| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_2
04 Feb 2015 20:38:31
   |
cy  |
Add the following KRB5 CVEs.
CVE-2014-5352: gss_process_context_token() incorrectly frees context
CVE-2014-9421: kadmind doubly frees partial deserialization results
CVE-2014-9422: kadmind incorrectly validates server principal name
CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
Security: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 |
1.1_2
03 Feb 2015 22:35:06
|
delphij |
Document unzip out of boundary access issues in test_compr_eb.
PR: ports/197300 |
1.1_2
02 Feb 2015 19:09:36
|
xmj |
Add linux-f10-devtools (any version) and linux-c6-devtools (prior to 6.6_3) to
the CVE-2015-0235 entry from 2015-01-28.
Approved by: swills (mentor) |
1.1_2
02 Feb 2015 15:25:31
|
feld |
Add net-mgmt/xymon-server CVE-2015-1430 |
1.1_2
02 Feb 2015 14:53:57
|
xmj |
www/linux-*-flashplugin11: Add CVE-2015-0313
Spotted by: kwm
Approved by: swills (mentor) |
1.1_2
31 Jan 2015 16:09:37
|
olgeni |
Add CVE-2015-0862 for net/rabbitmq. |
1.1_2
31 Jan 2015 15:07:29
|
ohauer |
- document apache24 issues |
1.1_2
29 Jan 2015 11:20:52
|
madpilot |
Document asterisk security issues.
While here, add CVE number to a previous asterisk entry. |
1.1_2
28 Jan 2015 08:39:21
|
xmj |
Add CVE-2015-0235.
- Affects linux_base-*
Approved by: so@ (des) |
1.1_2
26 Jan 2015 21:20:44
|
tijl |
Document critical Adobe Flash Player vulnerability (CVE-2015-0311) |
1.1_2
26 Jan 2015 20:24:08
|
ohauer |
- document bugzilla security issues |
1.1_2
24 Jan 2015 17:58:08
|
lwhsu |
- Fix description of 9c7b6c20-a324-11e4-879c-00e0814cab4e |
1.1_2
23 Jan 2015 17:47:01
|
lwhsu |
Document Django 2014-01-13 vulnerabilty |
1.1_2
22 Jan 2015 17:43:48
|
mi |
Add a note about the just-fixed vulnerability of applications using net/libutp.
PR: 196351
Differential Revision: D1575
Submitted by: Jan Beich
Approved by: bapt |
1.1_2
22 Jan 2015 17:09:22
|
xmj |
Amend linux-c6-openssl version in OpenSSL entry from 2015-01-08.
Approved by: swills (mentor) |
1.1_2
22 Jan 2015 17:02:41
|
vsevolod |
Add CVE-2015-0206 description for LibreSSL port. |
1.1_2
22 Jan 2015 12:54:14
|
tijl |
Document Adobe Flash Player vulnerabilities |
1.1_2
21 Jan 2015 22:09:39
|
rene |
Document new vulnerabilities in www/chromium < 40.0.2214.91
Also affects FFmpeg, ICU, DOM but the links on the webpage all result in a 403.
Obtained from: http://googlechromereleases.blogspot.nl |
1.1_2
19 Jan 2015 20:52:53
|
jase |
security/vuxml:
- Document security/polarssl and security/polarssl13 crafted certificates
vulnerability (CVE-2015-1182) |
1.1_2
16 Jan 2015 08:18:14
|
ehaupt |
Document multiple archivers/unzip vulnerabilities (CVE-2014-8139,
CVE-2014-8140, CVE-2014-8141).
