Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_2 24 May 2015 03:43:25 |
xmj |
document possible vulnerabilities in sysutils/py-salt
PR: 200172
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk> |
1.1_2 23 May 2015 18:25:51 |
pi |
Add entry for mail/davmail.
PR: 198297
Submitted by: Jason Unovitch <jason.unovitch@gmail.com>
Approved by: <john.c.prather@gmail.com> (maintainer (timeout)) |
1.1_2 23 May 2015 08:38:18 |
mandree |
Document dnsmasq and -devel vulnerabilities (CVE-2015-3294 and one other in rc). |
1.1_2 22 May 2015 22:49:13 |
delphij |
Document PCRE and PHP multiple vulnerabilities. |
1.1_2 22 May 2015 22:15:22 |
delphij |
Correct PR number.
Submitted by: jason.unovitch gmail.com |
1.1_2 22 May 2015 19:06:28 |
girgen |
Record some minor PostgreSQL sercurity problems.
"This update fixes three security vulnerabilities reported in PostgreSQL over
the past few months. Nether of these issues is seen as particularly urgent.
However, users should examine them in case their installations are vulnerable."
URL: http://www.postgresql.org/about/news/1587/ |
1.1_2 22 May 2015 07:04:28 |
delphij |
Pass full path to the vuln.xml file to extra-validation.py. Without this,
if .OBJDIR differs from .CURDIR, the validation would fail.
PR: 193923
Reported by: jbeich |
1.1_2 20 May 2015 19:21:07 |
delphij |
Document CVE-2015-3306 proftpd mod_copy unauthenticated copying of files
vulnerability. |
1.1_2 19 May 2015 19:27:39 |
brd |
Document vulnerability in security/ipsec-tools.
PR: 200334
Approved by: bdrewery (mentor) |
1.1_2 19 May 2015 17:48:07 |
rene |
Document new vulnerabilities in www/chromium < 43.0.2357.65
Obtained
from: http://googlechromereleases.blogspot.nl/2015/05/stable-channel-update_19.html |
1.1_2 19 May 2015 07:54:29 |
delphij |
Document ClamAV multiple vulnerabilities. |
1.1_2 17 May 2015 15:48:13 |
mmoll |
security/vuxml: Add CVE-2015-3900 entry for devel/ruby-gems
PR: 200264
Differential Revision: https://reviews.freebsd.org/D2572
Approved by: mat (mentor)
Security: CVE-2015-3900 |
1.1_2 17 May 2015 10:06:10 |
nox |
Document qemu "VENOM" vulnerability - CVE-2015-3456
PR: 200255
PR: 200256
PR: 200257
Submitted by: venture37@geeklan.co.uk
Security: http://vuxml.FreeBSD.org/freebsd/2780e442-fc59-11e4-b18b-6805ca1d3bb1.html |
1.1_2 16 May 2015 10:00:59 |
makc |
Document Quassel IRC vulnerability CVE-2015-3427 |
1.1_2 15 May 2015 22:31:30 |
truckman |
Correct entry for apache-openoffice-* / libreoffice CVE-2015-1774 so
that apache-openoffice-4.1.1_9 is not incorrectly flagged as vulnerable.
Approved by: mat (mentor, implicit) |
1.1_2 15 May 2015 12:02:57 |
mmoll |
security/vuxml: document vulnerability in rubygem-redcarpet <3.2.3
PR: 200195
Differential Revision: https://reviews.freebsd.org/D2548
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
Approved by: mat (mentor) |
1.1_2 15 May 2015 07:12:20 |
rodrigo |
security/vuxml: Add CVE-2015-3885 entry for graphics/ufraw
PR: 200197 |
1.1_2 13 May 2015 18:51:23 |
matthew |
Record two new phpMyAdmin security vulnerabilities |
1.1_2 13 May 2015 14:39:01 |
xmj |
Document multiple vulnerabilities in www/linux-*-flashplugin11.
