| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_5
19 Jan 2021 20:47:00
   |
jrm  |
security/vuxml: Document vulnerability in cloud-init version 20.4
https://bugs.launchpad.net/cloud-init/+bug/1911680
Reported by: Mina Galic <me@igalic.co> |
1.1_5
18 Jan 2021 08:21:27
|
lwhsu |
Document CVE-2020-25074 and CVE-2020-15275 for www/moinmoin |
1.1_5
17 Jan 2021 22:23:34
|
0mp |
Document ghostscript9-agpl-base vulnerability committed in r544907
PR: 248580
Requested by: joneum (ports-secteam)
Reported by: VVD <vvd@unislabs.com>
MFH: 2021Q1
Security: CVE-2020-15900 |
1.1_5
14 Jan 2021 20:37:35
|
bhughes |
security/vuxml: document Node.js January 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
Sponsored by: Miles AS |
1.1_5
14 Jan 2021 12:03:01
|
mfechner |
Document gitlab vulnerability. |
1.1_5
14 Jan 2021 07:30:32
|
riggs |
Document integer overflow in wavpack (CVE-2020-35738). |
1.1_5
13 Jan 2021 17:32:00
|
lwhsu |
Document Jenkins Security Advisory 2021-01-13
Sponsored by: The FreeBSD Foundation |
1.1_5
12 Jan 2021 21:20:08
|
flo |
Document phpmyfaq vulnerability |
1.1_5
12 Jan 2021 04:27:21
|
cy |
Document sudo CVE-2021-23239. |
1.1_5
10 Jan 2021 08:26:39
|
sunpoet |
Document cairosvg vulnerability |
1.1_5
09 Jan 2021 20:06:20
|
mfechner |
Document gitlab vulnerabilities. |
1.1_5
07 Jan 2021 15:09:22
|
rene |
Document new vulnerabilities in www/chromium < 87.0.4280.141
Obtained
from: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html |
1.1_5
06 Jan 2021 14:11:35
|
pi |
security/vuxml: add dovecot CVE-2020-24386
PR: 252415
Submitted by: Evilham <contact@evilham.com>
Relnotes: https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html |
1.1_5
01 Jan 2021 16:05:45
|
adamw |
security/vuxml: Add entry for gitea < 1.13.1
PR: 252310
Submitted by: maintainer |
1.1_5
01 Jan 2021 04:31:37
|
jrm |
Document inspircd vulnerabilitiy
PR: 252291
Reported by: Sadie Powell <sadie@witchery.services> |
1.1_5
28 Dec 2020 13:15:58
|
riggs |
Document CVE-2020-0543 for Intel CPUs.
PR: 247197
Submitted by: spam123@bitbert.com |
1.1_5
22 Dec 2020 22:44:24
|
madpilot |
Document new asterisk vulnerabilities. |
1.1_5
22 Dec 2020 14:16:44
|
otis |
Document vulns for powerdns and postsrsd
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D27706 |
1.1_5
19 Dec 2020 13:16:16
|
riggs |
Correct entries for mantis and libX11 (missing PORTEPOCH in package string).
PR: 251168
Submitted by: zab@zltech.eu |
1.1_5
17 Dec 2020 21:09:37
|
swills |
Document vault issue |
1.1_5
15 Dec 2020 01:32:04
|
philip |
security/vuxml: Note FreeBSD 11.4 fix for CVE-2020-1971 |
1.1_5
13 Dec 2020 14:49:08
|
sunpoet |
Document jasper vulnerability |
1.1_5
13 Dec 2020 00:28:14
|
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 251768
Submitted by: contact@evilham.com
Security: CVE-2020-26257 |
1.1_5
12 Dec 2020 18:37:13
|
brnrd |
security/vuxml: Document p11-kit vulnerabilities |
1.1_5
12 Dec 2020 16:23:56
|
brnrd |
security/vuxml: Document Unbound/NSD vuln |
1.1_5
12 Dec 2020 15:38:35
|
brnrd |
security/vuxml: Update LibreSSL vuln
* for 2020Q4 branch which is on 3.1 |
1.1_5
11 Dec 2020 10:38:39
|
brnrd |
security/vuxml: Document LibreSSL vulnerability |
1.1_5
11 Dec 2020 10:32:08
|
fluffy |
security/vuxml: add 19 CVE entries related to www/glpi
PR: 251754
Submitted by: Mathias Monnerville |
1.1_5
10 Dec 2020 09:59:00
|
philip |
security/vuxml: FreeBSD 11.4 is vulnerable to CVE-2020-1971
As noted in FreeBSD-SA-20:33.openssl, this vulnerability is also known
to affect OpenSSL versions included in FreeBSD 11.4. However, the
OpenSSL project is only giving patches for that version to premium
