Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_3 06 Sep 2016 14:22:55 |
feld |
Document vulnerability in irc/inspircd
No CVEs have been assigned at this time. |
1.1_3 06 Sep 2016 08:37:04 |
mandree |
Add CVE-2016-7123 for resolved mailman CSRF.
PR: 212378
Reported by: Sevan Janiyan
Security: CVE-2016-7123
Security: 9e50dcc3-740b-11e6-94a2-080027ef73ec |
1.1_3 05 Sep 2016 21:40:38 |
tijl |
Fix the version range for a linux-c6-nss vulnerability.
PR: 208385 |
1.1_3 01 Sep 2016 20:27:24 |
gjb |
Fix build.
Sponsored by: The FreeBSD Foundation |
1.1_3 01 Sep 2016 20:21:00 |
bdrewery |
Document OpenSSH CVE-2015-8325 and CVE-2016-6210 fixed in OpenSSH 7.3p1.
PR: 212275
Reported by: <Sevan Janiyan> venture37@geeklan.co.uk
Security: CVE-2015-8325
Security: CVE-2016-6210 |
1.1_3 29 Aug 2016 19:00:37 |
mandree |
Document mailman < 2.1.23 CVE-2016-6893, insufficient CSRF protection. |
1.1_3 28 Aug 2016 17:53:49 |
kwm |
Document libxml2 vulnabilities. |
1.1_3 27 Aug 2016 19:20:16 |
tcberner |
Document kdelibs KArchive directory traversal vulnerability.
Approved by: rakuco (mentor)
Security: CVE-2016-6232 |
1.1_3 22 Aug 2016 17:20:59 |
kwm |
Docuement eog out of bounds write.
Security: CVE-2016-6855 |
1.1_3 22 Aug 2016 12:20:59 |
mat |
Some more cleanup to Perl vulnerabilities.
Sponsored by: Absolight |
1.1_3 21 Aug 2016 19:12:35 |
kwm |
Document fontconfig insufficiently cache file validation
Security: CVE-2016-5384 |
1.1_3 19 Aug 2016 15:05:35 |
feld |
Fix ruby version range which was missing the important portepoch
Add postgres and mysql to the EoL port list
PR: 211975 |
1.1_3 19 Aug 2016 14:02:11 |
feld |
Fix PKGNAME matching for old ruby in vuxml
PR: 211975 |
1.1_3 19 Aug 2016 13:01:25 |
mat |
Fixup Perl package names in the EoL vuln.
Sponsored by: Absolight |
1.1_3 18 Aug 2016 22:27:48 |
jgh |
unbreak build (validation and tests pass)
Reported by: feld
With hat: ports-secteam |
1.1_3 18 Aug 2016 21:44:35 |
feld |
Add a number of old expired and End of Life ports to vuxml
PR: 211975 |
1.1_3 18 Aug 2016 19:22:47 |
jkim |
Fix CVE name for security/gnupg and security/libgcrypt. There was a typo in
the official release announcement. |
1.1_3 18 Aug 2016 00:41:25 |
kuriyama |
Register recent gnupg1/libgcrypt vuln. |
1.1_3 17 Aug 2016 11:02:43 |
matthew |
Document 26 new security advisories from phpmadmin. Some of these are
described as 'critical'. |
1.1_3 15 Aug 2016 09:26:54 |
mat |
Note where the XSLoader thing is being fixed in Perl 5.18 and 5.20.
Sponsored by: Absolight |
1.1_3 15 Aug 2016 04:18:36 |
koobs |
security/vuxml: Fix/Improve a few entry titles (<topic)
- TeamSpeak 3 Server: Use standard "Product -- Description" title format
- TeamSpeak 3 Server: Include RCE in title so people dont miss it. Importante.
- puppet-agent MCollective: Remove duplicate name in title, use software name
- FreeBSD ntp entry: Fix grammo |
1.1_3 14 Aug 2016 22:19:31 |
pi |
audio/teamspeak3-server: Document remote code execution
PR: 211846
Security: http://seclists.org/fulldisclosure/2016/Aug/61
Submitted by: Ultima1252@gmail.com |
1.1_3 14 Aug 2016 17:12:27 |
junovitch |
Fix PKGNAME for collectd5
PR: 211613 |
1.1_3 14 Aug 2016 08:33:15 |
romain |
Add entry for CVE-2015-7331
mcollective-puppet-agent -- Remote Code Execution in mcollective-puppet-agent
plugin |
1.1_3 13 Aug 2016 21:44:31 |
mat |
Fix the perl5* section for the two recent vuln.
For some reason, perl5-devel was having a wrongly special treatment, and
it was failing to take into account the fact that we've had 5.21 and
5.23 in the tree.
