Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_6 15 Feb 2023 19:06:01 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6 14 Feb 2023 13:55:02 |
Wen Heping (wen) |
security/vuxml: Fix typo in my previous commit
Reported by: dan@langille.org(via email) |
1.1_6 14 Feb 2023 12:03:59 |
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_6 13 Feb 2023 14:13:53 |
Tijl Coosemans (tijl) |
security/vuxml: Document GNUTLS-SA-2020-07-14
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 |
1.1_6 12 Feb 2023 20:57:44 |
Florian Smeets (flo) |
security/vuxml: Document phpmyfaq vulnerabilities |
1.1_6 10 Feb 2023 20:49:46 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 110.0.5481.77
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html |
1.1_6 09 Feb 2023 15:05:24 |
Palle Girgensohn (girgen) |
security/vuxml: update PostgreSQL CVE-2022-41862
The problem is with libpq, part of the postgresql-client packages. |
1.1_6 09 Feb 2023 15:00:48 |
Palle Girgensohn (girgen) |
security/vuxml: add entry for PostgreSQL CVE-2022-41862 |
1.1_6 09 Feb 2023 10:16:46 |
Fernando Apesteguía (fernape) Author: Boris Korzun |
security/vuxml: Record grafana{8,9} vulnerabilities
CVE-2022-39324 and CVE-2022-23552 |
1.1_6 08 Feb 2023 18:01:14 |
Bernard Spil (brnrd) |
security/vuxml: Document LibreSSL vulnerability |
1.1_6 08 Feb 2023 04:18:57 |
Koichiro Iwao (meta) |
security/vuxml: Fix affected version of tightvnc
Forgot to include PORTREVISION.
Reported by: jbeich |
1.1_6 08 Feb 2023 03:34:57 |
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.7,1 as vulnerable |
1.1_6 08 Feb 2023 02:29:38 |
Koichiro Iwao (meta) |
security/vuxml: Document TightVNC multiplevulnerability |
1.1_6 07 Feb 2023 19:53:59 |
Bernard Spil (brnrd) |
security/vuxml: Document new OpenSSL vulnerabilities |
1.1_6 06 Feb 2023 01:25:30 |
Wen Heping (wen) |
security/vuxml: Document django multiple vulnerabilities |
1.1_6 05 Feb 2023 14:34:45 |
Fernando Apesteguía (fernape) |
security/vuxml: Fix kafka version
Use 3.3.2 since we don't have the 3.4.x branch.
Fixes: 37508462426c3674c0b32cc7e8cb38dbafc2ecd5 |
1.1_6 04 Feb 2023 19:27:58 |
Fernando Apesteguía (fernape) |
security/vuxml: Register net/kafka stack overflow vulnerability
CVE-2020-36518
PR: 269170 |
1.1_6 04 Feb 2023 19:04:32 |
Fernando Apesteguía (fernape) |
security/vuxml: Register sysutils/node_exporter vulnerability
CVE-2022-46146
Note that in
https://cgit.freebsd.org/ports/commit/?id=8b5d2b9a9ec7985158a814e2cdf9022d785b9090
three CVEs are mentioned: CVE-2022-27191 CVE-2022-27664 CVE-2022-46146
However, according to: https://github.com/prometheus/node_exporter/pull/2488
node_exported is not really affected by those Go vulnerabilities. However
the dependencies were bumped anyway. |
1.1_6 03 Feb 2023 13:38:45 |
Koichiro Iwao (meta) Author: Tom Hukins |
security/vuxml: fix a typo
Pull Request: https://github.com/freebsd/freebsd-ports/pull/155 |
1.1_6 02 Feb 2023 20:49:55 |
Florian Smeets (flo) |
security/vuxml: Belatedly record vulnerabilities fixed in asterisk 18.15.1 |
1.1_6 02 Feb 2023 13:57:36 |
Nicola Vitale (nivit) |
security/vuxml: Add audio/py-spotipy <= 2.22.0
Security: CVE-2023-23608 |
1.1_6 01 Feb 2023 19:04:19 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.6 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.6
This release fixes the following potential DoS vulnerabilities:
- A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
- Receiving a series of packets that start with HTTP/1.0 and then
switch to HTTP/0.9 could cause Zeek to spend a large amount of
time processing the packets.
- Receiving large numbers of FTP commands sequentially from the
network with bad data in them could cause Zeek to spend a large
amount of time processing the packets, and generate a large
amount of events.
