Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 01 Sep 2012 18:50:14 |
rea |
VuXML: document CVE-2012-3534, DoS via large number of connections |
1.1_1 01 Sep 2012 17:40:16 |
eadler |
vuxml matches on PKGNAME, not on the port directory.
mediawiki118 has PKGNAME mediawiki-1.18.4 |
1.1_1 01 Sep 2012 17:16:50 |
rea |
Add "modified" tag to the Java 7 entry
Forgot to do it at r303435.
Spotted by: wxs
Pointyhat to: rea |
1.1_1 01 Sep 2012 12:44:33 |
wen |
- Update www/mediawiki to 1.19.2
- Update www/mediawiki118 to 1.18.5
- Document the security bugs |
1.1_1 31 Aug 2012 16:58:42 |
rea |
VuXML: update Java 7 entry with Oracle-provided details
Oracle's Java 7 update 7 fixes CVE-2012-4681. |
1.1_1 31 Aug 2012 15:17:13 |
mandree |
Tidy up paragraph formatting (it passed "make validate" before).
Suggested by: wxs |
1.1_1 31 Aug 2012 10:59:18 |
rea |
VuXML: document CVE-2012-3548, DoS in Wireshark |
1.1_1 30 Aug 2012 23:08:55 |
rene |
Document vulnerabilities in www/chromium < 21.0.1180.89
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1 30 Aug 2012 22:14:11 |
flo |
- Update net/asterisk to 1.8.15.1
- Update net/asterisk10 to 10.7.1
- Document vulnerabilities in vuln.xml
- Fix URLs in the pervious asterisk vuln.xml entry
Security: http://www.vuxml.org/freebsd/4c53f007-f2ed-11e1-a215-14dae9ebcf89.html |
1.1_1 30 Aug 2012 11:40:20 |
jase |
- Update to 1.5.20
- Update MASTER_SITES
- Convert to optionsNG and add DOCS option
- Document security vulnerabilities [1]
PR: ports/169558
Requested by: Alexey <alexey@kouznetsov.com> (submitter)
Security: 6dd5e45c-f084-11e1-8d0f-406186f3d89d [1]
Approved by: flo (mentor) |
1.1_1 30 Aug 2012 09:03:22 |
rea |
VuXML: document CVE-2012-4681, security manager bypass in Java 7.x |
1.1_1 30 Aug 2012 06:23:21 |
mandree |
Add a vuln' entry for fetchmail's CVE-2011-3389 vulnerability. |
1.1_1 27 Aug 2012 17:44:23 |
mandree |
Update fetchmail to 6.3.21_1, fixing CVE-2012-3482.
Adjust VuXML database entry from < 6.3.22 to < 6.3.21_1.
PR: ports/170613
Approved by: maintainer timeout (14 days)
Security: http://www.vuxml.org/freebsd/83f9e943-e664-11e1-a66d-080027ef73ec.html
Security: CVE-2012-3482 |
1.1_1 26 Aug 2012 21:31:12 |
rea |
VuXML entry c906e0a4-efa6-11e1-8fbf-001b77d09812: fix port epoch
Pointyhat to: rea |
1.1_1 26 Aug 2012 21:26:57 |
rea |
VuXML: document XSS in RoundCube Web-mail application
Branch 0.8.x before 0.8.1 is prone to XSS attack via incoming
HTML messages. |
1.1_1 26 Aug 2012 17:33:12 |
rea |
news/inn: fix plaintext command injection, CVE-2012-3523
Relevant only for INN installations that are using encryption.
PR: 171013
Approved by: fluffy@FreeBSD.org (maintainer)
Security: http://www.vuxml.org/freebsd/a7975581-ee26-11e1-8bd8-0022156e8794.html |
1.1_1 26 Aug 2012 01:44:43 |
avilla |
- Document Calligra input validation failure. |
1.1_1 25 Aug 2012 22:17:29 |
bdrewery |
- Document that CVE-2012-3386 only affects automake >= 1.5.0
Verified this by inspecting the automake14 source, as well as
official release tarballs and git history.