Also, correct the version at which the XSLoader thing was solved in 5.25.
Sponsored by: Absolight |
1.1_3 12 Aug 2016 10:56:12 |
matthew |
The perl5 release candidate versions also address the XSLoader local
arbitrary code execution vulnerability (CVE-2016-6185), as documented
in perldelta(1)
So perl5.22-5.22.3.r2 and perl5.24-5.24.1.r2 are not vulnerable.
I can't confirm if the updates to perl5.18 and perl5.20 also solve the
XSLoader bug or not but by inspection of the source code, I don't
believe that to be the case. |
1.1_3 11 Aug 2016 22:54:01 |
feld |
Correct the syntax for the <freebsdsa> entries.
They should not be prefixed with FreeBSD- |
1.1_3 11 Aug 2016 21:50:02 |
feld |
Correct old vuxml entries for FreeBSD that use <ge>0</ge> or a <ge> without an
<le>
One entry has been cancelled in preference of a much newer entry referring to
the same CVE as it has more detail. |
1.1_3 11 Aug 2016 21:34:00 |
feld |
Add missing FreeBSD SA entries from 2016 to vuxml |
1.1_3 11 Aug 2016 21:27:28 |
feld |
Add missing FreeBSD SA entries from 2015 to vuxml |
1.1_3 11 Aug 2016 21:19:09 |
feld |
Add missing FreeBSD SA entries from 2014 to vuxml |
1.1_3 11 Aug 2016 18:53:51 |
gjb |
Fix vuxml build.
Approved by: ports-secteam (implicit)
Sponsored by: The FreeBSD Foundation |
1.1_3 11 Aug 2016 16:40:21 |
koobs |
security/vuxml: Make PostgreSQL entry more explicit
Be more explicit in the title of the PostgreSQL entry as to the nature
of the vulnerabilities. Remove possibly subjective description of the
severity (minor) from the title, err on the side of allow users to make
the assessment based on their environments instead.
Approved by: feld (ports-secteam) |
1.1_3 11 Aug 2016 15:49:20 |
feld |
Add missing FreeBSD SA to vuxml
Security: SA-14:01.bsnmpd |
1.1_3 11 Aug 2016 14:51:44 |
girgen |
Add security info for upcoming PostgreSQL updates.
Security: CVE-2016-5424, CVE-2016-5423 |
1.1_3 11 Aug 2016 13:33:05 |
mat |
Fixup Perl versions for CVE-2016-1238.
Sponsored by: Absolight |
1.1_3 10 Aug 2016 09:21:41 |
tz |
www/piwik: Document XSS issues
PR: 211590
Security:
https://vuxml.freebsd.org/freebsd/28bf62ef-5e2c-11e6-a15f-00248c0c745d.html
Approved by: pi (mentor) |
1.1_3 10 Aug 2016 01:27:44 |
junovitch |
Document denial of service vector via oversized AXFR, IXFR, or Dynamic DNS
updates in BIND, Knot, NSD, and PowerDNS
Security: CVE-2016-6170
Security: CVE-2016-6171
Security: CVE-2016-6172
Security: CVE-2016-6173
Security: https://vuxml.FreeBSD.org/freebsd/7d08e608-5e95-11e6-b334-002590263bf5.html |
1.1_3 09 Aug 2016 22:25:53 |
feld |
Add missing FreeBSD SA vuxml entries for 2013
Entries that only affected BETA/RC releases were ignored
Security: SA-13:10.sctp
Security: SA-13:09.ip_multicast
Security: SA-13:08.nfsserver |
1.1_3 09 Aug 2016 21:18:18 |
feld |
Change all FreeBSD SA entries in vuxml from <system> to <package> |
1.1_3 09 Aug 2016 21:04:51 |
feld |
Add FreeBSD SA information to recent libarchive vuxml entry
Security: SA-16:22.libarchive
Security: SA-16:23.libarchive |
1.1_3 09 Aug 2016 21:00:05 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-16:17.openssl |
1.1_3 09 Aug 2016 20:57:19 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:16.ntp |
1.1_3 09 Aug 2016 20:53:04 |
feld |
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-16:14.openssh |
1.1_3 09 Aug 2016 20:36:34 |
feld |
Update many historical vuxml entries for FreeBSD with incorrect ranges
PR: 208522 |
1.1_3 09 Aug 2016 19:43:25 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-16:11.openssl |
1.1_3 09 Aug 2016 19:39:28 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:09.ntp |
1.1_3 09 Aug 2016 18:21:05 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Security: SA-16:08.bind |
1.1_3 09 Aug 2016 18:18:42 |
feld |
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-16:07.openssh |
1.1_3 09 Aug 2016 18:14:59 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:02.ntp |
1.1_3 09 Aug 2016 18:12:21 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:27.bind |
