Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 30 Aug 2011 13:21:27 |
sbz |
- Fix entry date and use two ranges
Reviewed by: gahr@
Approved by: jadawin@ (mentor) |
1.1_1 30 Aug 2011 12:01:13 |
sbz |
- Document CVE-2011-3192 for recent apache DoS vulnerability
Approved by: jadawin@ (mentor)
Security:
http://vuxml.org/freebsd/7f6108d2-cea8-11e0-9d58-0800279895ea.html |
1.1_1 26 Aug 2011 18:12:00 |
delphij |
Upstream indicates that this only affects 4.40 and 4.41 so add a <ge> tag
to indicate that. |
1.1_1 26 Aug 2011 18:10:39 |
delphij |
Document stunnel heap corruption vulnerability. |
1.1_1 24 Aug 2011 22:43:04 |
bapt |
Fix discovery date |
1.1_1 24 Aug 2011 22:20:14 |
delphij |
DOcument phpMyAdmin CVE-2011-3181 (multiple XSS). |
1.1_1 23 Aug 2011 17:02:34 |
rene |
Document new Chromium vulnerabilities.
Obtained from: http://google-chrome-browser.com/releases
Security: CVE-2011-[2821, 2823-2829, 2839] |
1.1_1 23 Aug 2011 00:58:34 |
delphij |
Mark PHP5 < 5.3.7_2 as vulnerable to PHP bug #55439: crypt() returns only
the salt for MD5. |
1.1_1 20 Aug 2011 00:43:49 |
delphij |
Document multiple PHP vulnerabilities. |
1.1_1 19 Aug 2011 18:42:12 |
delphij |
Document Rails multiple vulnerabilities. |
1.1_1 19 Aug 2011 17:46:10 |
delphij |
Document dovecot DoS vulnerability. |
1.1_1 18 Aug 2011 19:06:26 |
skv |
Document "otrs" - vulnerabilities in OTRS-Core allows read access
to any file on local file system. |
1.1_1 16 Aug 2011 18:12:50 |
flo |
document recent mozilla vulnerabilities |
1.1_1 16 Aug 2011 17:36:06 |
delphij |
Document samba vulnerabilities of SWAT web interface. |
1.1_1 15 Aug 2011 20:00:37 |
wxs |
Adjust dates in 510b630e-c43b-11e0-916c-00e0815b8da8.
Noticed by: kwm@ |
1.1_1 14 Aug 2011 01:41:10 |
wxs |
- Document ISC DHCP server DoS. |
1.1_1 13 Aug 2011 18:19:06 |
skv |
Document "bugzilla" - multiple vulnerabilities. |
1.1_1 13 Aug 2011 15:02:29 |
crees |
Document dtc security issues
PR: ports/159736
Submitted by: Ansgar Burchardt <ansgar@debian.org> |
1.1_1 11 Aug 2011 08:37:56 |
kwm |
Document freetype2 and libXfont vulnabilities. |
1.1_1 10 Aug 2011 20:27:26 |
nox |
Update linux-f10-flashplugin to 10.3r183.5 .
Submitted by: pointyhat via erwin
Security:
http://www.freebsd.org/ports/portaudit/2c12ae0c-c38d-11e0-8eb7-001b2134ef46.html |
1.1_1 02 Aug 2011 17:57:05 |
rene |
Document new vulnerabilities for www/chromium ( < 13.0.782.107)
Obtained from: http://googlechromereleases.blogspot.com/
Security: CVE-2011-{2358-2361, 2782-2805, 2818-2819} |
1.1_1 28 Jul 2011 19:18:37 |
kwm |
Document libsoup security hole. |
1.1_1 28 Jul 2011 07:10:38 |
delphij |
Fix match of phpmyadmin in recent revisions. |
1.1_1 26 Jul 2011 02:12:47 |
swills |
- Add CVE reference for OpenSAML2 issue
- Use official citation |
1.1_1 26 Jul 2011 01:12:25 |
zi |
Document phpmyadmin vulnerabilities
Approved by: wxs (mentor) |
1.1_1 25 Jul 2011 23:47:57 |
swills |
Document OpenSAML2 issue |
1.1_1 20 Jul 2011 20:50:19 |
delphij |
Document rsync DoS issue (CVE-2011-1097). |
1.1_1 05 Jul 2011 23:39:46 |
dougb |
Document BIND vulnerabilities for ports. This was inspired by the PR,
but re-formatted and edited by me, so responsibility for errors is mine.