PR: 196777 (based on)
Submitted by: rsimmons0@gmail.com |
1.1_2
16 Jan 2015 04:05:18
|
timur |
Add description of CVE-2014-8143 in net/samba4 and net/samba41 |
1.1_2
14 Jan 2015 21:54:31
|
rakuco |
Add entry for CVE-2013-7252 in x11/kde4-runtime. |
1.1_2
14 Jan 2015 07:10:09
|
beat |
Document mozilla vulnerabilities |
1.1_2
11 Jan 2015 19:39:46
|
mm |
Add vuln.xml entry for libevent CVE-2014-6272
PR: ports/199640 |
1.1_2
09 Jan 2015 18:56:57
|
sunpoet |
- Fix more typo |
1.1_2
09 Jan 2015 18:51:33
|
sunpoet |
- Fix typo |
1.1_2
09 Jan 2015 18:41:23
|
sunpoet |
- Document cURL URL request injection vulnerability (CVE-2014-8150) |
1.1_2
09 Jan 2015 13:35:32
|
kwm |
Document webkit-gtk[23] vulnabilities. |
1.1_2
09 Jan 2015 00:00:00
|
delphij |
Document OpenSSL multiple vulnerabilities. |
1.1_2
06 Jan 2015 21:11:36
|
mandree |
Add three upstream patches to busybox 1.22.1, bumping PORTREVISION to 2.
One fixes the CVE-2014-4608 buffer overrun in LZO2,
one fixes the nc app, one fixes the zcat and related apps when accessing
files without extension.
List busybox < 1.22.1_2 as vulnerable, and add CVE Name to the vulndb.
Security: CVE-2014-4608
Security: d1f5e12a-fd5a-11e3-a108-080027ef73ec |
1.1_2
04 Jan 2015 22:54:03
|
rea |
VuXML: document multiple vulnerabilities in WordPress
CVE-2014-9033 to CVE-2014-9039. |
1.1_2
04 Jan 2015 22:25:20
|
rea |
VuXML: document heap overflow in 32-bit builds of libpng |
1.1_2
02 Jan 2015 23:24:18
|
delphij |
Document file multiple vulnerabilities. |
1.1_2
23 Dec 2014 21:24:56
|
rea |
Fix whitespace in entry for ntp (4033d826-87dd-11e4-9079-3c970e169bc2) |
1.1_2
23 Dec 2014 21:22:36
|
rea |
Document CVE-2014-9116 in mutt |
1.1_2
20 Dec 2014 00:21:31
|
delphij |
Document ntp multiple vulnerabilities. |
1.1_2
19 Dec 2014 18:05:52
|
brd |
Document git vulerability
Approved by: swills
Security: CVE-2014-9390 |
1.1_2
16 Dec 2014 22:06:32
|
cs |
OTRS security announcement |
1.1_2
16 Dec 2014 11:44:28
|
kwm |
Register portepoch in the xorg-server entry.
Submitted by: Adam McDougall <mcdouga9@egr.msu.edu>
Pointyhat to: kwm@ |
1.1_2
16 Dec 2014 10:46:58
|
tijl |
Fix version information on several subversion vulnerabilities |
1.1_2
15 Dec 2014 22:18:50
|
ohauer |
- document Subversion remote DoS |
1.1_2
14 Dec 2014 09:45:09
|
danfe |
The GLX indirect rendering support supplied on NVIDIA products is subject to
the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098)
as well as internally identified vulnerabilities (CVE-2014-8298). |
1.1_2
11 Dec 2014 20:56:22
|
delphij |
Document BIND vulnerability. |
1.1_2
11 Dec 2014 09:41:11
|
madpilot |
Document vulnerability in asterisk11. |
1.1_2
10 Dec 2014 21:31:57
|
kwm |
Document xserver security advisories. |
1.1_2
09 Dec 2014 03:05:15
|
sem |
- Remove a redundant dot |
1.1_2
09 Dec 2014 02:43:38
|
sem |
Document unbound vulnerability |
1.1_2
07 Dec 2014 12:25:30
|
kwm |
Document freetype 2 vulnability. |
1.1_2
04 Dec 2014 07:15:30
|
matthew |
The latest in a long line of phpMyAdmin security advisories: DoS and
XSS vulnerabilities.
Security: c9c46fbf-7b83-11e4-a96e-6805ca0b3d42 |
1.1_2
03 Dec 2014 11:20:52
|
beat |
Document mozilla vulnerabilities
PR: 195559
Submitted by: Jan Beich |
1.1_2
02 Dec 2014 01:38:26
|
delphij |
Document OpenVPN Denial of Service vulnerability. |
1.1_2
25 Nov 2014 21:42:43
|
naddy |
Document CVE-2014-8962 and CVE-2014-9028 in audio/flac. |
1.1_2
23 Nov 2014 10:35:07
|
madpilot |
Add CVE names for recent asterisk vulnerabilities. |
1.1_2
21 Nov 2014 11:07:00
|
madpilot |
Document multiple vulnerabilities in asterisk ports. |
1.1_2
21 Nov 2014 08:13:01
|
matthew |
Document the latest round of phpMyAdmin vulnerabilities.
