| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_4
24 Apr 2019 15:30:40
   |
jpaetzel  |
Document py-yaml vulnerability
PR: 237501
Submitted by: sergey@akhmatov.ru
Security: CVE-2017-18342 |
1.1_4
23 Apr 2019 03:03:45
|
cy |
Document wpa_supplicant/hostapd EAP-pwd message reassembly issue with
unexpected fragment.
Security: no CVE documented,
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-\
with-unexpected-fragment.txt |
1.1_4
23 Apr 2019 03:03:40
|
cy |
Document wpa_supplicant/hostapd EAP-pwd missing commit validation.
CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
CVE-2019-9498 (EAP-pwd server missing commit validation for
scalar/element)
CVE-2019-9499 (EAP-pwd peer missing commit validation for
scalar/element)
Security: CVE-2019-9497, CVE-2019-9498, CVE-2019-9499,
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt |
1.1_4
23 Apr 2019 03:03:35
|
cy |
Document hostapd SAE confirm missing state validation.
CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Security: CVE-2019-9496,
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt |
1.1_4
23 Apr 2019 03:03:30
|
cy |
Document wpa_supplicant/hostapd EAP-pwd side-channel attack.
CVE-2019-9495 (cache attack against EAP-pwd)
Security: CVE-2019-9495,
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt |
1.1_4
23 Apr 2019 03:03:25
|
cy |
Document wpa_supplicant/hostapd SAE side-channel attacks.
CVE-2019-9494 (cache attack against SAE)
Security: CVE-2019-9494, VU#871675,
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt |
1.1_4
22 Apr 2019 20:30:19
|
danilo |
- Document istio vulnerabilities. |
1.1_4
21 Apr 2019 17:35:59
|
tijl |
Document Ghostscript CVE-2019-3835 and CVE-2019-3838.
PR: 237390
Security: CVE-2019-3835, CVE-2019-3838 |
1.1_4
19 Apr 2019 14:42:42
|
tijl |
Document GNUTLS-SA-2019-03-27.
Security: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 |
1.1_4
18 Apr 2019 15:21:04
|
ler |
security/vuxml: Document dovecot json encoder issue |
1.1_4
18 Apr 2019 10:36:50
|
swills |
Document libssh2 issue |
1.1_4
17 Apr 2019 06:35:18
|
joneum |
Add entry for gitea
PR: 237303
Sponsored by: Netzkommune GmbH |
1.1_4
13 Apr 2019 13:53:22
|
brnrd |
security/vuxml: Document vulnerabilities for MySQL
- Pre-notification by Oracle, final to be published in 3 days |
1.1_4
12 Apr 2019 08:43:30
|
vd |
Document ftp/wget's metadata in extended attributes vulnerability
Security: CVE-2018-20483 |
1.1_4
11 Apr 2019 05:47:33
|
mfechner |
Document gitlab vulnerability. |
1.1_4
10 Apr 2019 15:30:26
|
lwhsu |
Document Jenkins Security Advisory 2019-04-10
Sponsored by: The FreeBSD Foundation |
1.1_4
10 Apr 2019 07:52:51
|
jkim |
Document the latest Flash Player vulnerabilities.