PR: ports/158672
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
1.1_1 03 Jul 2011 13:32:49 |
jlaffaye |
Document phpMyAdmin multiple vulnerabilities
Reviewed by: flo
Approved by: rene (mentor vacation) |
1.1_1 29 Jun 2011 10:15:18 |
flo |
document one more vulnerability in the recent asterisk entry |
1.1_1 28 Jun 2011 22:50:51 |
rene |
Document new vulnerabilities for www/chromium ( < 12.0.742.112)
Security: CVE-2011-[2345-2351] |
1.1_1 28 Jun 2011 00:57:09 |
wxs |
Add modified tag to 8a5770b4-54b5-11db-a5ae-00508d6a62df.
Noticed by: sahil@ |
1.1_1 27 Jun 2011 14:39:37 |
wxs |
Now that www/mambo is updated, fix the range in
8a5770b4-54b5-11db-a5ae-00508d6a62df. |
1.1_1 25 Jun 2011 22:48:01 |
flo |
document recent asterisk vulnerabilities |
1.1_1 24 Jun 2011 13:46:51 |
ashish |
- Document ejabberd vulnerability fixed in 2.1.8
PR: ports/158137
Submitted by: Ruslan Mahamatkhanov <cvs-src@yandex.ru>
Security:
http://vuxml.org/freebsd/01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6.html |
1.1_1 23 Jun 2011 12:36:04 |
flo |
- also mark firefox35 vulnerable |
1.1_1 21 Jun 2011 20:26:57 |
flo |
- document recent mozilla vulnerabilities [1]
- while here also document an older samba Denial of service vulnerability [2]
Security:
http://www.vuxml.org/freebsd/dfe40cff-9c3f-11e0-9bec-6c626dd55a41.html [1]
http://www.vuxml.org/freebsd/bfdbc7ec-9c3f-11e0-9bec-6c626dd55a41.html [2]
Requested by: timur [2] |
1.1_1 21 Jun 2011 17:50:00 |
culot |
Document piwik remote command execution vulnerability. |
1.1_1 20 Jun 2011 22:59:44 |
delphij |
Document dokuwiki XSS vulnerability. |
1.1_1 15 Jun 2011 19:53:02 |
nox |
Update linux-f10-flashplugin to 10.3r181.26 .
PR: ports/157900
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/55a528e8-9787-11e0-b24a-001b2134ef46.html |
1.1_1 15 Jun 2011 12:43:37 |
brix |
- Document CVE-2011-1408 in www/ikiwiki |
1.1_1 12 Jun 2011 05:15:32 |
miwi |
- Cleanup |
1.1_1 08 Jun 2011 20:49:57 |
nox |
Update to 10.3r181.22 .
PR: ports/157696
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/57573136-920e-11e0-bdc9-001b2134ef46.html |
1.1_1 07 Jun 2011 17:30:30 |
rene |
Document www/chromium vulnerabilities fixed in version 12.0.742.91
Security: CVE-2011-{1808-1819,2332,2342} |
1.1_1 07 Jun 2011 00:24:35 |
wxs |
- Document CVE-2011-1910
PR: ports/157548
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
1.1_1 06 Jun 2011 12:45:20 |
mandree |
Add CVE-2011-1947: fetchmail STARTTLS denial of service. |
1.1_1 03 Jun 2011 03:36:15 |
miwi |
- Cleanup |
1.1_1 02 Jun 2011 20:39:54 |
flo |
- document asterisk remote crash vulnerability
Security:
http://www.vuxml.org/freebsd/34ce5817-8d56-11e0-b5a2-6c626dd55a41.html |
1.1_1 02 Jun 2011 14:19:28 |
lev |
Document CVE-2011-1752, CVE-2011-1783 and CVE-2011-1921 in devel/subversion |
1.1_1 26 May 2011 13:54:08 |
wxs |
Document drupal6 multiple vulnerabilities.
Submitted by: Nick Hilliard <nick@foobar.org> |
1.1_1 25 May 2011 21:14:43 |
olgeni |
Document Erlang R14B02 ssh library vulnerability (cryptographically
weak RNG).
Security: CVE-2011-0766 |
1.1_1 25 May 2011 16:38:56 |
rene |
Document latest www/chromium vulnerabilities.