Approved by: bapt (mentor) |
1.1_1 25 Aug 2012 11:38:00 |
rea |
VuXML: document cross-site scripting in SquidClamav |
1.1_1 25 Aug 2012 10:07:40 |
rea |
VuXML: document DoS in SquidGuard
SquidGuard can be crashed via the specially-crafted URL
when external URL checker is used. |
1.1_1 24 Aug 2012 20:13:53 |
rea |
VuXML: document INN plaintext command injection vulnerability |
1.1_1 22 Aug 2012 21:10:10 |
rea |
VuXML: document CVE-2012-3525 in jabberd 2.x |
1.1_1 22 Aug 2012 20:01:19 |
rea |
VuXML: fix whitespace in my previous rssh entry |
1.1_1 22 Aug 2012 20:00:31 |
rea |
VuXML: document rssh vulnerabilities fixed in version 2.3.3 |
1.1_1 21 Aug 2012 20:56:44 |
rea |
rssh: document arbitrary code execution, CVE-2012-3478 |
1.1_1 20 Aug 2012 01:40:39 |
wxs |
Put libotr entry back. I added the cited URL to the references. |
1.1_1 19 Aug 2012 21:47:46 |
dougb |
Remove the improperly formatted libotr entry. Someone with more knowledge
and experience needs to take care of this, I'm clearly not competent. |
1.1_1 18 Aug 2012 08:39:39 |
dougb |
14 August 2012 libotr version 3.2.1 released
Versions 3.2.0 and earlier of libotr contain a small heap write overrun
(thanks to Justin Ferguson for the report), and a large heap read overrun
(thanks to Ben Hawkes for the report).
Add a vuxml entry, and tune up the notes about adding a new entry. |
1.1_1 18 Aug 2012 03:07:42 |
wxs |
Document OpenTTD DoS. |
1.1_1 18 Aug 2012 02:30:28 |
wxs |
Document multiple wireshark vulnerabilities.
Two are from 1.8.1 (CVE-2012-4048 and CVE-2012-4049). The remaining are
from 1.8.2 which is not in ports yet. |
1.1_1 17 Aug 2012 19:39:51 |
jgh |
The PostgreSQL Global Development Group today released security updates for all
active branches
of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and
8.3.20. This
update patches security holes associated with libxml2 and libxslt, similar to
those affecting
other open source projects. All users are urged to update their installations at
the first
available opportunity.
This security release fixes a vulnerability in the built-in XML functionality,
and a vulnerability
in the XSLT functionality supplied by the optional XML2 extension. Both
vulnerabilities allow
reading of arbitrary files by any authenticated database user, and the XSLT
vulnerability
allows writing files as well. The fixes cause limited backwards compatibility
issues.
These issues correspond to the following two vulnerabilities:
CVE-2012-3488: PostgreSQL insecure use of libxslt
CVE-2012-3489: PostgreSQL insecure use of libxml2
This release also contains several fixes to version 9.1, and a smaller number of
fixes to older versions, including: (Only the first 15 lines of the commit message are shown above ) |
1.1_1 17 Aug 2012 07:27:04 |
matthew |
Document the latest phpMyAdmin vulnerability PMSA-2012-4 |
1.1_1 15 Aug 2012 19:45:50 |
bdrewery |
- Update www/typo3 to 4.7.4 [1]
- Convert to new options framework [1]
- Update www/typo345 to 4.5.19 [2]
- Update www/typo346 to 4.6.12 [3]
- Changes: https://typo3.org/news/article/typo3-4519-4612-and-474-released/
- Document security vulnerabilities [4]
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
PR: ports/170650 [1]
PR: ports/170647 [2]
PR: ports/170649 [3]
Submitted by: Helmut Schneider <jumper99@gmx.de> (maintainer)
Security: 48bcb4b2-e708-11e1-a59d-000d601460a4 [4]
Approved by: eadler (mentor) |
1.1_1 14 Aug 2012 23:17:56 |
mandree |
Document CVE-2012-3482 for fetchmail, one DoS and one information disclosure
vulnerability in non-default NTLM code.
Also see ports/170613 which is pending maintainer feedback. |
1.1_1 13 Aug 2012 17:57:26 |
jkim |
Belatedly add an entry for the recent IcedTea-Web updates. |
1.1_1 11 Aug 2012 17:41:52 |
novel |
Document libcloud MITM vuln.