https://helpx.adobe.com/security/products/flash-player/apsb19-19.html |
1.1_4
06 Apr 2019 14:46:00
|
sunpoet |
Update py-notebook status |
1.1_4
05 Apr 2019 06:22:10
|
mfechner |
Documented vulnerabilities for clamav. |
1.1_4
03 Apr 2019 17:22:25
|
romain |
Update sysutils/puppetserver5 entry
Puppetlabs released version 5.3.8 of Puppet Server which address the issue:
https://puppet.com/docs/puppetserver/5.3/release_notes.html#puppet-server-538
With hat: puppet |
1.1_4
02 Apr 2019 20:48:08
|
mfechner |
Documented gitlab vulnerability. |
1.1_4
02 Apr 2019 07:58:42
|
brnrd |
security/vuxml: Document Apache httpd vulnerabilities |
1.1_4
01 Apr 2019 19:29:47
|
danilo |
- Document sysutils/kubectl CVE-2019-1002101 |
1.1_4
31 Mar 2019 13:50:46
|
dbaio |
security/vuxml: Document irc/znc issue
Security: CVE-2019-9917 |
1.1_4
29 Mar 2019 16:36:03
|
sunpoet |
Document py-notebook vulnerability |
1.1_4
29 Mar 2019 14:17:12
|
sunpoet |
Update openjpeg status |
1.1_4
28 Mar 2019 12:21:37
|
ler |
vuxml: Document mail/dovecot buffer overflow. |
1.1_4
28 Mar 2019 08:26:50
|
joneum |
Add modified line for drupal after r496987
Sponsored by: Netzkommune GmbH |
1.1_4
27 Mar 2019 21:51:40
|
acm |
- Update 94d63fd7-508b-11e9-9ba0-4c72b94353b5 entry |
1.1_4
27 Mar 2019 19:23:40
|
sunpoet |
Update Python vulnerability (d74371d2-4fee-11e9-a5cd-1df8a848de3d) |
1.1_4
27 Mar 2019 17:44:06
|
joneum |
Add entry for www/drupal7
Sponsored by: Netzkommune GmbH |
1.1_4
26 Mar 2019 18:12:24
|
sunpoet |
Document Python vulnerability |
1.1_4
22 Mar 2019 04:08:55
|
zeising |
Update the libXdmcp entry to make it clearer. |
1.1_4
21 Mar 2019 09:36:32
|
joneum |
Add entry for wordpress
Sponsored by: Netzkommune GmbH |
1.1_4
21 Mar 2019 08:15:01
|
mfechner |
Documented gitlab vulnerability. |
1.1_4
21 Mar 2019 02:03:35
|
zeising |
Add entry for x11/libXdmcp vulnerabilty.
Add entry for x11/libXdmcp vulnerabilty, insufficient entripy generating
session keys. It is unknown if this actually affects FreeBSD.
Security: CVE-2017-2625 |
1.1_4
20 Mar 2019 14:04:46
|
mfechner |
Documented security vulnerability for gitlab < 11.8.2. |
1.1_4
20 Mar 2019 11:30:19
|
joneum |
Add entry for www/gitea
PR: 236563 |
1.1_4
19 Mar 2019 20:22:21
|
jbeich |
security/vuxml: mark firefox < 66 as vulnerable |
1.1_4
19 Mar 2019 14:51:03
|
swills |
Document PowerDNS issue
PR: 236634
Reported by: Dani <i.dani@outlook.com> |
1.1_4
18 Mar 2019 18:25:00
|
sunpoet |
Document Rails vulnerability |
1.1_4
17 Mar 2019 14:16:03
|
mandree |
Record PuTTY security vulnerabilities in versions before 0.71. |
1.1_4
16 Mar 2019 23:23:16
|
sunpoet |
Document py-notebook vulnerability |
1.1_4
15 Mar 2019 21:42:03
|
sunpoet |
Document ruby-gems vulnerability |
1.1_4
12 Mar 2019 06:14:06
|
riggs |
Document CVE fixes in libsndfile-1.0.28_2
PR: 227669
Reported by: p5B2E9A8F@t-online.de |
1.1_4
08 Mar 2019 02:26:17
|
cy |
Fill in the actual URL for March 2019 ntp-4.2.8p13 NTP Release and
Security Vulnerability Announcement |
1.1_4
07 Mar 2019 19:33:24
|
brnrd |
security/vuxml: Document OpenSSL 1.1.1 vulnerability |
1.1_4
07 Mar 2019 13:32:42
|
cy |
Document crafted ull dereference ntp attack.