Security: CVE-2015-3044
Security: CVE-2015-3077
Security: CVE-2015-3078
Security: CVE-2015-3079
Security: CVE-2015-3080
Security: CVE-2015-3081
Security: CVE-2015-3082
Security: CVE-2015-3083
Security: CVE-2015-3084
Security: CVE-2015-3085
Security: CVE-2015-3086
Security: CVE-2015-3087
Security: CVE-2015-3088
Security: CVE-2015-3089
Security: CVE-2015-3090
Security: CVE-2015-3091
Security: CVE-2015-3092
Security: CVE-2015-3093 |
1.1_2 12 May 2015 18:24:57 |
jbeich |
VuXML: document recent mozilla vulnerabilities |
1.1_2 12 May 2015 10:48:17 |
koobs |
security/vuxml: Add CVE-2015-0971 entry for security/suricata |
1.1_2 11 May 2015 18:12:03 |
delphij |
Revert r385940,r385932,r385864:
The usage of * is actually valid, as pointed out at the FreeBSD porter's
handbook:
https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html
Which denotes "the smallest version number" (in other words, * < 0).
Requested by: many
Pointy hat to: delphij |
1.1_2 10 May 2015 20:24:26 |
rakuco |
Add entry for CVE-2015-3146 in security/libssh. |
1.1_2 10 May 2015 12:12:31 |
ohauer |
- fix a second postfix entry
PR: 200089 (followup) |
1.1_2 10 May 2015 08:28:44 |
delphij |
Correct version range.
PR: 200089 |
1.1_2 09 May 2015 08:20:45 |
delphij |
* is not valid for version number, replace all instances with 0 and bump
modification date.
Submitted by: Chris Nehren <cnehren tenable com> (version number part) |
1.1_2 08 May 2015 18:42:31 |
jbeich |
VuXML: update sqlite3 entry with verbose descriptions. CVE-2015-341[4-6]
PR: 199483 |
1.1_2 07 May 2015 23:56:04 |
truckman |
Document HWP filter vulnerability in editors/libreoffice < 4.3.7 and
editors/openoffice < 4.1.2, CVE-2015-1774.
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D2475 |
1.1_2 07 May 2015 09:21:40 |
kwm |
Document current and previous wordpress vulnabilities. |
1.1_2 02 May 2015 00:59:18 |
delphij |
Fix version range of two ancient items.
Submitted by: Chris Nehren <cnehren tenable com> |
1.1_2 01 May 2015 15:05:36 |
brd |
Add entry for powerdns and powerdns-recursor.
Approved by: bdrewery (mentor) |
1.1_2 28 Apr 2015 20:28:49 |
rene |
Document new vulnerabities in www/chromium < 42.0.2311.135
Obtained
from: http://googlechromereleases.blogspot.nl/2015/04/stable-channel-update_28.html |
1.1_2 27 Apr 2015 10:53:41 |
rene |
Document new vulnerabilities in www/chromium < 42.0.2311.90
Obtained
from: http://googlechromereleases.blogspot.nl/2015/04/stable-channel-update_14.html |
1.1_2 26 Apr 2015 16:32:34 |
marino |
security/vuxml: Add entry for security/wpa_supplicant
Security: CVE-2015-1863
PR: 199678 |
1.1_2 26 Apr 2015 06:34:50 |
delphij |
Document PHP multiple vulnerabilities.
Submitted by: Bernard Spil <spil.oss gmail com> |
1.1_2 24 Apr 2015 16:52:03 |
kwm |
There are actualy two chinese wordpress ports, which have both different
suffixes. List them both. |
1.1_2 24 Apr 2015 15:42:31 |
kwm |
Add wordpress vulnabilities. |
1.1_2 22 Apr 2015 07:40:02 |
novel |
Add an entry for security/libtasn1 vulnerability.
Security: CVE-2015-2806 |
1.1_2 21 Apr 2015 02:41:56 |
jbeich |
Document new Firefox vulnerability. CVE-2015-2706 |
1.1_2 18 Apr 2015 10:17:25 |
jbeich |
Document sqlite3 multiple vulnerabilites
PR: 199483 |
1.1_2 18 Apr 2015 09:27:51 |
jbeich |
Document chrony multiple vulnerabilites.