1.1_3 09 Aug 2016 18:10:03 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:26.openssl |
1.1_3 09 Aug 2016 18:07:10 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-15:25.ntp |
1.1_3 09 Aug 2016 18:03:49 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Also correct range of affected FreeBSD versions
Security: SA-15:23.bind |
1.1_3 09 Aug 2016 18:01:17 |
feld |
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-15:22.openssh |
1.1_3 09 Aug 2016 17:53:07 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Also correct range of affected FreeBSD versions
Security: SA-15:17.bind |
1.1_3 09 Aug 2016 17:50:08 |
feld |
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-15:16.openssh |
1.1_3 09 Aug 2016 17:35:24 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:11.bind |
1.1_3 09 Aug 2016 17:32:47 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:10.openssl |
1.1_3 09 Aug 2016 17:24:19 |
feld |
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-15:07.ntp |
1.1_3 09 Aug 2016 17:21:54 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:06.openssl |
1.1_3 09 Aug 2016 17:11:15 |
feld |
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:05.bind |
1.1_3 09 Aug 2016 17:08:08 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:01.openssl |
1.1_3 09 Aug 2016 17:04:57 |
feld |
Add FreeBSD SA info to old unbound vuxml entry
Security: SA-14:30.unbound |
1.1_3 09 Aug 2016 17:00:29 |
feld |
Add FreeBSD SA reference to old bind vuxml entry
Security: SA-14:29.bind |
1.1_3 09 Aug 2016 16:53:46 |
feld |
Update another openssl vuxml entry to add FreeBSD SA information
Security: SA-14:23.openssl |
1.1_3 09 Aug 2016 16:48:57 |
feld |
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-14:18.openssl |
1.1_3 09 Aug 2016 16:39:04 |
feld |
Update another old openssl vuxml entry to add FreeBSD SA information
Security: SA-14:10.openssl |
1.1_3 09 Aug 2016 16:36:46 |
feld |
Update old openssl vuxml entry to include <freebsdsa> information and affected
FreeBSD versions |
1.1_3 09 Aug 2016 16:30:58 |
feld |
Add <freebsdsa> to old vuxml entry for openssl
Affected FreeBSD versions were not added as they were all 10.0-RC. |
1.1_3 09 Aug 2016 16:25:23 |
feld |
Correct <date> fields for last commit regarding SA 14:02 |
1.1_3 09 Aug 2016 16:23:35 |
feld |
Add affected FreeBSD versions to vuxml entry for SA-14:02 |
1.1_3 09 Aug 2016 16:13:35 |
feld |
Correct another FreeBSD SA in an old vuxml entry |
1.1_3 09 Aug 2016 16:11:42 |
feld |
Correct FreeBSD SA in old vuxml entry |
1.1_3 08 Aug 2016 15:47:23 |
brd |
Document collectd security advisory.
PR: 211613
Security: CVE-2016-6254 |
1.1_3 08 Aug 2016 09:58:15 |
brnrd |
security/vuxml: Add versions for lates MariaDB vulns
PR: 211274 |
1.1_3 06 Aug 2016 01:57:51 |
junovitch |
Document multiple security advisories for Moodle (MSA-16-0019 - MSA-16-0021)
Security: CVE-2016-5012
Security: CVE-2016-5013
Security: CVE-2016-5014
Security: https://vuxml.FreeBSD.org/freebsd/3ddcb42b-5b78-11e6-b334-002590263bf5.html |
1.1_3 06 Aug 2016 00:45:22 |
junovitch |
Document BIND security advisory
Security: CVE-2016-2775
Security: https://vuxml.FreeBSD.org/freebsd/7a31e0de-5b6d-11e6-b334-002590263bf5.html |
1.1_3 06 Aug 2016 00:24:00 |
junovitch |
Document wnpa-sec-2016-41 through wnpa-sec-2016-49 for issues fixed in
Wireshark 2.0.5
Security: CVE-2016-6505
Security: CVE-2016-6506
Security: CVE-2016-6508
Security: CVE-2016-6509
Security: CVE-2016-6510
Security: CVE-2016-6511
Security: CVE-2016-6512
Security: CVE-2016-6513
Security: https://vuxml.FreeBSD.org/freebsd/610101ea-5b6a-11e6-b334-002590263bf5.html |
1.1_3 05 Aug 2016 17:15:57 |
feld |
Update perl vuxml entries
Perl package names changed somewhat recently, so add more <name> entries
to improve coverage for users on systems with outdated ports/packages
PR: 211561 |
1.1_3 05 Aug 2016 16:08:30 |
feld |
Cancel tiff vuxml entry for CVE-2016-5102
Upstream has marked it WONTFIX and is removing the utility in 4.0.7.
