document typo3 multiple vulnerabilities |
1.1_6 14 Dec 2022 10:13:11
    |
Rene Ladan (rene)  |
security/vuxml: add www/*chromium < 108.0.5359.124
Obtained
from: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html |
1.1_6 14 Dec 2022 01:32:19
    |
Yasuhiro Kimura (yasu)  |
security/vuxml: Document multiple vulnerabilities in cURL. |
1.1_6 13 Dec 2022 18:51:16
    |
Florian Smeets (flo)  |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_6 10 Dec 2022 18:42:39
    |
Thomas Zander (riggs)  |
security/vuxml: Document vulnerabilities in net/traefik |
1.1_6 10 Dec 2022 18:42:38
    |
Thomas Zander (riggs)  |
security/vuxml: Make `make validate` pass again |
1.1_6 10 Dec 2022 14:07:46
    |
Koichiro Iwao (meta)  |
security/vuxml: Document multiple xrdp vulnerabilities
Obrained from: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21 |
1.1_6 08 Dec 2022 15:02:31
    |
Wen Heping (wen)  |
security/vuxml: Document python3[7-9] multiple vulnerabilities |
1.1_6 07 Dec 2022 14:54:30
    |
Wen Heping (wen)  |
security/vuxml: Document python310 multiple vulnerabilities |
1.1_6 07 Dec 2022 14:25:15
    |
Wen Heping (wen)  |
security/vuxml: Document python-3.11 vulnerabilities |
1.1_6 06 Dec 2022 21:14:44
    |
Dmitri Goutnik (dmgk)  |
security/vuxml: Document Go vulnerabilities |
1.1_6 06 Dec 2022 15:13:19
    |
Yasuhiro Kimura (yasu)  |
security/vuxml: Adjust range of 84ab03b6-6c20-11ed-b519-080027f5fec9
Vulnerability of Ruby 3.2 is fixed with 3.2.0-rc1. |
1.1_6 03 Dec 2022 11:50:10
    |
Rene Ladan (rene)  |
security/vuxml: add www/*chromium < 108.0.5359.94
Obtained
from: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html |
1.1_6 01 Dec 2022 14:03:36
    |
Rodrigo Osorio (rodrigo)  |
security/vuxml: Record rpm4 vulnerability.
Add multiple CVE fixed in latest rpm4 version.
PR: 267291 |
1.1_6 01 Dec 2022 11:28:32
    |
Fernando Apesteguía (fernape)  |
security/vuxml: Record grafana9 vulnerability.
Add privilege escalation for CVE-2022-31097.
PR: 268078 |
1.1_6 01 Dec 2022 05:18:14
    |
Matthias Fechner (mfechner)  |
security/vuxml: document gitlab vulnerabilities |
1.1_6 30 Nov 2022 12:14:44
    |
Rene Ladan (rene)  |
security/vuxml: add www/chromium < 108.0.5359.71
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html |
1.1_6 25 Nov 2022 10:16:29
    |
Rene Ladan (rene)  |
security/vuxml: add www/chromium < 107.0.5304.121
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html |
1.1_6 25 Nov 2022 01:57:40
    |
Yasuhiro Kimura (yasu)  |
security/vuxml: Document HTTP response splitting vulnerability in rubygem-cgi |
1.1_6 24 Nov 2022 18:09:45
    |
Craig Leres (leres)  |
security/vuxml: Mark zeek < 5.0.4 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.4
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of HTTP 0.9 packets can cause Zeek
to spend large amounts of time processing the packets.
- A specially-crafted FTP packet can cause Zeek to spend large
amounts of time processing the command.
- A specially-crafted IPv6 packet can cause Zeek to overflow memory
and potentially crash.