PR: 199508 |
1.1_2 17 Apr 2015 22:11:15 |
jbeich |
Document new Dulwich vulnerability. CVE-2015-0838
PR: 199162
Submitted by: Marco Broder (maintainer) |
1.1_2 17 Apr 2015 10:09:42 |
xmj |
Register Flash vulnerabilities.
Affected: www/linux-*-flashplugin11. |
1.1_2 17 Apr 2015 08:04:25 |
jbeich |
Document Wesnoth vulnerability. CVE-2015-0844
PR: 199414 |
1.1_2 14 Apr 2015 08:33:05 |
rakuco |
Add entry for CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860.
Multiple vulnerabilities in Qt image format handling (the 3 CVEs are part of
the same security advisory). |
1.1_2 14 Apr 2015 00:50:37 |
swills |
Document issues in ruby |
1.1_2 09 Apr 2015 19:35:01 |
mandree |
Add mailman < 2.1.20 vulnerability.
Port update to arrive shortly. |
1.1_2 08 Apr 2015 21:46:52 |
madpilot |
Document new asterisk ports vulnerability. |
1.1_2 07 Apr 2015 23:48:04 |
delphij |
Document NTP multiple vulnerabilities. |
1.1_2 03 Apr 2015 23:42:56 |
jbeich |
Document mozilla vulnerabilities in Firefox 37.0 |
1.1_2 03 Apr 2015 16:34:46 |
riggs |
Document multiple vulnerabilities in multimedia/libav prior to version 11.3
PR: 198873
Submitted by: venture37@geeklan.co.uk
MFH: 2015Q2 |
1.1_2 01 Apr 2015 20:03:30 |
delphij |
Document multiple vulnerabilities of PHP.
Submitted by: Bernard Spil <bernard bachfreund nl> |
1.1_2 31 Mar 2015 20:16:05 |
ohauer |
- document subversion issues
http://subversion.apache.org/security/
Security: CVE-2015-0202
Security: CVE-2015-0248
Security: CVE-2015-0251 |
1.1_2 31 Mar 2015 18:40:30 |
jbeich |
Document mozilla vulnerabilities |
1.1_2 31 Mar 2015 16:10:21 |
amdmi3 |
Add vulnerability for devel/osc.
Security: CVE-2015-0778
PR: 198876
Submitted by: venture37@geeklan.co.uk |
1.1_2 31 Mar 2015 14:51:31 |
naddy |
Document GNU cpio vulnerabilities CVE-2014-9112 and CVE-2015-1197. |
1.1_2 28 Mar 2015 16:50:00 |
makc |
Document libzip vulnerability CVE-2015-2331 |
1.1_2 27 Mar 2015 05:33:35 |
lwhsu |
Document django vulnerability CVE-2015-2316 and CVE-2015-2317 |
1.1_2 25 Mar 2015 13:13:58 |
dvl |
Revert my previous commit. |
1.1_2 25 Mar 2015 13:03:33 |
dvl |
Convert non-ASCII quotes to ASCII characters
Approved by: mat (mentor) |
1.1_2 24 Mar 2015 23:20:00 |
jgh |
- fixing package name
$ make -C /usr/ports/devel/mingw64-binutils/ -V PKGNAME
x86_64-pc-mingw32-binutils-2.23.2_1 |
1.1_2 24 Mar 2015 22:15:49 |
zi |
- Fix vuxml build: bad package names in f6a014cd-d268-11e4-8339-001e679db764
- Fix blockquote style to match rest |
1.1_2 24 Mar 2015 21:32:04 |
brooks |
The ancient version of binutils in the cross-binutils port suffers for
several vulnerabilities.
This also effects devel/mingw64-binutils.
PR: 198816
Reported by: Sevan Janiyan <venture37@geeklan.co.uk> |
1.1_2 24 Mar 2015 16:11:41 |
vanilla |
Document nodejs (libuv) CVE-2015-0278.