Security: CVE-2012-3446 |
1.1_1 11 Aug 2012 08:11:17 |
matthew |
Document the latest phpmyadmin security problem. |
1.1_1 10 Aug 2012 14:38:47 |
rene |
- Document vulnerabilities in www/chromium 20.0.1132.57 and 21.0.1180.60.
- Keep the latest chromium vulnerabilies on top. |
1.1_1 10 Aug 2012 08:08:27 |
rene |
Document two vulnerabilities in www/chromium < 21.0.1180.75 related to the
builtin PDF viewer.
Obtained
from: http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
1.1_1 10 Aug 2012 02:50:54 |
swills |
- Update rails and friends to 3.2.8
- Document security issue in 3.2.7 [1]
Submitted by: bdrewery [1]
Reviewed by: swills [1]
Security: 31db9a18-e289-11e1-a57d-080027a27dbf |
1.1_1 09 Aug 2012 15:43:09 |
wxs |
Document old sudosh buffer overflow.
Noticed by: Diego Linke |
1.1_1 07 Aug 2012 15:57:26 |
wxs |
Fix up whitespace in 10f38033-e006-11e1-9304-000000000000.
Replace broken vid in 10f38033-e006-11e1-9304-000000000000 with one that is
correct. |
1.1_1 07 Aug 2012 02:02:26 |
zi |
- Document FreeBSD-SA-12:05.bind |
1.1_1 06 Aug 2012 22:44:14 |
bdrewery |
Document CVE-2012-3386 for devel/automake
Approved by: eadler (mentor) |
1.1_1 02 Aug 2012 21:24:11 |
flo |
Belatedly add an entry for the recent Mozilla updates
Security: http://www.freebsd.org/ports/portaudit/dbf338d0-dce5-11e1-b655-14dae9ebcf89.html |
1.1_1 02 Aug 2012 12:59:58 |
zi |
- Cleanup whitespace |
1.1_1 02 Aug 2012 12:48:10 |
wxs |
Whitespace fixes. |
1.1_1 02 Aug 2012 12:35:33 |
wxs |
Add modified for django entry.
Noticed by: remko@ |
1.1_1 02 Aug 2012 03:25:54 |
wxs |
Add CVE entries for f01292a0-db3c-11e1-a84b-00e0814cab4e. |
1.1_1 02 Aug 2012 03:17:26 |
wxs |
Document Apache 2.2.x insecure handling of LD_LIBRARY_PATH.
Add patch[1] to address problem to apache port.
[1]:
http://svn.apache.org/viewvc/httpd/httpd/trunk/support/envvars-std.in?view=log&pathrev=1296428
Approved by: apache@ (pgollucci@)
Obtained from: Apache SVN |
1.1_1 31 Jul 2012 19:04:51 |
lwhsu |
- Document django -- multiple vulnerabilities |
1.1_1 30 Jul 2012 12:42:32 |
zi |
- Update net/isc-dhcp41-server to 4.1-ESV-R6 [1]
- Document vulnerabilities in net/isc-dhcp41-server
- Cleanup formatting in vuxml
PR: ports/170245 [1]
Submitted by: Douglas Thrift <douglas@douglasthrift.net> (maintainer) [1]
Security: c7fa3618-d5ff-11e1-90a2-000c299b62e1 |
1.1_1 27 Jul 2012 22:10:22 |
delphij |
Fix build. |
1.1_1 27 Jul 2012 21:34:05 |
ohauer |
- security update bugzilla
new Versions: 3.6.10, 4.0.7, 4.2.2
4.2.2
This release fixes two security issues. See the Security Advisory for details.
In addition, the following important fixes/changes have been made in this
release:
o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
when entered in the CC list of bugs. (Bug 756314)
o Some queries could trigger an invalid SQL query if strings entered by the
user
contained leading or trailing whitespaces. (Bug 760075)
o The auto-completion form for keywords no longer automatically selects the
first keyword in the list when the field is empty. (Bug 764517) (Only the first 15 lines of the commit message are shown above ) |
1.1_1 27 Jul 2012 13:20:22 |
miwi |
- Whitespace only fixes.
