| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
09 Apr 2013 01:18:58
   |
bdrewery  |
- Document CVE-2013-0131 for nvidia-driver
Submitted by: danfe
Approved by: portmgr (implicit) |
1.1_1
08 Apr 2013 20:57:22
|
flo |
Typo fix for the typo fix. Validated with make validate this time.
Reported by: bz
Approved by: portmgr (implicit) |
1.1_1
08 Apr 2013 20:33:11
|
flo |
Fix a typo in the recent mozilla entry
Reported by: pluknet
Approved by: portmgr (tabthorpe) |
1.1_1
06 Apr 2013 16:51:41
|
dinoex |
- Security udpate to 12.15
Security: http://www.opera.com/docs/changelogs/unified/1215/
Security: http://www.opera.com/security/advisory/1046
Security: http://www.opera.com/security/advisory/1047
PR: 177654
Approved by: portmgr |
1.1_1
06 Apr 2013 16:43:28
|
ohauer |
- fix subversion range
Approved by: portmgr (implizit) |
1.1_1
06 Apr 2013 10:00:28
|
ohauer |
- Subversion 1.7.9 security update [1]
- Subversion 1.6.21 security update [2]
This release addesses the following issues security issues:
[1][2] CVE-2013-1845: mod_dav_svn excessive memory usage from property changes
[1][2] CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity
URLs
[1][2] CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant
URLs
[1][2] CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity
URLs
[1] CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT
request
More information on these vulnerabilities, including the relevent advisories
and potential attack vectors and workarounds, can be found on the Subversion
security website:
http://subversion.apache.org/security/
PR: 177646
Submitted by: ohauer
Approved by: portmgr (tabthorpe, erwin), lev
Security: b6beb137-9dc0-11e2-882f-20cf30e32f6d |
1.1_1
05 Apr 2013 21:16:54
|
cs |
Vulnerability in OTRS
Approved by: portmgr
Security: eae8e3cf-9dfe-11e2-ac7f-001fd056c417 |
1.1_1
04 Apr 2013 13:21:23
|
girgen |
The PostgreSQL Global Development Group has released a security
update to all current versions of the PostgreSQL database system,
including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update
fixes a high-exposure security vulnerability in versions 9.0 and
later. All users of the affected versions are strongly urged to apply
the update *immediately*.
A major security issue (for versions 9.x only) fixed in this release,
[CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899),
makes it possible for a connection request containing a database name
that begins with "-" to be crafted that can damage or destroy files
within a server's data directory. Anyone with access to the port the
PostgreSQL server listens on can initiate this request. This issue was
discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source
Software Center. (Only the first 15 lines of the commit message are shown above  ) |
1.1_1
03 Apr 2013 20:27:48
|
flo |
- update thunderbird, firefox-esr, linux-thunderbird and linux-firefox to
17.0.5
- update firefox to 20.0
- update seamonkey and linux-seamonkey to 2.17
- update nspr to 4.9.6
- remove mail/thunderbird-esr, Mozilla stopped providing 2 versions of
thunderbird
- prune support for old FreeBSD versions; users of 8.2, 7.4 or earlier
are advised to upgrade - http://www.freebsd.org/security/
- add vuln.xml entry
Security: 94976433-9c74-11e2-a9fc-d43d7e0c7c02
Approved by: portmgr (miwi)
In collaboration with: Jan Beich <jbeich@tormail.org> |
1.1_1
02 Apr 2013 20:21:28
|
delphij |
Document two latest FreeBSD security advisories.
Approved by: portmgr (bdrewery) |
1.1_1
31 Mar 2013 17:36:30
|
ohauer |
- update japanes/bugzilla templates
- update vuxml to reflect bugzilla templates
- fix typo in vuxml
Approved by: portmgr (miwi)
Sponsored by: |
1.1_1
31 Mar 2013 16:00:02
|
mandree |
security upgrade to OpenVPN 2.3.1; upstream release notes are
"This release adds supports for PolarSSL 1.2. It also adds a fix to
prevent potential side-channel attacks by switching to a constant-time
memcmp when comparing HMACs in the openvpn_decrypt function. In
addition, it contains several bugfixes and documentation updates, as
well as some minor enhancements."
Full ChangeLog:
<https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23>
The port upgrade also offers an option to use the GPLv2+-licensed
PolarSSL instead of OpenSSL (which brings in a license mix).
