Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_2 01 Nov 2015 02:10:37 |
junovitch |
Document multiple vulnerabilities fixed in CodeIgniter
PR: 203403
Security: https://vuxml.FreeBSD.org/freebsd/bdd57272-803c-11e5-ab94-002590263bf5.html |
1.1_2 29 Oct 2015 01:51:06 |
junovitch |
Document additional CVE assigned for the last Wordpress update
Security: CVE-2015-7989
Security: https://vuxml.FreeBSD.org/freebsd/f4ce64c2-5bd4-11e5-9040-3c970e169bc2.html |
1.1_2 28 Oct 2015 20:59:22 |
feld |
Document information disclosure in net/openafs
Security: CVE-2015-7762
Security: CVE-2015-7763 |
1.1_2 27 Oct 2015 20:53:54 |
zeising |
Add entry for x11/xscreensaver for a lock bypass vulnerability |
1.1_2 27 Oct 2015 13:44:08 |
mat |
Document lldpd security vunlnerability.
PR: 204044
Submitted by: maintainer
Sponsored by: Absolight |
1.1_2 26 Oct 2015 13:45:27 |
feld |
Update range for libressl vulnerability
Range was entered incorrectly as <2.2.3
Security: e75a96df-73ca-11e5-9b45-b499baebfeaf |
1.1_2 25 Oct 2015 17:37:12 |
marcus |
Add an entry for wireshark-1.12.8 for CVE-2015-7830. |
1.1_2 25 Oct 2015 03:26:58 |
junovitch |
Document the recent remote site takeover via SQL injection vuln in Joomla
While here, document all missing Joomla security vulnerabilities since the
last entry in March 2014
Security: CVE-2014-6631
Security: CVE-2014-6632
Security: CVE-2014-7228
Security: CVE-2014-7229
Security: CVE-2015-5397
Security: CVE-2015-5608
Security: CVE-2015-6939
Security: CVE-2015-7297
Security: CVE-2015-7857
Security: CVE-2015-7858
Security: CVE-2015-7859
Security: CVE-2015-7899
Security: https://vuxml.FreeBSD.org/freebsd/0ebc6e78-7ac6-11e5-b35a-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/03e54e42-7ac6-11e5-b35a-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/f8c37915-7ac5-11e5-b35a-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/ec2d1cfd-7ac5-11e5-b35a-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/deaba148-7ac5-11e5-b35a-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/cec4d01a-7ac5-11e5-b35a-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/beb3d5fc-7ac5-11e5-b35a-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/adbb32d9-7ac5-11e5-b35a-002590263bf5.html |
1.1_2 24 Oct 2015 03:55:25 |
junovitch |
Document redirect vulnerability in the drupal7 overlay module
PR: 203977
Security: CVE-2015-7943
Security: https://vuxml.FreeBSD.org/freebsd/75f39413-7a00-11e5-a2a1-002590263bf5.html |
1.1_2 23 Oct 2015 20:39:42 |
matthew |
Record phpMyAdmin -- content spoofing vulnerability. |
1.1_2 23 Oct 2015 11:59:59 |
delphij |
Add CVE references to the NTP entry. |
1.1_2 23 Oct 2015 03:43:36 |
junovitch |
Document Mediawiki security vulnerabilities for 1.25.3, 1.24.4, and 1.23.11
Security: https://vuxml.FreeBSD.org/freebsd/b973a763-7936-11e5-a2a1-002590263bf5.html |
1.1_2 22 Oct 2015 03:03:30 |
cy |
Document October 2015 NTP Security Vulnerability Announcement (Medium) |
1.1_2 20 Oct 2015 02:33:47 |
junovitch |
Document multiple XSS vulnerabilities fixed in CodeIgniter
PR: 203403
Security: https://vuxml.FreeBSD.org/freebsd/95602550-76cf-11e5-a2a1-002590263bf5.html |
1.1_2 19 Oct 2015 20:22:29 |
sunpoet |
- Add NO_ARCH
- While I'm here, use "yes" instead of "YES"
Approved by: portmgr (blanket) |
1.1_2 19 Oct 2015 17:04:03 |
garga |
Add new VuXML entry for git arbitrary code execution bug on versions before
2.6.1 |
1.1_2 17 Oct 2015 18:16:56 |
sunpoet |
- Document Salt multiple vulnerabilities |
1.1_2 16 Oct 2015 18:57:28 |
swills |
Document CVE-2015-7184 in firefox |
1.1_2 16 Oct 2015 16:11:19 |
kwm |
Document flash 0-day, remove code execution.