Reported by: Tim Wojtulewicz |
1.1_6 24 Nov 2022 16:14:42
    |
Fernando Apesteguía (fernape)  |
security/vuxml: Add multiple CVEs for advancecomp
PR: 267937 |
1.1_6 22 Nov 2022 03:53:57
    |
Ashish SHUKLA (ashish)  |
security/vuxml: Document vulnerability for security/tailscale |
1.1_6 18 Nov 2022 21:57:50
    |
Nuno Teixeira (eduardo)  |
security/vuxml: Document Apache Tomcat vulnerability
* CVE-2022-42252 Apache Tomcat - Request Smuggling
PR: 266984 |
1.1_6 17 Nov 2022 19:07:10
    |
Cy Schubert (cy)  |
security/vuxml: Add the krb5 1.19 vulnerable range |
1.1_6 15 Nov 2022 19:27:34
    |
Rene Ladan (rene)  |
security/vuxml: re-organize port
- move vuln-YYYY.xml files into vuln/ as just YYYY.xml
- this prevents problems with the new check_files hook when 2023 arrives. |
1.1_5 15 Nov 2022 18:27:45
    |
Cy Schubert (cy)  |
security/vuxml: Document CVE-2022-42898
Document MIT krb5 Security Advisory 2022-001: integer overflow
vulnerabilities in PAC parsing |
1.1_5 13 Nov 2022 00:18:39
    |
Nuno Teixeira (eduardo)  Author: Boris Korzun |
security/vuxml: Document Grafana multiple vulnerabilities
* CVE-2022-31123 - Plugin signature bypass
* CVE-2022-31130 - Data source and plugin proxy endpoints leaking
authentication tokens to some destination plugins
* CVE-2022-39201 - Data source and plugin proxy endpoints leaking
authentication tokens to some destination plugins
* CVE-2022-39229 - Improper authentication
* CVE-2022-39306 - Privilege escalation
* CVE-2022-39307 - Username enumeration
* CVE-2022-39328 - Privilege escalation (Critical)
https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/
https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/
PR: 267728 |
1.1_5 12 Nov 2022 13:43:56
    |
Danilo G. Baio (dbaio)  |
security/vuxml: Add devel/ipython issue
PR: 265082 |
1.1_5 11 Nov 2022 15:26:34
    |
Florian Smeets (flo)  |
security/vuxml: Document phpMyFAQ vulnerabilities |
1.1_5 10 Nov 2022 00:07:24
    |
Danilo G. Baio (dbaio)  |
security/vuxml: Add varnish cache security issues |
1.1_5 09 Nov 2022 10:55:59
    |
Rene Ladan (rene)  |
security/vuxml: add www/chromium < 107.0.5304.110
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html |
1.1_5 09 Nov 2022 01:08:16
    |
Craig Leres (leres)  |
security/vuxml: Mark zeek < 5.0.3 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.3
This release fixes the following potential DoS vulnerabilities:
- Fix an issue where a specially-crafted FTP packet can cause Zeek
to spend large amounts of time attempting to search for valid
commands in the data stream.
- Fix a possible overflow in the Zeek dictionary code that may
lead to a memory leak.
- Fix an issue where a specially-crafted packet can cause Zeek to
spend large amounts of time reporting analyzer violations. (Only the first 15 lines of the commit message are shown above ) |
1.1_5 08 Nov 2022 16:30:57
    |
Fernando Apesteguía (fernape)  |
security/vuxml: register darkhttpd DoS vulnerability
PR: 267507
Reported by: Henrich Hartzer <henrichhartzer@tuta.io>
Security: CVE-2020-25691 |
1.1_5 08 Nov 2022 00:18:23
    |
Cy Schubert (cy)  |
security/vuxml: Document sudo CVE-2022-43995
Document a potential out-of-bounds write for passwords smaller than
eight bytes when crypt() is used.