Security: CVE-2019-8936
Obtained from: nwtime.org |
1.1_4
06 Mar 2019 19:56:57
|
kai |
security/vuxml: Document shells/rssh < 2.3.4_2 vulnerabilities
PR: 235121
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D19473 |
1.1_4
06 Mar 2019 07:31:17
|
matthew |
Document a jQuery related XSS security fix in rt4.4.4 and rt4.2.16
Note: the release notes also mention 3 other security issues in perl
modules depended on by these packages. Of those, vulnerabilities in
the Email::Address and Email::Address::List perl modules have already
been addressed in their respective ports, while the third: HTML::Gumbo
is not currently in the ports at all. |
1.1_4
05 Mar 2019 15:00:54
|
0mp |
Document a slixmpp < 1.4.1 vulnerability
Reviewed by: krion, mat
Approved by: krion (mentor), mat (mentor)
MFH: 2019Q1 |
1.1_4
05 Mar 2019 10:23:44
|
mfechner |
Doucumented several www/gitlab-ce security vulnerabilities. |
1.1_4
05 Mar 2019 06:20:50
|
tobik |
Document www/py-gunicorn vulnerability |
1.1_4
04 Mar 2019 10:54:26
|
joneum |
Update mybb entry
Sponsored by: Netzkommune GmbH |
1.1_4
03 Mar 2019 00:03:11
|
bhughes |
security/vuxml: document Node.js February 2019 Security Releases
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
Sponsored by: Miles AS |
1.1_4
02 Mar 2019 10:29:12
|
joneum |
Document vulnerability in www/mybb
Sponsored by: Netzkommune GmbH |
1.1_4
01 Mar 2019 08:57:16
|
madpilot |
Document new asterisk vulnerability.
Security: CVE-2019-7251 |
1.1_4
27 Feb 2019 07:33:22
|
brnrd |
security/vuxml: Update OpenSSL 1.0.2r entry |
1.1_4
24 Feb 2019 19:59:26
|
kwm |
Document webkit-gtk CVE's
Security: CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, \
CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, \
CVE-2019-6234. |
1.1_4
22 Feb 2019 17:58:16
|
pi |
security/vuxml: dokument rdesktop < 1.8.4 vulnerabilities
PR: 235885, 229029 |
1.1_4
21 Feb 2019 19:49:00
|
romain |
Document sysutils/puppetserver* vulnerabilities.
PuppetServer bundles Bouncy Castle, so add affected ports to the Bouncy Castle
entry.
sysutils/puppetserver is EOL and will likely never get a fix;
sysutils/puppetserver5 may get fixed in a future release of the 5.x branch;
sysutils/puppetserver6 was fixed in the latest release.
With hat: puppet |
1.1_4
21 Feb 2019 14:45:25
|
acm |
- Add drupal8 vulnerability entry |
1.1_4
20 Feb 2019 10:13:39
|
brnrd |
security/vuxml: Document announced OpenSSL vulnerability
- To be updated with more specifics on 2019-02-26 |
1.1_4
15 Feb 2019 15:06:16
|
novel |
Document mail/msmtp certificate verification issue |
1.1_4
13 Feb 2019 11:27:36
|
cmt |
fix firefox-esr PORTEPOCH in latest entry
Submitted by: jbeich |
1.1_4
13 Feb 2019 11:09:39
|
cmt |
add more mozilla products to latest entry
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
(same CVEs as mfsa2019-04, so not creating another entry) |
1.1_4
13 Feb 2019 09:57:34
|
cmt |
document firefox vulnerabilities
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/ |
1.1_4
12 Feb 2019 15:39:34
|
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html |
1.1_4
11 Feb 2019 19:11:34
|
sunpoet |
Fix r492723 for the name of NVD report |
1.1_4
11 Feb 2019 18:59:48
|
sunpoet |
Update openjpeg status
There were 5 vulnerabilities in openjpeg and 4 of them are fixed.
The current status is described in [1] as follows:
- CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.
- CVE-2018-5785 was fixed in r480624.
- CVE-2018-6616 was fixed in r489415.
- CVE-2018-5727 is not fixed yet.
Though I keep committing fixes and updating the status, it does not show in the
"pkg audit" result. Users have to follow the link but apparently few people
would do that. Therefore, I got mails asking if the CVEs are fixed, etc.
I don't know if there's a better way to handle this condition (partly fixed over
several months). Instead of removing fixed CVEs from vuln.xml, I decided to add
a new entry (5efd7a93-2dfb-11e9-9549-e980e869c2e9) which is split from the old
entry (11dc3890-0e64-11e8-99b0-d017c2987f9a). It should be clearer for users if
they only read the "pkg audit" result.