Security: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648 |
1.1_2 16 Oct 2015 07:44:56 |
peter |
Fix the vuxml build caused by a multitude of errors in r399425 (libressl). |
1.1_2 16 Oct 2015 07:08:41 |
brnrd |
security/libressl: Fix memory leak and buffer overflow DoS vulnerability
* Update to 2.2.4 (fixing vulnerabilities)
* Create vuxml entry
Differential revision: https://reviews.freebsd.org/D3916
Submitted by: Bernard Spil <brnrd@freebsd.org>
Reviewed by: delphij (secteam)
Approved by: delphij
MFC after: 2015Q4
Security: CVE-2015-5333, CVE-2015-533 |
1.1_2 15 Oct 2015 14:48:51 |
feld |
Document vulnerability in polarssl, polarssl13, and mbedtls
Security: CVE-2015-5291 |
1.1_2 14 Oct 2015 23:59:01 |
junovitch |
Document multiple vulnerabilities in the Magento platform
While here, update an older entry to reflect Magento was vulnerable
PR: 201709
Security: https://vuxml.FreeBSD.org/freebsd/ea1d2530-72ce-11e5-a2a1-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/ec34d0c2-1799-11e2-b4ab-000c29033c32.html
Security: CVE-2012-3363 |
1.1_2 14 Oct 2015 19:02:29 |
jbeich |
net/miniupnpc: improve TALOS-2015-0035 entry in VuXML
- Add "reserved" CVE link
- Adjust version range to include a few previous snapshots
and different fix in /branches/2015Q4
PR: 203705 |
1.1_2 14 Oct 2015 17:05:18 |
jbeich |
net/miniupnpc: reference TALOS-2015-0035 fix
It maybe easier to backport to the quaterly branch than the development
snapshot that caused fallout in most consumers.
PR: 203705 |
1.1_2 14 Oct 2015 16:53:26 |
feld |
Document www/pear-twig remote code execution
Security: CVE-2015-7809 |
1.1_2 14 Oct 2015 16:47:15 |
feld |
Document assigned CVE for graphics/optipng
Security: CVE-2015-7801 |
1.1_2 14 Oct 2015 16:21:20 |
feld |
net/miniupnpc: Document buffer overflow
PR: 203705
Security: TALOS-2015-0035 |
1.1_2 14 Oct 2015 12:21:59 |
kwm |
Document latest flash vulnabilities.
Security: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627,
CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631,
CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643,
CVE-2015-7644 |
1.1_2 13 Oct 2015 19:31:43 |
rene |
Forgot two vulnerabilities in the previous commit. |
1.1_2 13 Oct 2015 19:28:44 |
rene |
Document new vulnerabilities in www/chromium < 46.0.2490.71
Obtained
from: http://googlechromereleases.blogspot.nl/2015/10/stable-channel-update.html |
1.1_2 12 Oct 2015 14:19:25 |
junovitch |
Add CVE assignment to r398701 Zend Framework 1 entry
PR: 203462
Security: CVE-2015-7695
Security: https://vuxml.FreeBSD.org/freebsd/d3324fdb-6bf0-11e5-bc5e-00505699053e.html |
1.1_2 12 Oct 2015 14:11:12 |
junovitch |
Add CVE assignment to r398626 PHP entry
PR: 203541
Security: CVE-2015-7804
Security: CVE-2015-7803
Security:
https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html |
1.1_2 10 Oct 2015 15:27:11 |
junovitch |
Document shell command execution via improper escaping in p5-UI-Dialog
PR: 203667
Security: CVE-2008-7315
Security: https://vuxml.FreeBSD.org/freebsd/00dadbf0-6f61-11e5-a2a1-002590263bf5.html |
1.1_2 10 Oct 2015 15:01:55 |
junovitch |
Document iPython vulnerabilities fixed in 3.2.2
PR: 203668
Security: CVE-2015-6938
Security: CVE-2015-7337
Security: https://vuxml.FreeBSD.org/freebsd/290351c9-6f5c-11e5-a2a1-002590263bf5.html |
1.1_2 08 Oct 2015 21:18:53 |
girgen |
Add entry for two security problems in PostgreSQL
CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed. |
1.1_2 06 Oct 2015 15:02:39 |
wg |
security/vuxml: Document Zend Framework 1 vulnerability
PR: 203462
Security: d3324fdb-6bf0-11e5-bc5e-00505699053e
Security: CVE-2014-8089 |
06 Oct 2015 02:54:50
|
junovitch |
Document OpenSMTPD vulnerabilities (5.7.3)
Revise pkg name, add PORTEPOCH, add more detail to earlier entry (5.7.2)
Security: 42852f72-6bd3-11e5-9909-002590263bf5
Security: ee7bdf7f-11bb-4eea-b054-c692ab848c20
Security: CVE-2015-7687 |
06 Oct 2015 02:24:47
|
junovitch |
Document recent mbed TLS/PolarSSL security releases
PR: 203544
Security: 5d280761-6bcf-11e5-9909-002590263bf5
Security: 953aaa57-6bce-11e5-9909-002590263bf5 |
1.1_2 05 Oct 2015 11:56:44 |
kwm |
Unbreak vuxml, woops. |
1.1_2 05 Oct 2015 11:46:57 |
kwm |
Document heap overflows and a DoS in gdk-pixbuf2.