There is no indication that this bug does anything other than crash the
utility. |
1.1_3 05 Aug 2016 13:54:48 |
feld |
Update vuxml entry for perl to correct range for perl5-devel |
1.1_3 04 Aug 2016 18:19:01 |
feld |
Fix vuxml entry for recent perl vulnerabilities to correctly match package names
PR: 211561 |
1.1_3 04 Aug 2016 18:12:35 |
feld |
Document p5-XSLoader vulnerability
PR: 211561
Security: CVE-2016-6185 |
1.1_3 04 Aug 2016 17:52:36 |
feld |
Document perl vulnerability
PR: 211561
Security: CVE-2016-1238 |
1.1_3 04 Aug 2016 14:49:49 |
feld |
Document gd vulnerabilities
PR: 211562 |
1.1_3 04 Aug 2016 14:33:25 |
feld |
Document curl vulnerabilities
PR: 211575 |
1.1_3 03 Aug 2016 14:54:27 |
feld |
Document lighttpd vulnerabilities
PR: 211495 |
1.1_3 02 Aug 2016 02:07:56 |
junovitch |
Document Xen Security Advisories (XSAs 182, 183, and 184)
PR: 211482
Security: CVE-2016-5403
Security: CVE-2016-6259
Security: CVE-2016-6258
Security: https://vuxml.FreeBSD.org/freebsd/06574c62-5854-11e6-b334-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/04cf89e3-5854-11e6-b334-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/032aa524-5854-11e6-b334-002590263bf5.html |
1.1_3 31 Jul 2016 15:14:57 |
junovitch |
Document security issues fixed Libidn 1.33
PR: 211407
Reported by: Piotr Kubaj <pkubaj@anongoth.pl>
Security: CVE-2015-8948
Security: CVE-2016-6261
Security: CVE-2016-6262
Security: CVE-2016-6263
Security: https://vuxml.FreeBSD.org/freebsd/cb5189eb-572f-11e6-b334-002590263bf5.html |
1.1_3 29 Jul 2016 07:30:28 |
cmt |
document Gimp XCF loader vulnerability
Approved by: rene (mentor) |
1.1_3 27 Jul 2016 01:54:48 |
cy |
With the release of krb5 1.13.6, which also fixes the KDC denial of
service vulnerability (CVE-2016-3120 -- same vulnerability fixed in
krb5 1.14.3), update entry 62d45229-4fa0-11e6-9d13-206a8a720317 to
also document the same in krb5 1.13.6.
Security: 62d45229-4fa0-11e6-9d13-206a8a720317
Security: CVE-2016-3120 |
1.1_3 26 Jul 2016 16:03:16 |
feld |
Document xerces-c3 vulnerabilities
PR: 211023
Security: CVE-2016-2099
Security: CVE-2016-4463 |
1.1_3 26 Jul 2016 14:58:24 |
feld |
Document php vulnerabilities
Security: CVE-2015-8879
Security: CVE-2016-5385
Security: CVE-2016-5399
Security: CVE-2016-6288
Security: CVE-2016-6289
Security: CVE-2016-6290
Security: CVE-2016-6291
Security: CVE-2016-6292
Security: CVE-2016-6294
Security: CVE-2016-6295
Security: CVE-2016-6296
Security: CVE-2016-6297 |
1.1_3 22 Jul 2016 20:30:16 |
rene |
Document new vulnerabilities in www/chromium < 52.0.2743.82
Obtained
from: https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html |
1.1_3 22 Jul 2016 00:22:19 |
cy |
Document a rare KDC denial of service vulnerability when anonymous
client principals are restricted to obtaining TGTs only [CVE-2016-3120]
URL: http://web.mit.edu/kerberos/krb5-1.14/
Security: CVE-2016-3120 |
1.1_3 21 Jul 2016 18:25:22 |
brnrd |
security/vuxml: Current mysql57 is NOT vulnerable
PR: 211248 |
1.1_3 21 Jul 2016 18:04:14 |
truckman |
Apache OpenOffice CVE-2016-1513 Memory Corruption Vulnerability
(Impress Presentations) |
1.1_3 21 Jul 2016 14:58:08 |
brnrd |
security/vuxml: Add MySQL vulnerabilities from quarterly update
- Add MariaDB ports
- Add Percona ports
PR: 211248 |
1.1_3 21 Jul 2016 14:23:01 |
feld |
Properly cancel the httpoxy vuxml entry |