Security: a5d4a82a-7153-11e4-88c7-6805ca0b3d42 |
1.1_2
20 Nov 2014 21:30:30
|
rakuco |
Add note about CVE-2014-8600 in kde4-runtime and kwebkitpart. |
1.1_2
20 Nov 2014 08:42:28
|
madpilot |
Document yii vulnerability CVE-2014-4672. |
1.1_2
18 Nov 2014 18:32:22
|
rene |
Document new vulnerabilities in www/chromium < 39.0.2171.65
Obtained
from: http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html |
1.1_2
17 Nov 2014 21:27:59
|
rakuco |
Fix version check for the entry added in r372686.
4.11.14 is not in ports yet, the fix was backported to 4.11.13 so we are
safe with 4.11.13_1. |
1.1_2
17 Nov 2014 21:00:00
|
rakuco |
Add entry for CVE-2014-8651 in x11/kde4-workspace. |
1.1_2
13 Nov 2014 10:38:17
|
antoine |
Cleanup plist |
1.1_2
11 Nov 2014 18:35:06
|
kwm |
document dbus CVE-2014-7824 |
1.1_2
07 Nov 2014 22:07:54
|
rea |
ftp/wget: document CVE-2014-4877, path traversal in recursive FTP mode |
1.1_2
05 Nov 2014 22:18:26
|
makc |
VuXML: fix spelling for the latest entry
Noticed by: ports-secteam (rea) |
1.1_2
05 Nov 2014 14:49:09
|
makc |
VuXML: document CVE-2014-8483 for irc/konversation-kde4
Approved by: ports-secteam (zi) |
1.1_2
31 Oct 2014 15:38:01
|
rea |
VuXML: document remote Perl code execution in TWiki
Crafted GET parameter "debugenableplugins" can be used to trigger
code execution,
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 |
1.1_2
31 Oct 2014 11:09:18
|
rea |
VuXML: document vulnerability in Jenkins
CVE-2014-3665, remote code execution on master servers that can
be initiated by (untrusted) slaves,
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30 |
1.1_2
29 Oct 2014 21:51:18
|
rakuco |
Add entry for libssh's CVE-2014-0017. |
1.1_2
24 Oct 2014 01:58:14
|
zi |
- Document recent vulnerabilities in libpurple/pidgin |
1.1_2
22 Oct 2014 08:54:59
|
matthew |
Document cross site scripting vulnerabilities in phpMyAdmin
Security: 25b78f04-59c8-11e4-b711-6805ca0b3d42 |
1.1_2
21 Oct 2014 13:58:33
|
madpilot |
Document asterisk susceptibility to the POODLE vulnerability,
described in CVE-2014-3566. |
1.1_2
18 Oct 2014 12:52:27
|
kwm |
Document libxml2 denial of service |
1.1_2
17 Oct 2014 14:34:14
|
xmj |
Add linux-c6-openssl to OpenSSL entry from 2014-10-15.
Approved by: swills (mentor) |
1.1_2
16 Oct 2014 18:19:57
|
flo |
Document critical SQL Injection Vulnerability in www/drupal7 |
1.1_2
16 Oct 2014 10:34:50
|
beat |
- Mark libxul as vulnerable too
Submitted by: Jan Beich |
1.1_2
15 Oct 2014 17:59:37
|
delphij |
Document OpenSSL multiple vulnerabilities. |
1.1_2
15 Oct 2014 11:46:04
|
beat |
Document mozilla vulnerabilities
PR: 194356
Submitted by: Jan Beich |
1.1_2
09 Oct 2014 13:17:26
|
feld |
Convert USE_PYTHON_RUN to new USES syntax;
Appease the angry DEVELOPER=YES god
Approved by: mat |
1.1_2
09 Oct 2014 13:09:52
|
feld |
Add entry for foreman-proxy
Obtained from: mmoll |
1.1_2
08 Oct 2014 08:32:05
|
rene |
Document new vulnerabilities in www/chromium < 38.0.2125.101
Obtained
from: http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html
MFH: 2014Q4 |
1.1_2
06 Oct 2014 19:09:35
|
ohauer |
- document bugzilla security issues |
1.1_2
02 Oct 2014 21:14:31
|
bdrewery |
Fix rsyslog entry for pkgname matching |
1.1_2
02 Oct 2014 19:59:02
|
matthew |
www/rt42 < 4.2.8 is vulnerable to shellshock related exploits through
its SMIME integration.