Reported by: Tim Wojtulewicz |
1.1_6 01 Feb 2023 05:02:56 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6 30 Jan 2023 11:28:30 |
Nuno Teixeira (eduardo) |
security/vuxml: Document CVE-2021-42835 for
multimedia/plexmediaserver{-plexpass} < 1.25.0
PR: 269226
Reported by: grahamperrin |
1.1_6 30 Jan 2023 10:26:13 |
Fernando Apesteguía (fernape) |
security/vuxml: add net-mgmt/prometheus basic authentication bypass
CVE-2022-46146
PR: 269153
Reported by: dor.bsd@xm0.uk (maintainer) |
1.1_6 25 Jan 2023 11:35:34 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 109.0.5414.119
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html |
1.1_6 25 Jan 2023 08:11:56 |
Nuno Teixeira (eduardo) |
security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0
PR: 269147
Reported by: grahamperrin |
1.1_6 24 Jan 2023 20:37:23 |
Florian Smeets (flo) Author: Stefan Bethke |
security/vuxml: Record gitea vulnerability
PR: 269131 |
1.1_6 24 Jan 2023 06:46:41 |
Fernando Apesteguía (fernape) Author: Ralf van der Enden |
security/vuxml: register dns/powerdns-recursor vulnerability
CVE-2023-22617
PR: 269116 |
1.1_6 23 Jan 2023 13:20:06 |
Fernando Apesteguía (fernape) |
security/vuxml: register net/krill DoS vulnerability
CVE-2023-0158
PR: 269050 |
1.1_6 23 Jan 2023 13:08:45 |
Fernando Apesteguía (fernape) |
security/vuxml: register www/awstats vulnerability
PR: 269051 |
1.1_6 23 Jan 2023 12:55:09 |
Fernando Apesteguía (fernape) |
security/vuxml: register net/eternalterminal vulnerabilities
CVE-2022-48257 and CVE-2022-48258
PR: 269079 |
1.1_6 23 Jan 2023 12:42:21 |
Fernando Apesteguía (fernape) |
security/vuln: Fix file
It didn't pass `make validate`. |
1.1_6 21 Jan 2023 22:42:45 |
Alan Somers (asomers) |
security/vuxml: register shells/fish vulnerability
Arbitrary code execution if the attacker can convince the user to cd to
a directory the attacker controls.
CVE-2022-20001
PR: 263506 |
1.1_6 21 Jan 2023 21:48:04 |
Bernard Spil (brnrd) |
security/vuxml: Document 2023Q1 MySQL vulns |
1.1_6 20 Jan 2023 22:06:35 |
Florian Smeets (flo) |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_6 19 Jan 2023 02:29:32 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in rack |
1.1_6 18 Jan 2023 04:42:20 |
Yasuhiro Kimura (yasu) |
security/vuxml: Add redis6 as affecting package to
5fa68bd9-95d9-11ed-811a-080027f5fec9 |
1.1_6 17 Jan 2023 20:16:54 |
Bernard Spil (brnrd) |
security/vuxml: Document www/apache24 vulnerabilities |
1.1_6 17 Jan 2023 00:39:26 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6 16 Jan 2023 13:28:27 |
Fernando Apesteguía (fernape) |
security/vuxml: register security/keycloak vulnerability
Two Xstream related CVEs that might cause a DoS attack:
* CVE-2022-40151
* CVE-2022-41966
PR: 268939 |
1.1_6 14 Jan 2023 13:05:20 |
Rene Ladan (rene) |
security/vuxml: add security/tor < 0.4.7.13 for TROVE-2022-002
Obtained from: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730 |
1.1_6 13 Jan 2023 15:56:28 |
Dan Langille (dvl) |
security/vuxml: Correct range for devel/viewvc-devel
Changing a - to a . in the version
PR: 268754 |
1.1_6 13 Jan 2023 01:29:00 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document arbitary shell command execution vulnerability in Emacs |
1.1_6 11 Jan 2023 17:48:22 |
Fernando Apesteguía (fernape) |
security/vuxml: cassandra3 multiple vulnerabilities
CVE-2022-42003
CVE-2022-4200
CVE-2022-25857
CVE-2019-2684
CVE-2020-7238
CVE-2022-24823
CVE-2021-44521
CVE-2015-0886
PR: 267624 |
1.1_6 11 Jan 2023 15:38:34 |
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.5,1 as vulnerable |
1.1_6 11 Jan 2023 12:38:13 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_6 10 Jan 2023 19:46:56 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 109.0.5414.74
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html |
1.1_6 09 Jan 2023 10:15:47 |
Li-Wen Hsu (lwhsu) Author: Michael Glaus |
security/vuxml: Fix `make validate`
PR: 268837 |
1.1_6 09 Jan 2023 10:11:42 |
Li-Wen Hsu (lwhsu) Author: Michael Glaus |
security/vuxml: Add 2023 to the main XML file
PR: 268837 |
1.1_6 05 Jan 2023 19:34:06 |
Fernando Apesteguía (fernape) |
security/vuxml: Add net-mgmt/cacti vulnerability
A command injection vulnerability allows an unauthenticated user to execute
arbitrary code on a server running Cacti, if a specific data source was selected
for any monitored device.