PR: ports/177517
Reviewed by: miwi
Approved by: portmgr (miwi)
Security: 92f30415-9935-11e2-ad4c-080027ef73ec |
1.1_1
29 Mar 2013 14:08:47
|
kwm |
Update to 2.8.0. [1]
Add patch to fix CVE-2013-0338 and CVE-2013-0339. [2]
Convert to OptionsNG, rename patches to standard form. [1]
Notified by: swills@ [2]
Obtained from: gnome team repo [1]
Security: 843a4641-9816-11e2-9c51-080027019be0 |
1.1_1
29 Mar 2013 10:04:43
|
flo |
Update asterisk ports to:
net/asterisk 1.8.20.2
net/asterisk10 10.12.2
net/asterisk11 11.2.2
Security: daf0a339-9850-11e2-879e-d43d7e0c7c02 |
1.1_1
27 Mar 2013 20:44:51
|
delphij |
Explicitly use -E for sed(1).
Submitted by: des
Reviewed by: eadler |
1.1_1
27 Mar 2013 10:29:25
|
erwin |
Add entry for latest Bind advisory CVE-2013-2266 |
1.1_1
26 Mar 2013 23:25:20
|
delphij |
In validate target, use unexpand and sed to make sure that we are using
consistent space style.
Reviewed by: stas, simon |
1.1_1
26 Mar 2013 20:58:23
|
rene |
Document vulnerabilities in www/chromium < 26.0.1410.43
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
1.1_1
26 Mar 2013 18:16:33
|
delphij |
Remove trailing space, no content change. |
1.1_1
26 Mar 2013 18:09:07
|
delphij |
unexpand vuln.xml. |
1.1_1
26 Mar 2013 05:31:07
|
acm |
firebird vulnerability entry (CVE-2013-2492)
Security: 6adca5e9-95d2-11e2-8549-68b599b52a02 |
1.1_1
26 Mar 2013 01:13:34
|
zi |
- Document vulnerability in graphics/optipng (CVE-2012-4432)
PR: ports/177206
Submitted by: Alexander Milanov <a@amilanov.com>
Security: 8818f7f-9182-11e2-9bdf-d48564727302 |
1.1_1
18 Mar 2013 20:46:52
|
flo |
Update to 5.3.23
Security: 1d23109a-9005-11e2-9602-d43d7e0c7c02 |
1.1_1
18 Mar 2013 12:12:59
|
zi |
- Document recent vulnerabilities in www/piwigo: CVE-2013-1468, CVE-2013-1469
Reported by: Ruslan Makhmatkhanov <cvs-src@yandex.ru>
Security: edd201a5-8fc3-11e2-b131-000c299b62e1 |
1.1_1
16 Mar 2013 22:12:54
|
remko (src,doc committer) |
Fix typo in the libpurple entry.
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com> |
1.1_1
15 Mar 2013 13:52:09
|
zi |
- Perl vulnerability (CVE-2013-1667) also applies to perl-threaded
Reported by: Alexandre Krasnov <freebsd@tern.ru>
Security: 68c1f75b-8824-11e2-9996-c4850808617 |
1.1_1
14 Mar 2013 08:17:40
|
pclin |
- graphics/libexif:
* Update to 0.6.21
* Add LICENSE
* Switch to OptionsNG and PORTDOCS
- Document libexif 2012-07-12 vulnerabilty
- Bump PORTREVISION for libexif related ports
- Trim headers while here
PR: ports/175910
Approved by: swills (mentor)
Security: d881d254-70c6-11e2-862d-080027a5ec9a |
1.1_1
13 Mar 2013 04:04:48
|
eadler |
Update flash the latest (hopefully) secure version.