Security: 81e2b308-4a6c-11e4-b711-6805ca0b3d42 |
1.1_2
02 Oct 2014 19:30:56
|
brd |
- Update the rsyslog entry to reflect the new versions
Reviewed by: bdrewery |
1.1_2
02 Oct 2014 01:06:43
|
bdrewery |
Update Jenkins entry 549a2771-49cc-11e4-ae2c-c80aa9043978 to be readable. |
1.1_2
02 Oct 2014 00:54:30
|
bdrewery |
Update grammar of DoS in Jenkins entry |
1.1_2
02 Oct 2014 00:53:43
|
bdrewery |
Fix Jenkins entry to note that XSS is an issue, not as compiler |
1.1_2
02 Oct 2014 00:46:54
|
bdrewery |
Document Jenkins vulnerabilities
Security: CVE-2014-3661
Security: CVE-2014-3662
Security: CVE-2014-3663
Security: CVE-2014-3664
Security: CVE-2014-3680
Security: CVE-2014-3681
Security: CVE-2014-3666
Security: CVE-2014-3667
Security: CVE-2013-2186
Security: CVE-2014-1869
Security: CVE-2014-3678
Security: CVE-2014-3679 |
1.1_2
01 Oct 2014 22:57:16
|
bdrewery |
Fix bash entries to also mark bash-static vulnerable |
1.1_2
01 Oct 2014 22:30:59
|
bdrewery |
Document CVE-2014-6277 and CVE-2014-6278 for bash. |
1.1_2
01 Oct 2014 22:12:11
|
bdrewery |
- Document CVE-2014-7187 fixed in bash-4.3.27_1 |
1.1_2
01 Oct 2014 21:25:46
|
matthew |
Document the latest phpMyAdmin vulnerability.
- while here fix the '>' breakage in the rsyslogd entry.
Security: 3e8b7f8a-49b0-11e4-b711-6805ca0b3d42 |
1.1_2
01 Oct 2014 03:40:04
|
bdrewery |
Document CVE-2014-7186 for bash |
1.1_2
30 Sep 2014 20:09:33
|
brd |
- Document sysutils/rsyslog vulnerabilities CVE-2014-3634
Reviewed by: bdrewery@ |
1.1_2
29 Sep 2014 23:34:30
|
bdrewery |
Document shells/fish vulnerabilities |
1.1_2
26 Sep 2014 17:34:27
|
xmj |
Add linux-c6-nss-3.15.1 package to the NSS vulnerability report.
Approved by: swills (mentor) |
1.1_2
26 Sep 2014 17:05:38
|
xmj |
Add linux_base-c6-6.5 package to the bash vulnerability report.
Approved by: swills (mentor) |
1.1_2
25 Sep 2014 16:22:07
|
bdrewery |
The 2nd bash issue was reassigned to CVE-2014-7169:
http://seclists.org/oss-sec/2014/q3/685
Reported by: jkim |
1.1_2
25 Sep 2014 15:44:01
|
bdrewery |
Update bash entry for CVE-2014-3659
Security: CVE-2014-3659
Security: ca44b64c-4453-11e4-9ea1-c485083ca99c |
1.1_2
25 Sep 2014 13:29:38
|
rea |
VuXML entry 48108fb0-751c-4cbb-8f33-09239ead4b55: expanded details
Reviewed by: des@ |
As an Amazon Associate I earn from qualifying purchases.
