| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
19 Feb 2013 23:53:08
   |
flo  |
- update firefox to 19.0
- update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3
- update linux-seamonkey to 2.16
- update nspr to 4.9.5
- update nss to 3.14.3
- add DuckDuckGo search plugin to firefox [1]
- mark kompozer deprecated
- clang fixes for www/libxul19 [2]
Security: http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html
Submitted by: DuckDuckGo [1], dim [2]
In collaboration with: Jan Beich <jbeich@tormail.org> |
1.1_1
19 Feb 2013 00:19:14
|
zi |
- Fix version range for recent ruby vulnerabilities
(d3e96508-056b-4259-88ad-50dc8d1978a6 and c79eb109-a754-45d7-b552-a42099eb2265)
due to missing port epoch in package range
Submitted by: Matthias Andree <mandree@FreeBSD.org> |
1.1_1
17 Feb 2013 19:58:29
|
eadler |
Combine ranges into one entry to prevent false positives |
1.1_1
17 Feb 2013 16:47:06
|
swills |
- Document rubygem-rack issue |
1.1_1
17 Feb 2013 16:33:19
|
swills |
- Document activemodel issue |
1.1_1
17 Feb 2013 10:28:54
|
lwhsu |
Document Jenkins Security Advisory 2013-02-16 |
1.1_1
16 Feb 2013 17:03:28
|
rm |
- add entry for dns/poweradmin
PR: 175704
Submitted by: Edmondas Girkantas <eg@fbsd.lt> (maintainer of dns/poweradmin) |
1.1_1
16 Feb 2013 14:41:44
|
swills |
- Document ruby json issue |
1.1_1
16 Feb 2013 04:29:14
|
swills |
- Document vulnerability in rdoc |
1.1_1
08 Feb 2013 19:18:41
|
eadler |
Update flash to the latest version
PR: ports/175159
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1
08 Feb 2013 08:44:15
|
miwi |
- Fix whitespaces |
1.1_1
07 Feb 2013 02:10:29
|
eadler |
Fix vuxml build |
1.1_1
06 Feb 2013 20:06:18
|
dinoex |
- report openssl vulnerabilities |
1.1_1
01 Feb 2013 22:42:55
|
flo |
- update databases/mariadb-server to 5.3.12 [1]
- update databases/mariadb55-server 5.5.29 [2]
PR: ports/175764 [1]
PR: ports/175767 [2]
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer) [1]
Submitted by: Alexandr Kovalenko <never@nevermind.kiev.ua> (maintainer) [2]
Security: 8c773d7f-6cbb-11e2-b242-c8600054b392 |
1.1_1
01 Feb 2013 08:50:40
|
dinoex |
- report opera 12.12 vulnerabilities |
1.1_1
30 Jan 2013 18:34:03
|
pawel |
Document devel/upnp vulnerabilities |
1.1_1
29 Jan 2013 20:02:38
|
delphij |
Document wordpress multiple vulnerabilities. |
1.1_1
25 Jan 2013 09:37:56
|
cs |
Fix last entry: version 2.3.4 is also affected |
1.1_1
25 Jan 2013 02:08:57
|
wxs |
Fix whitespace in previous commit. |
1.1_1
25 Jan 2013 01:26:37
|
cs |
XSS vulnerability in py-django-cms |
1.1_1
23 Jan 2013 12:52:49
|
rene |
Document vulnerabilities in www/chromium < 24.0.1312.56
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1
20 Jan 2013 20:58:13
|
flo |
- update www/drupal6 to 6.28
- update www/drupal7 to 7.19
Security: http://www.vuxml.org/freebsd/1827f213-633e-11e2-8d93-c8600054b392.html
Approved by: portmgr (beat) |
1.1_1
16 Jan 2013 19:16:10
|
rea |
VuXML: add newly-allocated CVE for SQUID-2012:1
New CVE was allocated for the underfixed DoS and added possible
infinite loop in Squid 3.2 and 3.1. |
1.1_1
16 Jan 2013 19:13:32
|
rea |
VuXML: document buffer overflow in ettercap (CVE-2013-0722)
Reviewed by: simon@ |
1.1_1
16 Jan 2013 19:11:43
|
rea |
VuXML: document recent security manager bypass in Java 7.x
Reviewed by: glewis@, simon@ |
1.1_1
16 Jan 2013 07:39:28
|
delphij |
Properly limit the match for PHP 5.3.x and 5.2.x versions.
Noticed by: remko |
1.1_1
15 Jan 2013 22:06:19
|
delphij |
Apply version ranges of php53 and php52 to php5 as well. |
1.1_1
11 Jan 2013 14:11:28
|
zi |
- Fix discovery date on nagios vulnerability (CVE-2012-6096) |
1.1_1
11 Jan 2013 09:53:42
|
rea |
www/squid3x: upgrade to 3.1.23 and 3.2.6
Squid 3.1.23 is effectively Squid 3.1.22_2 with the final fix for
CVE-2012-5643 applied.