support contract holders. The FreeBSD project does not have access to
these patches and recommends FreeBSD 11.4 users to either upgrade to
FreeBSD 12.x or leverage up to date versions of OpenSSL in the ports/pkg
system. The FreeBSD Project may update this advisory to include FreeBSD
11.4 should patches become publicly available. |
1.1_5
10 Dec 2020 06:02:22
|
philip |
security/vuxml: add FreeBSD SA to OpenSSL entry
Reference FreeBSD-SA-20:33.openssl and note the fixed patch releases in
the recent OpenSSL entry. |
1.1_5
09 Dec 2020 10:36:09
|
brnrd |
security/vuxml: cURL vulnerabilities |
1.1_5
08 Dec 2020 16:21:52
|
brnrd |
security/vuxml: Document OpenSSL NULL pointer dereference |
1.1_5
07 Dec 2020 23:53:41
|
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_5
06 Dec 2020 22:01:12
|
swills |
Document consul issue
PR: 251418
Submitted by: brd |
1.1_5
05 Dec 2020 11:43:31
|
rene |
Document new vulnerabilities in www/chromium < 87.0.4280.88 |
1.1_5
04 Dec 2020 17:26:41
|
zi |
- Unbreak build after previous commit |
1.1_5
04 Dec 2020 16:56:32
|
adamw |
security/vuxml: Add entry for gitea < 1.13.0
PR: 251577
Submitted by: maintainer |
1.1_5
02 Dec 2020 10:03:15
|
philip |
security/vuxml: add FreeBSD SA-20:32.rtsold |
1.1_5
02 Dec 2020 10:03:10
|
philip |
security/vuxml: add FreeBSD SA-20:31.icmp6 |
1.1_5
01 Dec 2020 19:37:28
|
zeising |
vuxml: document xorg-server vulnerabilities
Document new vulnerabilities in xorg-server and sub ports:
CVE-2020-14360 and CVE-2020-25712
These issues can lead to privileges elevations for authorized clients
on systems where the X server is running privileged. |
1.1_5
27 Nov 2020 00:34:50
|
brd |
vuxml: Add entry for nomad < 0.12.6 |
1.1_5
22 Nov 2020 15:48:55
|
adamw |
vuxml: Add entry for gitea < 1.12.6 |
1.1_5
21 Nov 2020 22:14:16
|
bhughes |
security/vuxml: document Node.js November 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
Sponsored by: Miles AS |
1.1_5
21 Nov 2020 14:41:33
|
riggs |
Document CVE-2020-28896 for mutt 2.0.2.
PR: 251278
Submitted by: dereks@lifeofadishwasher.com
Security: CVE-2020-28896 |
1.1_5
16 Nov 2020 11:13:15
|
fluffy |
VuXML: document mozjpeg and libjpeg-turbo recent vulnerabilities
PR: 250190
Submitted by: daniel.engberg.lists@pyret.net |
1.1_5
14 Nov 2020 21:02:17
|
pi |
security/vuxml: add entries for databases/mantis
PR: 251141
Submitted by: Zoltan Alexanderson Besse <zab@zltech.eu> |
1.1_5
12 Nov 2020 21:26:35
|
dmgk |
security/vuxml: Document lang/go vulnerabilities |
1.1_5
12 Nov 2020 06:14:51
|
rhurlin |
security/vuxml: New entry for sysutils/py-salt vulnerabilities
There are three security vulnerabilities described for sysutils/py-salt
in version 3002[1]: CVE-2020-16846, CVE-2020-17490, and VE-2020-25592.
[1] https://docs.saltstack.com/en/latest/topics/releases/3002.1.html
It is planned to update the port sysutils/py-salt soon, see PR 251013
Reported by: michael.glaus@hostpoint.ch (in PR 251013)
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D27189 |
1.1_5
10 Nov 2020 23:56:31
|
truckman |
Document vulnerability in editors/openoffice-4 < 4.1.8 and openoffice-devel
CVE-2020-13958 Unrestricted actions leads to arbitrary code execution
in crafted documents
A vulnerability in Apache OpenOffice scripting events allows an
attacker to construct documents containing hyperlinks pointing to
an executable on the target users file system. These hyperlinks can
be triggered unconditionally. In fixed versions no internal protocol
may be called from the document event handler and other hyperlinks
require a control-click.