PR: 268742 |
1.1_6 05 Jan 2023 19:08:43 |
Dan Langille (dvl) |
security/vuxml: amend entry adding CVE-2023-22456 in devel/viewvc-devel
PR: 268754
Security: CVE-2023-22456 |
1.1_6 05 Jan 2023 17:28:58 |
Dan Langille (dvl) |
security/vuxml: add an entry for CVE-2023-22464 in devel/viewvc-devel
Security: CVE-2023-22464 |
1.1_6 03 Jan 2023 11:12:27 |
Thierry Thomas (thierry) |
security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode
Security: CVE-2022-4170 |
1.1_6 02 Jan 2023 03:37:26 |
Li-Wen Hsu (lwhsu) Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268667 |
1.1_6 29 Dec 2022 13:11:38 |
Wen Heping (wen) |
security/vuxml: Remove the uncorrect <cvsname> line in my previous commit |
1.1_6 29 Dec 2022 11:22:22 |
Nuno Teixeira (eduardo) |
security/vuxml: Document Webtrees vulnerability
PR: 267466 |
1.1_6 29 Dec 2022 03:42:17 |
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6 28 Dec 2022 00:06:50 |
Ben Woods (woodsb02) |
security/vuxml: Document Netdata multiple vulnerabilities |
1.1_6 24 Dec 2022 15:48:09 |
Nuno Teixeira (eduardo) |
security/vuxml: Document FreeRDP multiple vulnerabilities
PR: 268539 |
1.1_6 23 Dec 2022 08:38:15 |
Nuno Teixeira (eduardo) Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268512 |
1.1_6 23 Dec 2022 04:03:22 |
Graham Perrin (grahamperrin) |
VuXML: fix typo in 2021 entry for accountsservice
Fixes: d227a2fea96e Document accountsservice vulnerability
Approved by: ports-secteam (riggs)
Differential revision: https://reviews.freebsd.org/D37721 |
1.1_6 17 Dec 2022 09:22:47 |
Wen Heping (wen) |
security/vuxml: Document typo3 multiple vulnerabilities |
1.1_6 14 Dec 2022 10:13:11 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 108.0.5359.124
Obtained
from: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html |
1.1_6 14 Dec 2022 01:32:19 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in cURL. |
1.1_6 13 Dec 2022 18:51:16 |
Florian Smeets (flo) |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_6 10 Dec 2022 18:42:39 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in net/traefik |
1.1_6 10 Dec 2022 18:42:38 |
Thomas Zander (riggs) |
security/vuxml: Make `make validate` pass again |
1.1_6 10 Dec 2022 14:07:46 |
Koichiro Iwao (meta) |
security/vuxml: Document multiple xrdp vulnerabilities
Obrained from: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21 |
1.1_6 08 Dec 2022 15:02:31 |
Wen Heping (wen) |
security/vuxml: Document python3[7-9] multiple vulnerabilities |
1.1_6 07 Dec 2022 14:54:30 |
Wen Heping (wen) |
security/vuxml: Document python310 multiple vulnerabilities |
1.1_6 07 Dec 2022 14:25:15 |
Wen Heping (wen) |
security/vuxml: Document python-3.11 vulnerabilities |
1.1_6 06 Dec 2022 21:14:44 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6 06 Dec 2022 15:13:19 |
Yasuhiro Kimura (yasu) |
security/vuxml: Adjust range of 84ab03b6-6c20-11ed-b519-080027f5fec9
Vulnerability of Ruby 3.2 is fixed with 3.2.0-rc1. |
1.1_6 03 Dec 2022 11:50:10 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 108.0.5359.94
Obtained
from: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html |
1.1_6 01 Dec 2022 14:03:36 |
Rodrigo Osorio (rodrigo) |
security/vuxml: Record rpm4 vulnerability.
Add multiple CVE fixed in latest rpm4 version.
PR: 267291 |
1.1_6 01 Dec 2022 11:28:32 |
Fernando Apesteguía (fernape) |
security/vuxml: Record grafana9 vulnerability.
Add privilege escalation for CVE-2022-31097.