Squid 3.2.6 also received that abovementioned fix, but in comparison
with 3.2.5 from ports it has another change that fixes handling the
"tcp_outgoing_tos" directive for BSD-like systems, including FreeBSD,
http://bugs.squid-cache.org/show_bug.cgi?id=3731
VuXML entry for SQUID:2012-1 (aka CVE-2012-5643) was also updated to
reflect the proper version specifications from the updated advisory,
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Approved by: Thomas-Martin Seck <tmseck@web.de>
Security: http://portaudit.freebsd.org/c37de843-488e-11e2-a5c9-0019996bc1f7.html
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid31/3.1.23
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid32/3.2.6 |
1.1_1
11 Jan 2013 01:16:14
|
zi |
- Document vulnerability in net-mgmt/nagios (CVE-2012-6096) |
1.1_1
11 Jan 2013 00:32:48
|
rene |
Document vulnerabilities in www/chromium < 24.0.1312.52
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1
09 Jan 2013 23:28:20
|
flo |
- update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2
- update firefox-esr, thunderbird-esr and libxul to 10.0.12
- update linux-seamonkey to 2.15
Security: http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html |
1.1_1
09 Jan 2013 15:03:02
|
sem |
Fix <topic> style: common dash style, remove softvare versions |
1.1_1
09 Jan 2013 03:53:16
|
swills |
- Update rubygem-rails to 3.2.11
- Update ports require by rubygem-rails
- Add vuxml entry for rails security issues
Security: ca5d3272-59e3-11e2-853b-00262d5ed8ee
Security: b4051b52-58fa-11e2-853b-00262d5ed8ee |
1.1_1
08 Jan 2013 23:46:02
|
zi |
- Properly copy namespace attributes/resolve make validate issues
Reviewed by: simon@, eadler@
Approved by: zi (with ports-secteam hat) |
1.1_1
08 Jan 2013 05:18:15
|
lwhsu |
Document Jenkins 2013-01-04 Security Advisory |
1.1_1
06 Jan 2013 20:37:24
|
rea |
VuXML: extend entry for MoinMoin vulnerabilities fixed in 1.9.6
Use more verbose descriptions from CVE entries and trim citation
from CHANGES to the relevant parts. |
1.1_1
06 Jan 2013 18:14:24
|
lwhsu |
Document Django 2012-12-10 vulnerabilty |
1.1_1
06 Jan 2013 13:24:39
|
rea |
VuXML: fix r309982
Use proper tags for CVE identifiers. I should run 'make validate'
_every_ time before committing.
Pointyhat to: rea |
1.1_1
06 Jan 2013 13:10:10
|
rea |
VuXML for MoinMoin issues: add CVE references |
1.1_1
05 Jan 2013 12:54:28
|
crees |
Freetype 2.4.8 vulnerabilities were already documented.
While here, correct pkgname
Noticed by: kwm |
1.1_1
05 Jan 2013 11:29:01
|
crees |
Mark moinmoin vulnerable
Security: http://www.debian.org/security/2012/dsa-2593
document freetype vulnerabilities
Security: CVE-2012-(1126-1144) |
1.1_1
04 Jan 2013 07:30:10
|
erwin |
Bump copyright to 2013. |
1.1_1
03 Jan 2013 19:46:51
|
flo |
Add correct version numbers to the recent asterisk entry
Pointy hat to: flo |
1.1_1
03 Jan 2013 19:41:31
|
flo |
- update net/asterisk to 1.8.19.1
- update net/asterisk10 to 10.11.1
- update net/asterisk11 to 10.1.2
- add vuln.xml entry
Security: f7c87a8a-55d5-11e2-a255-c8600054b392 |
1.1_1
02 Jan 2013 12:28:47
|
crees |
Note charybdis and ircd-ratbox vulnerabilities
PR: ports/174878
Security: http://www.ratbox.org/ASA-2012-12-31.txt |
1.1_1
30 Dec 2012 23:13:04
|
anders |
Separate entries for Puppet 2.6 and 2.7. |
1.1_1
30 Dec 2012 20:10:42
|
cs |
Add OTRS vulnerabilities |
1.1_1
29 Dec 2012 19:53:47
|
rea |
VuXML entries for Tomcat: split into three distinct ones
They affect different Tomcat versions from 7.x branch, so don't let
users of VuXML be fooled on the affected software for each vulnerability.
Feature safe: yes |
1.1_1
28 Dec 2012 18:17:22
|
rea |
VuXML: add entry for DoS in Squid's cachemgr.cgi
Feature safe: yes
Submitted by: Thomas-Martin Seck <tmseck@web.de> |
1.1_1
18 Dec 2012 16:34:14
|
bdrewery |
Remove invalid entry |
1.1_1
18 Dec 2012 16:28:57
|
dinoex |
- add entry for opera 12.11 |
1.1_1
14 Dec 2012 09:09:16
|
delphij |
Fix typo.
Noticed by: mandree |
1.1_1
14 Dec 2012 03:51:08
|
jgh |
- add url block in references for 1657a3e6-4585-11e2-a396-10bf48230856 |
1.1_1
14 Dec 2012 00:41:42
|
delphij |
Update linux-f10-flashpulgin11 to 11.2r202.258 to address multiple
vulnerabilities that could cause a crash and potentially allow an
attacker to take control of the affected system.