<https://www.openoffice.org/security/cves/CVE-2020-13958.html> |
1.1_5
09 Nov 2020 17:08:12
|
tcberner |
Prefer graphics/ligvrsvg2-rust over graphics/librsvg2
- switch to the more modern version of librsvg2 on architectures
supporting rust
- this will fix some graphical issues on these architectures
PR: 250276
Exp-run by: antoine
Submitted by: tobik
Differential Revision: https://reviews.freebsd.org/D18878 |
1.1_4
09 Nov 2020 14:05:41
|
lwhsu |
Fix CVE name for 07c7ae7a-224b-11eb-aa6e-e0d55e2a8bf9
Sponsored by: The FreeBSD Foundation |
1.1_4
09 Nov 2020 05:28:06
|
tcberner |
Document vulnerability in textproc/raptor2
From [1], [2], [3]:
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML
writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
[2] https://www.debian.org/security/2020/dsa-4785
[3] https://www.openwall.com/lists/oss-security/2017/06/07/1
PR: 250971
Security: CVE-2017-18926 |
1.1_4
08 Nov 2020 12:47:38
|
dbaio |
security/vuxml: Document www/py-notebook issue
Fix open redirect vulnerability GHSA-c7vm-f5p4-8fqh (CVE to be assigned). |
1.1_4
07 Nov 2020 17:40:34
|
brnrd |
security/vuxml: Document addl. MariaDB vulns |
1.1_4
05 Nov 2020 22:38:13
|
madpilot |
Document asterisk vulnerabilities. |
1.1_4
03 Nov 2020 19:50:03
|
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.183
Obtained
from: https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html |
1.1_4
02 Nov 2020 20:23:35
|
mfechner |
Document gitlab vulnerabilities. |
1.1_4
02 Nov 2020 19:07:13
|
joneum |
Add entry for wordpress
Sponsored by: Netzkommune GmbH |
1.1_4
31 Oct 2020 21:26:52
|
timur |
Add an entry about recent Samba vulnerabilities
Security: CVE-2020-14318
CVE-2020-14323
CVE-2020-14383 |
1.1_4
31 Oct 2020 02:38:09
|
fluffy |
security/vuxml: Document stack overflow in tmux
PR: 250737 |
1.1_4
28 Oct 2020 10:25:25
|
fernape |
security/vuxml: Add entry for multimedia/motion
Follow up commit for 553525.
For some reason, "Use MHD function for url decoding" actually means fixing
CVE-2020-26566
PR: 250660 |
1.1_4
22 Oct 2020 08:38:22
|
tcberner |
print/freetype2: document vulnerability
PR: 250375
Security: CVE-2020-15999 |
1.1_4
21 Oct 2020 17:32:05
|
brnrd |
security/vuxml: Document 2020Q4 MySQL vulnerabilities |
1.1_4
21 Oct 2020 08:22:19
|
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.111
Obtained
from: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html |
1.1_4
19 Oct 2020 09:24:05
|
dch |
security/vuxml: add powerdns-recursor
PR: 250318
Submitted by: Ralf van der Enden <tremere@cainites.net>
Reported by: michael.glaus@hostpoint.ch
Sponsored by: SkunkWerks, GmbH |
1.1_4
18 Oct 2020 15:38:26
|
brnrd |
security/vuxml: Document MariaDB vulnerabilities |
1.1_4
17 Oct 2020 14:17:23
|
dbaio |
security/vuxml: Update entry date for the last issue added (r552574) |
1.1_4
17 Oct 2020 13:50:26
|
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 249948
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Security: CVE-2020-26891 |
1.1_4
17 Oct 2020 13:08:24
|
joneum |
Add entry for drupal7
Sponsored by: Netzkommune GmbH |
1.1_4
13 Oct 2020 22:35:45
|
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html |
1.1_4
10 Oct 2020 18:01:51
|
sunpoet |
Document rails vulnerability |
1.1_4
09 Oct 2020 05:32:21
|
pi |
security/vuxml: add CVEs for www/payara
- CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw
via either loc/con parameters
- CVE-2019-12086 A Polymorphic Typing issue was discovered in
FasterXML jackson-databind 2.x before 2.9.9
- some more
PR: 250207
Submitted by: Dmytro Bilokha <dmytro@posteo.net> |
1.1_4
07 Oct 2020 21:21:58
|
leres |
security/vuxml: Mark zeek < 3.0.11 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.11
A memory leak in multipart MIME code has potential for remote
exploitation and cause for Denial of Service via resource exhaustion.