PR: 268078 |
1.1_6 01 Dec 2022 05:18:14 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6 30 Nov 2022 12:14:44 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 108.0.5359.71
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html |
1.1_6 25 Nov 2022 10:16:29 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 107.0.5304.121
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html |
1.1_6 25 Nov 2022 01:57:40 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document HTTP response splitting vulnerability in rubygem-cgi |
1.1_6 24 Nov 2022 18:09:45 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.4 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.4
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of HTTP 0.9 packets can cause Zeek
to spend large amounts of time processing the packets.
- A specially-crafted FTP packet can cause Zeek to spend large
amounts of time processing the command.
- A specially-crafted IPv6 packet can cause Zeek to overflow memory
and potentially crash.
Reported by: Tim Wojtulewicz |
1.1_6 24 Nov 2022 16:14:42 |
Fernando Apesteguía (fernape) |
security/vuxml: Add multiple CVEs for advancecomp
PR: 267937 |
1.1_6 22 Nov 2022 03:53:57 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for security/tailscale |
1.1_6 18 Nov 2022 21:57:50 |
Nuno Teixeira (eduardo) |
security/vuxml: Document Apache Tomcat vulnerability
* CVE-2022-42252 Apache Tomcat - Request Smuggling
PR: 266984 |
1.1_6 17 Nov 2022 19:07:10 |
Cy Schubert (cy) |
security/vuxml: Add the krb5 1.19 vulnerable range |
1.1_6 15 Nov 2022 19:27:34 |
Rene Ladan (rene) |
security/vuxml: re-organize port
- move vuln-YYYY.xml files into vuln/ as just YYYY.xml
- this prevents problems with the new check_files hook when 2023 arrives. |
1.1_5 15 Nov 2022 18:27:45 |
Cy Schubert (cy) |
security/vuxml: Document CVE-2022-42898
Document MIT krb5 Security Advisory 2022-001: integer overflow
vulnerabilities in PAC parsing |
1.1_5 13 Nov 2022 00:18:39 |
Nuno Teixeira (eduardo) Author: Boris Korzun |
security/vuxml: Document Grafana multiple vulnerabilities
* CVE-2022-31123 - Plugin signature bypass
* CVE-2022-31130 - Data source and plugin proxy endpoints leaking
authentication tokens to some destination plugins
* CVE-2022-39201 - Data source and plugin proxy endpoints leaking
authentication tokens to some destination plugins
* CVE-2022-39229 - Improper authentication
* CVE-2022-39306 - Privilege escalation
* CVE-2022-39307 - Username enumeration
* CVE-2022-39328 - Privilege escalation (Critical)
https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/
https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/
PR: 267728 |
1.1_5 12 Nov 2022 13:43:56 |
Danilo G. Baio (dbaio) |
security/vuxml: Add devel/ipython issue
PR: 265082 |
1.1_5 11 Nov 2022 15:26:34 |
Florian Smeets (flo) |
security/vuxml: Document phpMyFAQ vulnerabilities |
1.1_5 10 Nov 2022 00:07:24 |
Danilo G. Baio (dbaio) |
security/vuxml: Add varnish cache security issues |
1.1_5 09 Nov 2022 10:55:59 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 107.0.5304.110
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html |
1.1_5 09 Nov 2022 01:08:16 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.3 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.3
This release fixes the following potential DoS vulnerabilities:
- Fix an issue where a specially-crafted FTP packet can cause Zeek
to spend large amounts of time attempting to search for valid
commands in the data stream.
- Fix a possible overflow in the Zeek dictionary code that may
lead to a memory leak.
- Fix an issue where a specially-crafted packet can cause Zeek to
spend large amounts of time reporting analyzer violations. (Only the first 15 lines of the commit message are shown above ) |
1.1_5 08 Nov 2022 16:30:57 |
Fernando Apesteguía (fernape) |
security/vuxml: register darkhttpd DoS vulnerability
PR: 267507
Reported by: Henrich Hartzer <henrichhartzer@tuta.io>
Security: CVE-2020-25691 |
1.1_5 08 Nov 2022 00:18:23 |
Cy Schubert (cy) |
security/vuxml: Document sudo CVE-2022-43995
Document a potential out-of-bounds write for passwords smaller than
eight bytes when crypt() is used.
PR: 267617
Security: CVE-2022-43995 |
1.1_5 05 Nov 2022 06:05:05 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_5 04 Nov 2022 08:51:02 |
Emmanuel Vadot (manu) |
security/vuxml: Document pixman heap overflow
Document CVE-2022-44638
Sponsored by: Beckhoff Automation GmbH & Co. KG |
1.1_5 02 Nov 2022 17:29:02 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerability |
1.1_5 01 Nov 2022 17:22:42 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL 3.0 vulnerabilities |