Security: CVE-2015-7673, CVE-2015-7674 |
1.1_2 05 Oct 2015 03:09:24 |
junovitch |
Document 20150910 Plone advisories
PR: 203255
Security: 6b3374d4-6b0b-11e5-9909-002590263bf5 |
1.1_2 05 Oct 2015 00:00:12 |
junovitch |
Document PHP multiple security advisories in phar plugin
PR: 203541
Security: c1da8b75-6aef-11e5-9909-002590263bf5 |
1.1_2 04 Oct 2015 21:27:56 |
junovitch |
Add CVE reference to Apache James entry
PR: 203461
Security: CVE-2015-7611
Security: be3069c9-67e7-11e5-9909-002590263bf5 |
1.1_2 04 Oct 2015 14:23:03 |
swills |
Document mail/opensmtpd vulnerability |
1.1_2 01 Oct 2015 03:14:14 |
junovitch |
Document security advisory for the Apache James server
PR: 203461
Security: be3069c9-67e7-11e5-9909-002590263bf5 |
1.1_2 30 Sep 2015 06:18:37 |
cs |
Report OTRS vulnerability
Security: CVE-2015-6842, CVE-2013-7135 |
1.1_2 28 Sep 2015 09:29:05 |
kwm |
Document newest flash vulnabilities. |
1.1_2 28 Sep 2015 02:54:41 |
junovitch |
Fix <freebsdpr> syntax on several entries
Without ports/ prepended to the PR number, the http://www.vuxml.org links
go to https://bugs.FreeBSD.org and not the actual PR.
While here, "trongSwan" -> "StrongSwan" spelling correction
PR: 200777 |
1.1_2 28 Sep 2015 01:09:12 |
junovitch |
Document multiple vulnerabilities in CodeIgniter
PR: 203401
Security: 5114cd11-6571-11e5-9909-002590263bf5
Security: 01bce4c6-6571-11e5-9909-002590263bf5
Security: c21f4e61-6570-11e5-9909-002590263bf5
Security: f838dcb4-656f-11e5-9909-002590263bf5
Security: b7d785ea-656d-11e5-9909-002590263bf5 |
1.1_2 27 Sep 2015 08:38:33 |
rene |
Document new vulnerabilities in www/chromium < 45.0.2454.101
Obtained
from: http://googlechromereleases.blogspot.nl/2015/09/stable-channel-update_24.html |
1.1_2 24 Sep 2015 02:56:07 |
junovitch |
Revise Moodle multiple security vulnerabilities from r397210 to reflect
recently published advisory
Security: CVE-2015-5264
Security: CVE-2015-5272
Security: CVE-2015-5265
Security: CVE-2015-5266
Security: CVE-2015-5267
Security: CVE-2015-5268
Security: CVE-2015-5269
Security: c2fcbec2-5daa-11e5-9909-002590263bf5 |
1.1_2 23 Sep 2015 20:24:28 |
feld |
Fix older ruby vuxml entry
If you follow official instructions to change your default ruby version
it alters the ruby package name and vuxml will produce false positives.
This change will solve these scenarios.