PR: ports/176904
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security: http://www.vuxml.org/freebsd/5ff40cb4-8b92-11e2-bdb6-001060e06fd4.html |
1.1_1
13 Mar 2013 03:35:54
|
swills |
- Update puppet to 3.1.1 resolving multiple security issues
- Update puppet27 to 2.7.21 resolving multiple security issues
- Document multiple puppet security issues
Security: cda566a0-2df0-4eb0-b70e-ed7a6fb0ab3c |
1.1_1
10 Mar 2013 19:04:01
|
rea |
Perl 5.x: fix CVE-2013-1667
Feature safe: wholeheartedly hope so |
1.1_1
10 Mar 2013 04:03:12
|
miwi |
- Fix previous entry |
1.1_1
10 Mar 2013 00:13:00
|
marcus |
Belatedly add an entry for libpurple's recent vulnerabilities. |
1.1_1
08 Mar 2013 22:27:39
|
flo |
- update thunderbird, firefox-esr, linux-thunderbird and linux-firefox to
17.0.4
- update firefox to 19.0.2
- add vuln.xml entry
Security: 630c8c08-880f-11e2-807f-d43d7e0c7c02 |
1.1_1
08 Mar 2013 09:06:27
|
rene |
Document a vulnerability in chromium < 25.0.1364.160
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
1.1_1
06 Mar 2013 15:57:00
|
culot |
- Document vulnerabilities in typo3.
Security: b9a347ac-8671-11e2-b73c-0019d18c446a
Obtained from:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/ |
1.1_1
06 Mar 2013 00:19:09
|
rene |
Document vulnerabilities in www/chromium < 25.0.1364.152
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
1.1_1
03 Mar 2013 20:17:59
|
zi |
- Document recent vulerability in security/stunnel (CVE-2013-1762)
Security: c97219b6-843d-11e2-b131-000c299b62e1 |
1.1_1
02 Mar 2013 20:07:42
|
ohauer |
- document apache22 issues
- tim trailing tabs |
1.1_1
01 Mar 2013 02:08:31
|
wxs |
Document two sudo problems. |
1.1_1
28 Feb 2013 01:46:41
|
swills |
- Update to 0.9.14 to fix CVE-2013-1756
Security: aa7764af-0b5e-4ddc-bc65-38ad697a484f |
1.1_1
27 Feb 2013 13:40:47
|
eadler |
Update to 11.2r202.273
Security: http://www.vuxml.org/freebsd/dbdac023-80e1-11e2-9a29-001060e06fd4.html |
1.1_1
26 Feb 2013 17:27:07
|
sunpoet |
- Update affected ettercap versions: CVE-2012-0722 was fixed in
0.7.5.2-Assimilation |
1.1_1
26 Feb 2013 01:38:58
|
bdrewery |
- Document 3 OTRS vulnerabilities from 2012
- CVE-2012-4751
- CVE-2012-4600
- CVE-2012-2582 |
1.1_1
24 Feb 2013 18:21:03
|
swills |
- Document Ruby REXML DoS |
1.1_1
24 Feb 2013 17:51:49
|
swills |
- Document rubygem-ruby_parser issue |
1.1_1
24 Feb 2013 14:23:46
|
pclin |
- Document Django 2013-02-21 vulnerabilty
Approved by: araujo (mentor) |
1.1_1
22 Feb 2013 23:49:45
|
rene |
Document vulnerabilities in www/chromium < 25.0.1364.97
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
1.1_1
22 Feb 2013 20:28:22
|
cy |
Document security/krb5 1.11 and prior null pointer dereference in the
KDC PKINIT code [CVE-2013-1415].
Security: CVE-2013-1415 |
1.1_1
22 Feb 2013 08:07:27
|
remko (src,doc committer) |
Convert the ! back into a 1.
Noticed by: crees |
1.1_1
21 Feb 2013 21:38:16
|
remko (src,doc committer) |
Add the latest two FreeBSD Security Advisories. |
1.1_1
21 Feb 2013 07:11:50
|
flo |
Document drupal7 Denial of service |
1.1_1
20 Feb 2013 13:58:20
|
rm |
- add an entry for net/nss-pam-ldapd stack-based buffer overflow
According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11,
but since we never had this version in the ports tree, mark everything
< 0.8.12 as vulnerable.
PR: 176293
Submitted by: pluknet |
1.1_1
20 Feb 2013 07:16:31
|
flo |
Fix up the latest gecko update by:
- reapplying the workaround for svn:eol-style and svn:keywords
- fixing version matching in vuln.xml, 17.0.3 is NOT vulnerable |
1.1_1
20 Feb 2013 06:16:01
|
ohauer |
- update bugzilla ports to latest version
Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.10 contains several
useful bug fixes and 3.6.13 contains only security fixes.