PR: 198861
Submitted by: venture37@geeklan.co.uk |
1.1_2 24 Mar 2015 12:17:14 |
xmj |
Document vulnerable linux-c6-openssl versions in vuxml entry from 2015-03-19
Approved by: swills (mentor) |
1.1_2 24 Mar 2015 06:22:28 |
lwhsu |
Document Jenkins Security Advisory 2015-03-23 |
1.1_2 22 Mar 2015 04:45:56 |
jbeich |
Document mozilla issues disclosed at HP Zero Day Initiative's Pwn2Own |
1.1_2 19 Mar 2015 22:54:14 |
delphij |
Mention LibreSSL too. Use <ul>'s per suggestion from vsevolod [1].
PR: 198718 [1] |
1.1_2 19 Mar 2015 21:21:04 |
delphij |
Document OpenSSL multiple vulnerabilities. |
1.1_2 18 Mar 2015 09:07:06 |
kwm |
Record new libXfont security issues. |
1.1_2 16 Mar 2015 17:01:02 |
xmj |
Add latest security vulnerabilities in linux-*-flashplugin11:
CVE-2015-0332
CVE-2015-0333
CVE-2015-0334
CVE-2015-0335
CVE-2015-0336
CVE-2015-0337
CVE-2015-0338
CVE-2015-0339
CVE-2015-0340
CVE-2015-0341
CVE-2015-0342
Differential Revision: https://reviews.freebsd.org/D2061
Approved by: swills (mentor) |
1.1_2 13 Mar 2015 04:08:21 |
brd |
Add vulnerability for mail/sympa.
Approved by: bapt
Security: CVE-2015-1306 |
1.1_2 08 Mar 2015 11:55:51 |
matthew |
Document latest security vulnerabilities in rt42 and rt40:
CVE-2014-9472
CVE-2015-1165
CVE-2015-1464 |
1.1_2 08 Mar 2015 11:41:19 |
matthew |
Document the latest phpMyAdmin vulnerability: CVE-2015-2206 |
1.1_2 07 Mar 2015 17:17:32 |
romain |
Document mono TLS bugs.
Reported by: delphij |
1.1_2 05 Mar 2015 22:10:27 |
mandree |
Document recently fixed PuTTY < 0.64 vuln. CVE-2015-2157. |
1.1_2 04 Mar 2015 23:18:36 |
rene |
Document new vulnerabilities in www/chromium < 41.0.2272.76
Submitted by: Carlos Jacobo Puga Medina
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_2 04 Mar 2015 23:05:03 |
rakuco |
Add entry for CVE-2015-0295 in qt4-gui and qt5-gui. |
1.1_2 01 Mar 2015 03:42:31 |
swills |
Add entry for security issue in jenkins
Reviewed by: zi |
1.1_2 27 Feb 2015 08:28:03 |
jbeich |
Fix typo: s/MSFA/MFSA/. The source to follow later.
https://bugzilla.mozilla.org/show_bug.cgi?id=1137604 |
1.1_2 27 Feb 2015 07:14:24 |
jbeich |
Document mozilla vulnerabilities |
1.1_2 26 Feb 2015 19:58:59 |
brd |
Document vulnerablities in php for CVE-2015-0235 and CVE-2015-0273.
Approved by: zi (mentor) |
1.1_2 26 Feb 2015 01:12:45 |
cy |
Document bugs fixed in krb5 1.11.6.
* Handle certain invalid RFC 1964 GSS tokens correctly to avoid
invalid memory reference vulnerabilities. [CVE-2014-4341
CVE-2014-4342]
* Fix memory management vulnerabilities in GSSAPI SPNEGO.
[CVE-2014-4343 CVE-2014-4344]
* Fix buffer overflow vulnerability in LDAP KDB back end.
[CVE-2014-4345]
* Fix multiple vulnerabilities in the LDAP KDC back end.