Security: CVE-2011-1801, -1804, -1806, -1807 |
1.1_1 25 May 2011 10:58:15 |
miwi |
- Cleanup Part 1
PS: wonder when pplz start to ask ports-security for review ... |
1.1_1 25 May 2011 09:44:01 |
sem |
- Document the last unbound vulnerability |
1.1_1 24 May 2011 23:51:21 |
ohauer |
- revert last change of apr-* entry
Broken build reported by wxs@ |
1.1_1 24 May 2011 22:59:52 |
ohauer |
- use apr-* and add <gt></gt> entries for all apr0/apr1 issues
(<gt> .. is needed else the parser cannot make a difference
between apr0 and apr1)
- lowercase ViewVC -> viewvc
Thanks Jun Kuriyama ( kuriyama@ ) for the notice and the patch
for the apr entries. |
1.1_1 24 May 2011 16:05:58 |
brooks |
Update the mod_pubcookie entry with an ap20 prefix. The port has alwasy
has USE_APACHE=2.0 in it so we can avoid enumarating all values of
APACHE_PKGNAMEPREFIX.
Pointy hat: brooks |
1.1_1 24 May 2011 06:19:13 |
simon |
Unbreak VuXML web build by changing "ap*-" to "ap-" in package name for
1ca8228f-858d-11e0-a76c-000743057ca2 / mod_pubcookie -- Empty
Authentication Security Advisory.
While the new one is likely not correct, this fixes the build until
somebody can put in the right thing. |
1.1_1 24 May 2011 05:55:10 |
delphij |
Fix build. |
1.1_1 23 May 2011 23:04:41 |
brooks |
Partially address several years of neglect of pubcookie. Indicate the
security issues in two two ports.
I've not use pubcookie in several year and given the lack of complaint
about the deprication of mod_pubcookie, I doubt anyone else uses it from
ports. The mod_pubcookie port has already expired and I've set a two
week expriation for pubcookie-login-server. If not maintainer
appears I will send both to the Attic on June 6th.
While I'm here, address the use of CONF_FILES and CONF_DIRS in
pubcookie-login-server to avoid getting in the way of progress. [0]
PR: ports/157164 [0]
Security: vuxml:115a1389-858e-11e0-a76c-000743057ca2
vuxml:1ca8228f-858d-11e0-a76c-000743057ca2 |
1.1_1 23 May 2011 22:22:44 |
ohauer |
- add entry for ViewVC < 1.1.11
- add entry for apr1 (CVE-2011-1928)
- correct version in previous apr1 entry
- run tidy |
1.1_1 23 May 2011 21:17:51 |
nox |
Update to 10.3r181.14 .
PR: ports/156996
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/d226626c-857f-11e0-95cc-001b2134ef46.html |
1.1_1 23 May 2011 10:58:03 |
mandree |
Document Opera Frameset unload code injection vulnerability. |
1.1_1 23 May 2011 09:58:16 |
delphij |
Document pure-ftpd multiple vulnerabilities prior to 1.0.32. |
1.1_1 14 May 2011 17:48:33 |
rea |
mail/exim: document CVE-2011-1764 and CVE-2011-1407
Both vulnerabilities are in the DKIM code and were fixed in 4.76.
Approved-by: erwin (mentor)
Feature-safe: yes |
1.1_1 13 May 2011 23:33:17 |
ohauer |
- document Apache APR DoS vulnerabilities |
1.1_1 13 May 2011 15:06:00 |
glarkin |
- Document www/zend-framework (potential SQL injection when using PDO_MySQL)
Security: http://framework.zend.com/security/advisory/ZF2011-02 |
1.1_1 12 May 2011 23:46:14 |
wxs |
Document mediawiki multiple vulnerabilities.
PR: ports/156914
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
1.1_1 12 May 2011 20:13:50 |
rene |
Document CVE-2011-1799 and CVE-2011-1800 for www/chromium |
1.1_1 12 May 2011 18:09:28 |
wxs |
Incorporate changes recommended by the tidy target. While here, properly
label dc9f8335-2b3b-11e0-a91b-00e0815b8da8. |
1.1_1 09 May 2011 13:11:11 |
sahil |
Document CVE-2011-1720: Postfix memory corruption error. |
1.1_1 30 Apr 2011 09:25:16 |
rene |
Document www/chromium vulnerabilities fixed in version 11.0.696.57
Security: CVE-2011-[1303-1305, 1434-1452, 1454-1456] |
1.1_1 29 Apr 2011 06:26:34 |
flo |
Document mozilla -- multiple vulnerabilities |
1.1_1 21 Apr 2011 22:41:45 |
flo |
- document recent asterisk vulnerabilities
- fix topic in RT entry |
1.1_1 17 Apr 2011 20:31:01 |
jsa |
Document VideoLAN-SA-1103. Heap corruption in MP4 demultiplexer in VLC. |
1.1_1 17 Apr 2011 18:32:15 |
nox |
Update to 10.2r159.1 .