Security: CVE-2013-0785
CVE-2013-0786 |
1.1_1
19 Feb 2013 23:53:08
|
flo |
- update firefox to 19.0
- update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3
- update linux-seamonkey to 2.16
- update nspr to 4.9.5
- update nss to 3.14.3
- add DuckDuckGo search plugin to firefox [1]
- mark kompozer deprecated
- clang fixes for www/libxul19 [2]
Security: http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html
Submitted by: DuckDuckGo [1], dim [2]
In collaboration with: Jan Beich <jbeich@tormail.org> |
1.1_1
19 Feb 2013 00:19:14
|
zi |
- Fix version range for recent ruby vulnerabilities
(d3e96508-056b-4259-88ad-50dc8d1978a6 and c79eb109-a754-45d7-b552-a42099eb2265)
due to missing port epoch in package range
Submitted by: Matthias Andree <mandree@FreeBSD.org> |
1.1_1
17 Feb 2013 19:58:29
|
eadler |
Combine ranges into one entry to prevent false positives |
1.1_1
17 Feb 2013 16:47:06
|
swills |
- Document rubygem-rack issue |
1.1_1
17 Feb 2013 16:33:19
|
swills |
- Document activemodel issue |
1.1_1
17 Feb 2013 10:28:54
|
lwhsu |
Document Jenkins Security Advisory 2013-02-16 |
1.1_1
16 Feb 2013 17:03:28
|
rm |
- add entry for dns/poweradmin
PR: 175704
Submitted by: Edmondas Girkantas <eg@fbsd.lt> (maintainer of dns/poweradmin) |
1.1_1
16 Feb 2013 14:41:44
|
swills |
- Document ruby json issue |
1.1_1
16 Feb 2013 04:29:14
|
swills |
- Document vulnerability in rdoc |
1.1_1
08 Feb 2013 19:18:41
|
eadler |
Update flash to the latest version
PR: ports/175159
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1
08 Feb 2013 08:44:15
|
miwi |
- Fix whitespaces |
1.1_1
07 Feb 2013 02:10:29
|
eadler |
Fix vuxml build |
1.1_1
06 Feb 2013 20:06:18
|
dinoex |
- report openssl vulnerabilities |
1.1_1
01 Feb 2013 22:42:55
|
flo |
- update databases/mariadb-server to 5.3.12 [1]
- update databases/mariadb55-server 5.5.29 [2]
PR: ports/175764 [1]
PR: ports/175767 [2]
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer) [1]
Submitted by: Alexandr Kovalenko <never@nevermind.kiev.ua> (maintainer) [2]
Security: 8c773d7f-6cbb-11e2-b242-c8600054b392 |
1.1_1
01 Feb 2013 08:50:40
|
dinoex |
- report opera 12.12 vulnerabilities |
1.1_1
30 Jan 2013 18:34:03
|
pawel |
Document devel/upnp vulnerabilities |
1.1_1
29 Jan 2013 20:02:38
|
delphij |
Document wordpress multiple vulnerabilities. |
1.1_1
25 Jan 2013 09:37:56
|
cs |
Fix last entry: version 2.3.4 is also affected |
1.1_1
25 Jan 2013 02:08:57
|
wxs |
Fix whitespace in previous commit. |
1.1_1
25 Jan 2013 01:26:37
|
cs |
XSS vulnerability in py-django-cms |
1.1_1
23 Jan 2013 12:52:49
|
rene |
Document vulnerabilities in www/chromium < 24.0.1312.56
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1
20 Jan 2013 20:58:13
|
flo |
- update www/drupal6 to 6.28
- update www/drupal7 to 7.19
Security: http://www.vuxml.org/freebsd/1827f213-633e-11e2-8d93-c8600054b392.html
Approved by: portmgr (beat) |
1.1_1
16 Jan 2013 19:16:10
|
rea |
VuXML: add newly-allocated CVE for SQUID-2012:1
New CVE was allocated for the underfixed DoS and added possible
infinite loop in Squid 3.2 and 3.1. |
1.1_1
16 Jan 2013 19:13:32
|
rea |
VuXML: document buffer overflow in ettercap (CVE-2013-0722)
Reviewed by: simon@ |
1.1_1
16 Jan 2013 19:11:43
|
rea |
VuXML: document recent security manager bypass in Java 7.x
Reviewed by: glewis@, simon@ |
1.1_1
16 Jan 2013 07:39:28
|
delphij |
Properly limit the match for PHP 5.3.x and 5.2.x versions.