While we're here fix missing cite for "zeek < 3.0.10" entry. |
1.1_4
07 Oct 2020 10:53:24
|
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.75
Obtained
from: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html |
1.1_4
05 Oct 2020 17:25:55
|
sunpoet |
Document libexif vulnerability |
1.1_4
04 Oct 2020 06:03:48
|
tcberner |
vuxml: fix version check in r551354 |
1.1_4
04 Oct 2020 05:49:10
|
tcberner |
vuxml: document deskutils/kdeconnect-kde vulnerability
KDE Project Security Advisory
=============================
Title: KDE Connect: packet manipulation can be exploited in a Denial
of Service attack
Risk Rating: Important
CVE: CVE-2020-26164
Versions: kdeconnect <= 20.08.1
Author: Albert Vaca Cintora <albertvaka@gmail.com>
Date: 2 October 2020
Overview
========
(Only the first 15 lines of the commit message are shown above  ) |
1.1_4
03 Oct 2020 17:21:33
|
tcberner |
vuxml: document vulnerability in devel/upnp
Security: CVE-2020-13848 |
1.1_4
02 Oct 2020 07:30:37
|
mfechner |
Document gitlab vulnerabilities. |
1.1_4
30 Sep 2020 20:29:18
|
thierry |
Add recent tt-rss issues.
PR: 249472
Submitted by: Derek Schrock (tt-rss's maintainer)
MFC after: 1 day
Security: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 |
1.1_4
28 Sep 2020 11:23:28
|
pi |
security/vuxml: Add CVE-2020-1945: Apache Ant insecure temporary file
vulnerability
PR: 248098
Submitted by: mikael |
1.1_4
28 Sep 2020 09:42:55
|
pi |
security/vuxml: add entry dns/powerdns below 4.3.1
- CVE-2020-17482
PR: 249560
Submitted by: Ralf van der Enden <tremere@cainites.net>
Relnotes: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html |
1.1_4
26 Sep 2020 13:10:26
|
zeising |
vuxml: Update pango entry for CVE-2019-1010238
Update the pango entry for CVE-2019-1010238.
Since the fix to pango wasn't applied properly the first time around, the
pango version with the fix needed to be bumpt in the vuxml entry. |
1.1_4
22 Sep 2020 19:00:08
|
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.121
Obtained
from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html |
1.1_4
22 Sep 2020 17:23:51
|
tcberner |
security/vuxml: document libxml2 vulnerabilities
PR: 249386 |
1.1_4
21 Sep 2020 21:07:57
|
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 249375
Submitted by: Denis Kasak <dkasak@termina.org.uk>
Submitted by: Sascha Biberhofer <ports@skyforge.at> (earlier version) |
1.1_4
20 Sep 2020 11:36:50
|
fluffy |
- Document python35 multiple vulnerabilities
PR: 249187 |
1.1_4
20 Sep 2020 00:36:02
|
timur |
Add an entry about CVE-2020-1472 - Unauthenticated domain takeover via netlogon
("ZeroLogon")
Security: CVE-2020-1472 |
1.1_4
19 Sep 2020 12:22:27
|
brnrd |
security/vuxml: Document Nextcloud 19.0.1 vuln |
1.1_4
18 Sep 2020 09:26:23
|
mandree |
www/webkit2-gtk3: Multiple Vulnerabilities (vuxml entry)
PR: 247892
Submitted by: rob2g2 <spam123@bitbert.com>
Security: CVE-2020-9802
Security: CVE-2020-9803
Security: CVE-2020-9805
Security: CVE-2020-9806
Security: CVE-2020-9807
Security: CVE-2020-9843
Security: CVE-2020-9850
Security: CVE-2020-13753 |
1.1_4
16 Sep 2020 20:47:51
|
bhughes |
security/vuxml: document Node.js September 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Sponsored by: Miles AS |
1.1_4
16 Sep 2020 06:44:34
|
philip |
security/vuxml: add FreeBSD SA-20:30.ftpd |
1.1_4
16 Sep 2020 06:44:29
|
philip |
security/vuxml: add FreeBSD SA-20:29.bhyve_svm |
1.1_4
16 Sep 2020 06:44:24
|
philip |
security/vuxml: add FreeBSD SA-20:28.bhyve_vmcs |
1.1_4
16 Sep 2020 06:44:19
|
philip |
security/vuxml: add FreeBSD SA-20:27.ure |
1.1_4
12 Sep 2020 12:11:03
|
sunpoet |
Document rails vulnerability |
1.1_4
10 Sep 2020 00:10:25
|
leres |
security/vuxml: Mark zeek < 3.0.10 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.10
Memory leak has potential for remote DOS via resource exhaustion. |
1.1_4
09 Sep 2020 16:01:10
|
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.102
Obtained
from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html |
1.1_4
07 Sep 2020 18:04:21
|
delphij |
Sigh, fix previous entry as it's already documented, combine the information
into previous entry. |
1.1_4
07 Sep 2020 18:02:55
|
delphij |
Document mpd multiple vulnerabilities. |
As an Amazon Associate I earn from qualifying purchases.