[CVE-2014-5354 CVE-2014-5353]
* Fix multiple kadmind vulnerabilities, some of which are based in the
gssrpc library. [CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
CVE-2014-9423]
Security: CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344
CVE-2014-4345, CVE-2014-5354, CVE-2014-5353, CVE-2014-5352
CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 |
1.1_2 24 Feb 2015 00:54:48 |
delphij |
Document Samba remote code execution vulnerability. |
1.1_2 24 Feb 2015 00:20:17 |
mandree |
Record two e2fsprogs vulnerabilities.CVE-2015-0247
<URL:http://vuxml.freebsd.org/0f488b7b-bbb9-11e4-903c-080027ef73ec.html>
Topic: e2fsprogs -- potential buffer overflow in closefs()
Affects:
e2fsprogs < 1.42.12_2
References:
url:http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
cvename:CVE-2015-1572
<URL:http://vuxml.freebsd.org/2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html>
Security: CVE-2015-0247
Security: CVE-2015-1572
Security: 0f488b7b-bbb9-11e4-903c-080027ef73ec
Security: 2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html |
1.1_2 23 Feb 2015 22:13:03 |
delphij |
Document BIND DoS issue with trust anchor management. |
1.1_2 21 Feb 2015 16:12:37 |
cy |
Kerberos Version 5, Release 1.12.3 is released affecting
security/krb5-112. This fixes multiple vulnerabilities, some previously
committed by point patches and others newly fixed in this release.
* Fix multiple vulnerabilities in the LDAP KDC back end.
[CVE-2014-5354] [CVE-2014-5353]
* Fix multiple kadmind vulnerabilities, some of which are based in the
gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
CVE-2014-9422 CVE-2014-9423]
Security: CVE-2014-5354, CVE-2014-5353
Security: CVE-2014-5352, CVE-2014-5352, CVE-2014-9421
Security: CVE-2014-9422, CVE-2014-9423 |
1.1_2 17 Feb 2015 22:03:33 |
delphij |
Document unzip heap based buffer overflow in iconv patch.
PR: ports/197772 |
1.1_2 17 Feb 2015 17:19:32 |
madpilot |
Add modified date to entries I touched recently.
Noticed by: kwm (thanks) |
1.1_2 17 Feb 2015 16:14:31 |
madpilot |
Add CVE number to asterisk advisory. |
1.1_2 13 Feb 2015 20:23:29 |
cy |
Backported patches for CVE-2014-5353 and CVE-2014-5354 received from MIT
for krb5-111 and krb5-112.
Obtained from: Greg Hudson <ghudson@mit.edu>
Security: CVE-2014-5353, CVE-2014-5354 |
1.1_2 13 Feb 2015 01:59:09 |
zi |
- Additional fixes from the krb5 commit |
1.1_2 13 Feb 2015 01:55:34 |
zi |
- Correct errors in previous commit to resolve build |
1.1_2 13 Feb 2015 01:45:41 |
cy |
Document new krb5 vulnerabilities.
Security: CVE-2014-5353, CVE-2014-5354 |
1.1_2 12 Feb 2015 21:00:50 |
kwm |
The xorg-server entry in commit 378888, also mention portepoch for the other
version we want to check. |
1.1_2 12 Feb 2015 19:56:46 |
kwm |
Document xorg-server CVE-2015-0255.
Information leak in the XkbSetGeometry request of X servers |
1.1_2 09 Feb 2015 08:23:51 |
girgen |
In r378499, PostgreSQL package names where not version-suffixed. Fixed this.
Submitted by: kuriyama@ |
1.1_2 06 Feb 2015 23:27:42 |
rene |
Fix CVE name for www/chromium entry
Submitted by: bz via bot |
1.1_2 06 Feb 2015 22:48:15 |
delphij |
Document two recent OpenLDAP DoS issues. |
1.1_2 06 Feb 2015 22:21:15 |
rene |
Document new vulnerabilities in www/chromium < 40.0.2214.111
Submitted by: Carlos Jacobo Puga Medina
Obtained from: http://googlechromereleases.blogspot.nl/ |