Noticed by: remko |
1.1_1
15 Jan 2013 22:06:19
|
delphij |
Apply version ranges of php53 and php52 to php5 as well. |
1.1_1
11 Jan 2013 14:11:28
|
zi |
- Fix discovery date on nagios vulnerability (CVE-2012-6096) |
1.1_1
11 Jan 2013 09:53:42
|
rea |
www/squid3x: upgrade to 3.1.23 and 3.2.6
Squid 3.1.23 is effectively Squid 3.1.22_2 with the final fix for
CVE-2012-5643 applied.
Squid 3.2.6 also received that abovementioned fix, but in comparison
with 3.2.5 from ports it has another change that fixes handling the
"tcp_outgoing_tos" directive for BSD-like systems, including FreeBSD,
http://bugs.squid-cache.org/show_bug.cgi?id=3731
VuXML entry for SQUID:2012-1 (aka CVE-2012-5643) was also updated to
reflect the proper version specifications from the updated advisory,
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Approved by: Thomas-Martin Seck <tmseck@web.de>
Security: http://portaudit.freebsd.org/c37de843-488e-11e2-a5c9-0019996bc1f7.html
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid31/3.1.23
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid32/3.2.6 |
1.1_1
11 Jan 2013 01:16:14
|
zi |
- Document vulnerability in net-mgmt/nagios (CVE-2012-6096) |
1.1_1
11 Jan 2013 00:32:48
|
rene |
Document vulnerabilities in www/chromium < 24.0.1312.52
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1
09 Jan 2013 23:28:20
|
flo |
- update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2
- update firefox-esr, thunderbird-esr and libxul to 10.0.12
- update linux-seamonkey to 2.15
Security: http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html |
1.1_1
09 Jan 2013 15:03:02
|
sem |
Fix <topic> style: common dash style, remove softvare versions |
1.1_1
09 Jan 2013 03:53:16
|
swills |
- Update rubygem-rails to 3.2.11
- Update ports require by rubygem-rails
- Add vuxml entry for rails security issues
Security: ca5d3272-59e3-11e2-853b-00262d5ed8ee
Security: b4051b52-58fa-11e2-853b-00262d5ed8ee |
1.1_1
08 Jan 2013 23:46:02
|
zi |
- Properly copy namespace attributes/resolve make validate issues
Reviewed by: simon@, eadler@
Approved by: zi (with ports-secteam hat) |
1.1_1
08 Jan 2013 05:18:15
|
lwhsu |
Document Jenkins 2013-01-04 Security Advisory |
1.1_1
06 Jan 2013 20:37:24
|
rea |
VuXML: extend entry for MoinMoin vulnerabilities fixed in 1.9.6
Use more verbose descriptions from CVE entries and trim citation
from CHANGES to the relevant parts. |
1.1_1
06 Jan 2013 18:14:24
|
lwhsu |
Document Django 2012-12-10 vulnerabilty |
1.1_1
06 Jan 2013 13:24:39
|
rea |
VuXML: fix r309982
Use proper tags for CVE identifiers. I should run 'make validate'
_every_ time before committing.
Pointyhat to: rea |
1.1_1
06 Jan 2013 13:10:10
|
rea |
VuXML for MoinMoin issues: add CVE references |
1.1_1
05 Jan 2013 12:54:28
|
crees |
Freetype 2.4.8 vulnerabilities were already documented.
While here, correct pkgname
Noticed by: kwm |
1.1_1
05 Jan 2013 11:29:01
|
crees |
Mark moinmoin vulnerable
Security: http://www.debian.org/security/2012/dsa-2593
document freetype vulnerabilities
Security: CVE-2012-(1126-1144) |
1.1_1
04 Jan 2013 07:30:10
|
erwin |
Bump copyright to 2013. |
1.1_1
03 Jan 2013 19:46:51
|
flo |
Add correct version numbers to the recent asterisk entry
Pointy hat to: flo |
1.1_1
03 Jan 2013 19:41:31
|
flo |
- update net/asterisk to 1.8.19.1
- update net/asterisk10 to 10.11.1
- update net/asterisk11 to 10.1.2
- add vuln.xml entry
Security: f7c87a8a-55d5-11e2-a255-c8600054b392 |
1.1_1
02 Jan 2013 12:28:47
|
crees |
Note charybdis and ircd-ratbox vulnerabilities
PR: ports/174878
Security: http://www.ratbox.org/ASA-2012-12-31.txt |
As an Amazon Associate I earn from qualifying purchases.