PR: 203227 |
1.1_2 22 Sep 2015 17:26:45 |
feld |
libssh2 version entry range was missing PORTEPOCH
Security: 9770d6ac-614d-11e5-b379-14dae9d210b8 |
1.1_2 22 Sep 2015 17:20:01 |
feld |
Document vulnerability in security/libssh2
Security: CVE-2015-1782 |
1.1_2 22 Sep 2015 16:46:17 |
jbeich |
Summary: Document recent Mozilla vulnerabilities |
1.1_2 20 Sep 2015 09:23:02 |
jbeich |
Mention ports with libzip copy |
1.1_2 20 Sep 2015 05:45:26 |
jbeich |
Fix typo |
1.1_2 20 Sep 2015 05:43:17 |
jbeich |
Next avidemux2 may have CVE-2015-3395 fix, adjust
https://github.com/mean00/avidemux2/commit/cfb9760 |
1.1_2 20 Sep 2015 05:27:38 |
jbeich |
Document recent ffmpeg vulnerabilities
libav 11.4 was released before the fixes were made while ffmpeg 2.3.x
and lower are not maintained anymore. Bundle consumers are out of luck
unless low impact there or the fixes are easy to cherry-pick. |
1.1_2 18 Sep 2015 21:08:54 |
cs |
Update dcraw entry in VUXML
PR: 203034
Submitted by: yuri@rawbw.com (maintainer of lightzone)
Security: 57325ecf-facc-11e4-968f-b888e347c638 |
1.1_2 18 Sep 2015 02:23:57 |
junovitch |
Document Moodle multiple security vulnerabilities
Note upstream has not released CVE assignments or details of the issues at
this time. Document the current verbiage from the release notes to help
downstream users proactively update. |
1.1_2 18 Sep 2015 01:34:32 |
junovitch |
Document squid TLS/SSL parser denial of service vulnerability
No CVE assigned yet
PR: 203186 |
1.1_2 18 Sep 2015 00:33:01 |
junovitch |
Document remind buffer overflow with malicious reminder file input
PR: 202942
Security: CVE-2015-5957 |
1.1_2 17 Sep 2015 16:32:20 |
feld |
Alter <topic> of some of my recent entries to be more consistently worded |
1.1_2 17 Sep 2015 16:28:36 |
feld |
Normalize "use after free" as "use-after-free" in <topic>
I noticed when browsing vuxml.freebsd.org an even split between "use
after free" and "use-after-free". It seemed to make sense to standardize
on one style so future editors will have a common usage to guide them
when new entries are created. |
1.1_2 17 Sep 2015 16:16:13 |
feld |
Document deskutils/shutter vulnerability
Security: CVE-2015-0854 |
1.1_2 17 Sep 2015 15:50:14 |
feld |
Document graphics/openjpeg vulnerability
No CVE assigned yet |
1.1_2 17 Sep 2015 14:56:54 |
feld |
Document vulnerability in older graphics/optipng
No CVE assigned yet |
1.1_2 17 Sep 2015 14:50:07 |
feld |
Document net/openslp vulnerability
Security: CVE-2015-5155 |
1.1_2 16 Sep 2015 20:21:09 |
feld |
Document archivers/p7zip vulnerability
Security: CVE-2015-1038 |
1.1_2 16 Sep 2015 16:32:40 |
feld |
Document www/h2o vulnerability
PR: 203096
PR: 203147
Security: CVE-2015-5638 |
1.1_2 15 Sep 2015 23:21:11 |
delphij |
Fix spelling of zh_CN for wordpress vulnerabilities. |
1.1_2 15 Sep 2015 18:15:35 |
delphij |
Document wordpress multiple vulnerabilities. |
1.1_2 14 Sep 2015 03:59:25 |
ohauer |
- document bugzilla CVE-2015-4499 |
1.1_2 13 Sep 2015 19:41:01 |
feld |
net/openldap24-server Fix affected package name
Submitted by: dvl
Security: 4910d161-58a4-11e5-9ad8-14dae9d210b8 |
1.1_2 12 Sep 2015 13:26:12 |
feld |
Document net/openldap24-server vulnerability
Security: CVE-2015-6908 |
1.1_2 09 Sep 2015 20:41:23 |
naddy |
Expand a35f415d-572a-11e5-b0a4-f8b156b6dcc8:
multiple vulnerabilities in audio/vorbis-tools and audio/opus-tools |
1.1_2 09 Sep 2015 19:53:44 |
naddy |
Document oggenc buffer overflow in audio/vorbis-tools.
Security: CVE-2015-6749 |
1.1_2 09 Sep 2015 14:18:41 |
junovitch |
Document pgbouncer failed auth_query lookups falling back to auth_user
Note the vulnerable version was not committed to ports, however document
the issue in the interest of being thorough and catching any user who
made this as a local change.