Please care more about formating. |
1.1_1 27 Jul 2012 12:39:06 |
zi |
- Update to 3.2.13
- Cleanup whitespace
- Document vulnerability in dns/nsd (CVE-2012-29789)
PR: ports/170208
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security: 17f369dc-d7e7-11e1-90a2-000c299b62e1 |
1.1_1 27 Jul 2012 03:09:19 |
swills |
- Update Rails and friends to 3.2.7
- Add vuxml entry for Rails 3.2.6 [1]
Reviewed by: zi [1] |
1.1_1 26 Jul 2012 17:46:52 |
matthew |
Security update to 0.11
ChangeLog:
0.11 2012-07-03 Alex Vandiver
* Obfuscate passwords in RT's System Configuration page
* Set an empty CurrentUser on failure, instead of removing it entirely
0.10_01 2012-02-23 Thomas Sibley
* Escape usernames in filter values so special characters don't die
0.10 2012-02-17 Thomas Sibley
* Silence confusing log messages when $ExternalInfoPriority is empty
0.09_03 2012-01-27 Thomas Sibley (Only the first 15 lines of the commit message are shown above ) |
1.1_1 25 Jul 2012 02:32:22 |
zi |
- Document vulnerabilities in net/isc-dhcp42-server |
1.1_1 24 Jul 2012 19:23:23 |
dougb |
Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failure
in BIND9
High numbers of queries with DNSSEC validation enabled can cause an
assertion failure in named, caused by using a "bad cache" data structure
before it has been initialized.
CVE: CVE-2012-3817
Posting date: 24 July, 2012 |
1.1_1 24 Jul 2012 01:12:06 |
delphij |
/ is not allowed in package name, fix the entry by removing the
databases/ prefix. |
1.1_1 24 Jul 2012 00:56:07 |
swills |
- Document activerecord security issues |
1.1_1 23 Jul 2012 14:39:48 |
flo |
- update to 5.3.15
- document php vulnerabilities
Security: http://www.vuxml.org/freebsd/bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89.html |
1.1_1 21 Jul 2012 22:40:00 |
eadler |
Fix nit:
blockquote citations should be listed as a reference as citation isn't user
visible. |
1.1_1 20 Jul 2012 14:53:03 |
crees |
Document nsd vulnerability
The referenced PR contains a fix that bumps PORTREVISION, so the entry will
not match fixed versions.
PR: ports/170024
Obtained from: http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt
Security: CVE-2012-2978 |
1.1_1 19 Jul 2012 15:20:50 |
eadler |
The changelog indicates the bug can be found in versions prior to 1.2.1
Fix nit: references section should include urls used in citation. |
1.1_1 18 Jul 2012 20:28:47 |
cs |
Document buffer overflow in jpeg-turbo
PR: ports/169963
Submitted by: Denis E Podolskiy <bytestore@yandex.ru>
Security: CVE-2012-2806 |
1.1_1 18 Jul 2012 20:08:15 |
delphij |
Document dokuwiki XSS vulnerability. |
1.1_1 11 Jul 2012 01:47:56 |
swills |
- Document puppet security issue
Obtained from:
http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#2.7.18 |
1.1_1 08 Jul 2012 19:00:08 |
eadler |
openx reported a new security issue but does not provide any details: inform
users of this. |
1.1_1 06 Jul 2012 18:08:00 |
flo |
Document asterisk vulnerabilities. |
1.1_1 06 Jul 2012 04:09:41 |
sunpoet |
- Document typo3 4.5.x, 4.6.x and 4.7.x XSS vulnerability
Security:
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-003/ |
1.1_1 02 Jul 2012 20:05:25 |
wxs |
Document phplist SQL injection and XSS.
Submitted by: Krzysztof Stryjek <wtp@bsdserwis.com> |
1.1_1 27 Jun 2012 21:04:48 |
rene |
Document vulnerabilities for www/chromium < 20.0.1132.43
Obtained from:
http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1 27 Jun 2012 15:34:44 |
zi |
- Document recent FreeBSD SA's for 2012: SA-12:04.sysret, SA-12:03.bind,
SA-12:02.crypt, SA-12:01.openssl
Reviewed by: wxs |
1.1_1 25 Jun 2012 16:06:47 |
jgh |
- update to 2.6
PyCrypto before 2.6 does not produce appropriate prime numbers when using an
ElGamal
scheme to generate a key, which reduces the signature space or public key space
and
makes it easier for attackers to conduct brute force attacks to obtain the
private key.