[1] https://www.vuxml.org/freebsd/11dc3890-0e64-11e8-99b0-d017c2987f9a.html |
1.1_4
11 Feb 2019 00:11:41
|
feld |
Document FreeBSD-SA-19:02.fd |
1.1_4
11 Feb 2019 00:10:59
|
feld |
Document FreeBSD-SA-19:01.syscall |
1.1_4
10 Feb 2019 18:02:38
|
tcberner |
Document kf5-kauth vulnerability. |
1.1_4
08 Feb 2019 01:12:26
|
osa |
Update versions range for recent unit vulnerability. |
1.1_4
08 Feb 2019 01:04:53
|
osa |
Document unit vulnerability. |
1.1_4
07 Feb 2019 23:14:47
|
sunpoet |
Document curl vulnerability |
1.1_4
06 Feb 2019 09:10:47
|
mfechner |
Document gitlab-ce vulnerability. |
1.1_4
05 Feb 2019 14:52:23
|
ler |
mail/dovecot: update reporter for latest vuln |
1.1_4
05 Feb 2019 14:39:13
|
ler |
mail/dovecot: Suitable client certificate can be used to login as other user
update vuxml |
1.1_4
02 Feb 2019 21:55:47
|
sunpoet |
Document typo3 vulnerability
PR: 235187, 235188 |
1.1_4
02 Feb 2019 01:26:48
|
jrm |
security/vuxml: Document Gitea < 1.7.1 vulnerabilities
PR: 235399
Submitted by: stb@lassitu.de (www/gitea maintainer) |
1.1_4
31 Jan 2019 19:36:16
|
matthew |
Document vulnerability addressed by release 0.06 of p5-Email-Address-List
Unfortunately there is very little real description of the
vulnerability available, other than what is in the changelog. Even
the CVE number only leads to a page saying the number is reserved. |
1.1_4
31 Jan 2019 17:42:14
|
mfechner |
Documented multiple vulnerabilities for www/gitlab-ce. |
1.1_4
30 Jan 2019 11:37:56
|
bhughes |
security/vuxml: document vulnerabilities in net/turnserver
Sponsored by: Miles AS |
1.1_4
29 Jan 2019 17:18:59
|
jbeich |
security/vuxml: mark firefox < 65 as vulnerable |
1.1_4
28 Jan 2019 16:53:42
|
swills |
Document powerdns-recursor issue
PR: 235113
Submitted by: Ralf van der Enden <tremere@cainites.net> |
1.1_4
27 Jan 2019 19:58:21
|
sunpoet |
Update py-requests entry
Reference: https://lists.freebsd.org/pipermail/svn-ports-head/2019-January/198601.html |
1.1_4
27 Jan 2019 15:14:56
|
brnrd |
security/vuxml: Document recent MySQL vulnerabilities
- 5.5 branch see https://mariadb.com/kb/en/library/mariadb-5563-release-notes/ |
1.1_4
27 Jan 2019 09:58:17
|
tcberner |
security/vuxml: Document security/botan2 vulnerability
PR: 234938
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) |
1.1_4
27 Jan 2019 09:19:40
|
matthew |
Document PMASA-2019-1 and PMSA-2019-2 security advisories: Arbitrary
file disclosure and SQL injection attacks. |
1.1_4
26 Jan 2019 10:54:50
|
joneum |
Add entry for www/gitea
PR: 235140
Sponsored by: Netzkommune GmbH |
1.1_4
26 Jan 2019 09:49:39
|
koobs |
security/vuxml: Add libzmq4 -- Remote Code Execution Vulnerability
PR: 230575 |
1.1_4
23 Jan 2019 16:03:33
|
zi |
- Add package name validation |
1.1_3
23 Jan 2019 15:10:38
|
zi |
Fix invalid package name in previous commit for
4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2 |
1.1_3
23 Jan 2019 14:37:44
|
joneum |
Add entry for www/apache24
Sponsored by: Netzkommune GmbH |
1.1_3
23 Jan 2019 12:48:45
|
lev |
Add CVE-2018-11803 for www/mod_dav_svn. |
1.1_3
22 Jan 2019 12:32:18
|
gjb |
Attempt to fix vuxml build.
Sponsored by: The FreeBSD Foundation |
1.1_3
22 Jan 2019 10:44:39
|
koobs |
security/vuxml: Add www/py-requests: Information disclosure vulnerability |
1.1_3
20 Jan 2019 01:05:17
|
ler |
security/vuxml: Document joomla 3 vulnerabilities. |
1.1_3
19 Jan 2019 20:37:47
|
acm |
- Add drupal7 and drupal8 vulnerability entry |
As an Amazon Associate I earn from qualifying purchases.