Security:
http://www.freebsd.org/ports/portaudit/32b05547-6913-11e0-bdc4-001b2134ef46.html |
1.1_1 17 Apr 2011 10:59:05 |
flo |
Document multiple vulnerabilities in RT www/rt36 and www/rt38 |
1.1_1 14 Apr 2011 22:14:58 |
rene |
Document www/chromium vulnerabilities
Security: CVE-2011-1301, CVE-2011-1302 |
1.1_1 14 Apr 2011 21:08:30 |
simon |
Unbreak file format:
- Place <vuxml> tag at the start of the file.
- Close topic tags.
Pointy hat to: cy |
1.1_1 14 Apr 2011 19:51:41 |
cy |
Add the following for security/krb5:
MITKRB5-SA-2011-001 - kpropd denial of service
MITKRB5-SA-2011-002 - KDC denial of service attacks
MITKRB5-SA-2011-003 - KDC vulnerable to double-free when PKINIT enabled
MITKRB5-SA-2011-004 - kadmind invalid pointer free() |
1.1_1 14 Apr 2011 07:43:06 |
kwm |
Document a root exploit via rogue hostname in xrdb. |
1.1_1 13 Apr 2011 11:01:09 |
bapt |
Limit affected mupdf version to <0.8
Submitted by: tobez@ (irc) |
1.1_1 12 Apr 2011 17:52:28 |
skv |
Document "otrs" - several XSS attacks possible. |
1.1_1 12 Apr 2011 15:36:44 |
erwin |
Fix typo
Submitted by: Dan Langille <dan@langille.org> |
1.1_1 10 Apr 2011 21:39:37 |
wxs |
Document isc-dhcp41-client and isc-dhcp31-client vulnerabilities.
PR: ports/156246
Submitted by: Douglas Thrift <douglas@douglasthrift.net> |
1.1_1 09 Apr 2011 01:41:36 |
wxs |
Add CVE entry for recent tinyproxy vulnerability. |
1.1_1 08 Apr 2011 07:39:58 |
pav |
- tinyproxy |
1.1_1 01 Apr 2011 18:03:50 |
sem |
Document two quagga DoS vulnerabilities |
1.1_1 29 Mar 2011 13:50:13 |
kwm |
Add a missing </p>.
Pointed out by: jadawin@ |
1.1_1 29 Mar 2011 13:38:24 |
kwm |
Document gdm privilege escalation vulnerability |
1.1_1 26 Mar 2011 20:13:47 |
rene |
Document vulnerabilities before Chromium 10.0.648.204
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
1.1_1 25 Mar 2011 11:09:07 |
ale |
Add entries for php5-exif and php5-zip before 5.3.6 release.
PR: ports/155922
Submitted by: Chris Tandiono <christandiono@tbp.berkeley.edu> |
1.1_1 24 Mar 2011 18:40:35 |
nox |
Update to 10.2r153.
Security:
http://www.freebsd.org/ports/portaudit/501ee07a-5640-11e0-985a-001b2134ef46.html
PR: ports/155874
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1 24 Mar 2011 00:56:30 |
beat |
- Document mozilla -- update to HTTPS certificate blacklist |
1.1_1 19 Mar 2011 06:10:04 |
sahil |
Document CVE-2011-0411: Postfix "STARTTLS" Plaintext
Injection Vulnerability.
Reviewed by: miwi (secteam) |
1.1_1 17 Mar 2011 17:42:19 |
glarkin |
- Documented integer overflow in hiawatha web server
Submitted by: C-S <c-s@c-s.li> |
1.1_1 17 Mar 2011 00:03:10 |
delphij |
Document asterisk multiple vulnerabilities. |
1.1_1 14 Mar 2011 18:34:08 |
rene |
Mark chromium-9.0.597.107 and chromium-10.0.648.127 as vulnerable. |
1.1_1 14 Mar 2011 16:46:27 |
miwi |
- Cleanup a bit |
1.1_1 14 Mar 2011 16:25:12 |
miwi |
- Add correct infos to the avahi issus
- Add url to original advisory |