PR: ports/169146
Approved by: portmgr |
1.1_1 23 Jun 2012 03:48:25 |
sunpoet |
- Remove PORTEPOCH for de-wordpress and zh-wordpress |
1.1_1 22 Jun 2012 05:42:13 |
jgh |
- fix range for f5f00804-a03b-11e1-a284-0023ae8e59f0
- add url
- adjust modified accordingly
PR: ports/169152
Submitted by: Trond.Endrestol@ximalas.info |
1.1_1 21 Jun 2012 12:02:29 |
rm |
- fix spelling of `php-fpm' in entry description |
1.1_1 19 Jun 2012 16:16:56 |
scheidell |
- fix package name
Submitted by: scheidell@ (me) |
1.1_1 19 Jun 2012 15:59:38 |
scheidell |
- Add entry for www/joomla25, needs min version 2.5.5
Submitted by: scheidell@ (me) |
1.1_1 17 Jun 2012 05:08:42 |
eadler |
Fix some nits:
- cvename gets automatically expanded to the MITRE url |
1.1_1 16 Jun 2012 13:35:48 |
zi |
- Document recent vulnerabilities in security/clamav: CVE-2012-1419,
CVE-2012-1457, CVE-2012-1458, CVE-2012-1459 |
1.1_1 14 Jun 2012 22:57:25 |
flo |
Document asterisk vulnerability. |
1.1_1 14 Jun 2012 21:41:29 |
nox |
Add vuxml for older version of graphics/ImageMagick.
PR: ports/166686 (related to)
Submitted by: 4721@hushmail.com (the vuxml, via irc) |
1.1_1 13 Jun 2012 20:16:44 |
wxs |
Update 55587adb-b49d-11e1-8df1-0004aca374af with more information. |
1.1_1 12 Jun 2012 15:27:21 |
wxs |
Document mantis vulnerabilities. The information is a bit light on details
but I'm unable to track down better.
PR: ports/168984
Submitted by: Dan Langille <dan@langille.org> |
1.1_1 09 Jun 2012 06:42:37 |
eadler |
Update to 11.1.r202.236 and inform community of security issues
Security: 38195f00-b215-11e1-8132-003067b2972c |
1.1_1 06 Jun 2012 21:16:42 |
delphij |
Correct names for BIND 9.6.x and BIND 9.7.x. |
1.1_1 06 Jun 2012 13:09:11 |
wxs |
Fix my previous commit by adding a accidentally removed <p>. |
1.1_1 06 Jun 2012 12:52:23 |
wxs |
Remove unnecesarry <p> tags from 47f13540-c4cb-4971-8dc6-28d0dabfd9cd. |
1.1_1 06 Jun 2012 07:30:00 |
eadler |
Fix some nits:
- Improve wording of Sympa vuln description
- The url used as a citation for the description must also be a
reference for the user. |
1.1_1 05 Jun 2012 20:10:20 |
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1 05 Jun 2012 15:15:21 |
sem |
- Document the last quagga vulnerability |
1.1_1 05 Jun 2012 10:47:38 |
crees |
Document sympa vulnerability |
1.1_1 05 Jun 2012 03:19:37 |
eadler |
Fix some nits:
The url in the cite attribute must appear as a reference |
1.1_1 04 Jun 2012 21:51:34 |
dougb |
Upgrade to 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, and 9.9.1-P1, the latest
from ISC. These patched versions contain a critical bugfix:
Processing of DNS resource records where the rdata field is zero length
may cause various issues for the servers handling them.
Processing of these records may lead to unexpected outcomes. Recursive
servers may crash or disclose some portion of memory to the client.
Secondary servers may crash on restart after transferring a zone
containing these records. Master servers may corrupt zone data if the
zone option "auto-dnssec" is set to "maintain". Other unexpected
problems that are not listed here may also be encountered.
All BIND users are strongly encouraged to upgrade. |
1.1_1 31 May 2012 17:27:20 |
thierry |
Add the quoted url as a reference for nut.
Requested by: eadler |
1.1_1 31 May 2012 16:53:12 |
miwi |
- Fix formating in previous entrys |
1.1_1 31 May 2012 16:40:31 |
jgh |
- better define ranges for a8864f8f-aa9e-11e1-a284-0023ae8e59f0 and add another
vendor note |