PR: 267617
Security: CVE-2022-43995 |
1.1_5 05 Nov 2022 06:05:05
    |
Matthias Fechner (mfechner)  |
security/vuxml: document gitlab vulnerabilities |
1.1_5 04 Nov 2022 08:51:02
    |
Emmanuel Vadot (manu)  |
security/vuxml: Document pixman heap overflow
Document CVE-2022-44638
Sponsored by: Beckhoff Automation GmbH & Co. KG |
1.1_5 02 Nov 2022 17:29:02
    |
Dmitri Goutnik (dmgk)  |
security/vuxml: Document Go vulnerability |
1.1_5 01 Nov 2022 17:22:42
    |
Bernard Spil (brnrd)  |
security/vuxml: Document OpenSSL 3.0 vulnerabilities |
1.1_5 30 Oct 2022 18:14:10
    |
Bernard Spil (brnrd)  |
security/vuxml: Document Q4 MySQL vulnerabilities |
1.1_5 28 Oct 2022 18:02:52
    |
Rene Ladan (rene)  |
security/vuxml: add www/chromium < 107.0.5304.87
Obtained
from: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html |
1.1_5 25 Oct 2022 23:54:44
    |
Timur I. Bakeyev (timur)  |
security/vuxml: add entry for CVE-2022-3437
There is a limited write heap buffer overflow in the GSSAPI unwrap_des()
and unwrap_des3() routines of Heimdal (included in Samba). |
1.1_5 25 Oct 2022 20:05:50
    |
Rene Ladan (rene)  |
security/vuxml: Add www/*chromium < 107.0.5304.68
Obtained
from: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html |
1.1_5 23 Oct 2022 13:35:49
    |
Thomas Zander (riggs)  Author: Pau Amma |
security/vuxml: Document vulnerability in libudisks
PR: 267281
Reviewed by: riggs |
1.1_5 21 Oct 2022 10:14:20
    |
Florian Smeets (flo)  |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_5 20 Oct 2022 11:00:58
    |
Wen Heping (wen)  |
security/vuxml: Document Python multiple vulnerabilities |
1.1_5 19 Oct 2022 13:53:38
    |
Sergey A. Osokin (osa)  |
security/vuxml: document nginx vulnerabilities
Document CVE-2022-41741, CVE-2022-41742 |
1.1_5 18 Oct 2022 18:13:21
    |
Renato Botelho (garga)  |
security/vuxml: Document git vulnerabilities
Document CVE-2022-39253 and CVE-2022-39260
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5 18 Oct 2022 07:53:34
    |
Bernard Spil (brnrd)  |
security/vuxml: Document OpenSSL 3.0 vuln |
1.1_5 15 Oct 2022 22:22:08
    |
Nuno Teixeira (eduardo)  Author: Stefan Bethke |
security/vuxml: Document Gitea vulnerabilities
PR: 267106 |
1.1_5 12 Oct 2022 20:01:26
    |
Nuno Teixeira (eduardo)  |
security/vuxml: Format 0d1d2c1 text |
1.1_5 12 Oct 2022 19:37:18
    |
Nuno Teixeira (eduardo)  |
security/vuxml: Fix malformed CVE
Fix malformed cvename entry by removing this tag since there is no CVE
for this security issue committed in 0d1d2c1 |
1.1_5 12 Oct 2022 12:33:28
    |
Nuno Teixeira (eduardo)  |
security/vuxml: Add mail/roundcube-thunderbird_labels vulnerabilities
PR: 266986 |
1.1_5 12 Oct 2022 10:23:11
    |
Rene Ladan (rene)  |
security/vuxml: add www/*chromium < 106.0.5249.119
Obtained
from: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html |
1.1_5 11 Oct 2022 05:26:58
    |
Yasuhiro Kimura (yasu)  |
security/vuxml: Document multiple vulnerabilities in Samba |
1.1_5 10 Oct 2022 12:21:57
    |
Fernando Apesteguía (fernape)  Author: rob2g2 |
security/strongswan: Document DOS vulnerability
ChangeLog:
https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
PR: 266938
Reported by: rob2g2-freebsd@bitbert.com
Security: CVE-2022-40617 |
1.1_5 07 Oct 2022 15:45:00
    |
Fernando Apesteguía (fernape)  Author: Jaap Akkerhuis |
net/routinator: Add net/routinator CVE
Recent versions of Routinator contain a problem that causes Routinator to
exit if it encounters invalid data in RRDP snapshot or delta files.
Details: https://nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt
PR: 266865
Reported by: jaap@NLnetLabs.nl |
1.1_5 07 Oct 2022 01:43:31
    |
Li-Wen Hsu (lwhsu)  |
security/vuxml: Improve the description of c2a89e8f-44e9-11ed-9215-00e081b7aa2d
Suggested by: joneum |
1.1_5 06 Oct 2022 12:57:04
    |
Wen Heping (wen)  |
security/vuxml: Document Django multiple vulnerabilities |
1.1_5 06 Oct 2022 01:38:02
    |
Dan Langille (dvl)  |
security/vuxml: Fix broken tags |