PR: 202957
Security: CVE-2015-6817
Security: d76961da-56f6-11e5-934b-002590263bf5
Approved by: feld (mentor) |
1.1_2 08 Sep 2015 18:49:47 |
matthew |
Document the latest phpMyAdmin vulnerability: reCaptcha bypass |
1.1_2 08 Sep 2015 18:44:48 |
feld |
Correct some package names that were mistakenly labeled as php56
Security: 3d675519-5654-11e5-9ad8-14dae9d210b8 |
1.1_2 08 Sep 2015 18:33:40 |
feld |
Add assigned CVEs to previous php vulnerability entry
Security: 787ef75e-44da-11e5-93ad-002590263bf5
Security: CVE-2015-6831
Security: CVE-2015-6832
Security: CVE-2015-6833 |
1.1_2 08 Sep 2015 18:32:07 |
feld |
Document php vulnerabilities
Security: CVE-2015-6834
Security: CVE-2015-6835
Security: CVE-2015-6836
Security: CVE-2015-6837
Security: CVE-2015-6838 |
1.1_2 08 Sep 2015 17:38:32 |
feld |
Spelling frontent -> frontend
Security: d68df01b-564e-11e5-9ad8-14dae9d210b8 |
1.1_2 08 Sep 2015 17:32:47 |
feld |
Document sysutils/ganglia-webfrontent vulnerability
Security: CVE-2015-6816 |
1.1_2 08 Sep 2015 17:14:28 |
feld |
Add net/wireshark-qt5 as affected
Security: 9bdd8eb5-564a-11e5-9ad8-14dae9d210b8 |
1.1_2 08 Sep 2015 17:10:09 |
feld |
Document net/wireshark vulnerabilities
Security: CVE-2015-6241
Security: CVE-2015-6242
Security: CVE-2015-6243
Security: CVE-2015-6244
Security: CVE-2015-6245
Security: CVE-2015-6246
Security: CVE-2015-6247
Security: CVE-2015-6248
Security: CVE-2015-6249 |
1.1_2 08 Sep 2015 16:34:20 |
feld |
Document sysutils/screen vulnerability
Security: CVE-2015-6806 |
1.1_2 08 Sep 2015 16:18:17 |
feld |
Document net/libvncserver vulnerability
Old issue ignored in RH bugzilla; CVE recently requested |
1.1_2 04 Sep 2015 17:37:08 |
kwm |
Document a number of integer overflows in gdk-pixbuf2. |
1.1_2 03 Sep 2015 15:23:32 |
feld |
Minimum range adjustment for bind vulnerability
Pointyhat: firmly seated on head
Submitted by: mat
Security: CVE-2015-5986
Security: 2c5e7e23-5248-11e5-9ad8-14dae9d210b8 |
1.1_2 03 Sep 2015 15:15:35 |
feld |
Correct version range mistakes in bind vulnerabilities
Submitted by: mat
Security: 2c5e7e23-5248-11e5-9ad8-14dae9d210b8
Security: eaf3b255-5245-11e5-9ad8-14dae9d210b8 |
1.1_2 03 Sep 2015 14:34:58 |
feld |
Document bind vulnerabilities
Security: CVE-2015-5986
Security: CVE-2015-5722 |
1.1_2 02 Sep 2015 18:06:52 |
rene |
Document new vulnerabilities in www/chromium < 45.0.2454.85
Submitted by: Carlos Jacobo Puga Medina
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_2 02 Sep 2015 16:37:21 |
feld |
Document dns/powerdns vulnerability
PR: 202738
Security: CVE-2015-5230 |
1.1_2 02 Sep 2015 00:30:56 |
junovitch |
Revise Ghostscript entry date to match date of commit.
Approved by: delphij (mentor) |
1.1_2 01 Sep 2015 22:12:58 |
junovitch |
Document denial of service (crash) via crafted Postscript files for Ghostscript
PR: 202781
Security: CVE-2015-3228
Security: fc1f6658-4f53-11e5-934b-002590263bf5
Approved by: feld (mentor) |
1.1_2 01 Sep 2015 13:42:58 |
jbeich |
Document recent ffmpeg/libav vulnerabilities |
1.1_2 29 Aug 2015 15:23:30 |
feld |
Document graphics/graphviz vulnerability
No CVE assigned |