Submitted by: Tsurutani Naoki <turutani scphys kyoto-u ac jp> |
1.1_1
12 Dec 2012 11:33:17
|
rene |
Document vulnerabilities in www/chromium < 23.0.1271.97
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1
05 Dec 2012 23:52:36
|
zi |
- Fix recent vulnerability entry for www/tomcat[67]
Reported by: Victor Balada Diaz <victor@bsdes.net>
Feature safe: yes |
1.1_1
05 Dec 2012 18:47:24
|
zi |
- Document recent vulnerabilities in www/tomcat6 and www/tomcat7
Requested by: Victor Balada Diaz <victor@bsdes.net>
Feature safe: yes |
1.1_1
05 Dec 2012 07:46:03
|
erwin |
Update to the latest patch level from ISC:
BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
vulnerable to a software defect that allows a crafted query to
crash the server with a REQUIRE assertion failure. Remote
exploitation of this defect can be achieved without extensive
effort, resulting in a denial-of-service (DoS) vector against
affected servers.
Security: 2892a8e2-3d68-11e2-8e01-0800273fe665
CVE-2012-5688
Feature safe: yes |
1.1_1
03 Dec 2012 22:49:43
|
mandree |
Add URL for recent bogofilter heap vuln', CVE-2012-5468, aka. vuln vid=
f524d8e0-3d83-11e2-807a-080027ef73ec
Feature safe: yes |
1.1_1
03 Dec 2012 20:16:21
|
mandree |
Update bogofilter to new upstream release 1.2.3.
Security update to fix a heap corruption bug with invalid base64 input,
reported and fixed by Julius Plenz, FU Berlin, Germany.
Feature safe: yes
Security: CVE-2012-5468
Security: f524d8e0-3d83-11e2-807a-080027ef73ec |
1.1_1
30 Nov 2012 09:13:32
|
rene |
Document vulnerabilities in www/chromium < 23.0.1271.95
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
1.1_1
29 Nov 2012 20:33:20
|
ohauer |
www/yahoo-ui
- fix CVE-2012-5881
security/vuxml
- adjust version (we have only 2.8.2 in the tree)
Feature safe: yes
Approved by: glarkin (maintainer) explicit |
1.1_1
28 Nov 2012 14:37:24
|
wxs |
Fix date in yahoo-ui entry.
Noticed by: dvl@
Feature safe: yes |
1.1_1
27 Nov 2012 20:09:35
|
ohauer |
- document www/yahoo-ui security issue and mark port forbidden [1]
pet portlint (maintainer is already notified)
- adjust CVE entries for bugzilla (CVE-2012-5475 was rejected) [2]
Feature safe: yes
Security: CVE-2012-5881 [1][2]
CVE-2012-5882 [1][2]
CVE-2012-5883 [2]
Approved by: glarkin (implicit) [1] |
1.1_1
27 Nov 2012 10:02:25
|
rene |
Describe new vulnerabilities in www/chromium < 23.0.1271.91
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
1.1_1
25 Nov 2012 15:42:23
|
flo |
- Update backports patch to 20121114
- Bump PORTREVISION
Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function
Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len
- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer (Only the first 15 lines of the commit message are shown above  ) |
1.1_1
25 Nov 2012 04:02:29
|
wxs |
Add entries for the following advisories:
FreeBSD-SA-12:08.linux
FreeBSD-SA-12:07.hostapd
FreeBSD-SA-12:06.bind
Feature safe: yes |
1.1_1
22 Nov 2012 20:27:45
|
dinoex |
- opera -- execution of arbitrary code
Feature safe: yes |
1.1_1
21 Nov 2012 14:35:31
|
mm |
Document new vulnerability in www/lighttpd 1.4.31
Feature safe: yes |
1.1_1
20 Nov 2012 23:01:15
|
flo |
- Update firefox and thunderbird to 17.0
- Update seamonkey to 2.14
- Update ESR ports and libxul to 10.0.11
- support more h264 codecs when using GSTREAMER with YouTube
- Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024 [1]
- Buildsystem is not python 3 aware, use python up to 2.7 [2]
PR: ports/173679 [1]
Submitted by: swills [1], demon [2]
In collaboration with: Jan Beich <jbeich@tormail.org>
Security: d23119df-335d-11e2-b64c-c8600054b392
Approved by: portmgr (beat)
Feature safe: yes |
1.1_1
18 Nov 2012 12:51:26
|
jase |
- Fix copy and paste error in latest weechat entry
(81826d12-317a-11e2-9186-406186f3d89d)
Feature safe: yes |
1.1_1
18 Nov 2012 12:46:40
|
jase |
- Document new vulnerability in irc/weechat and irc/weechat-devel
Feature safe: yes |
1.1_1
14 Nov 2012 19:29:42
|
ohauer |
- bugzilla security updates to version(s)
3.6.11, 4.0.8, 4.2.4
Summary
=======
The following security issues have been discovered in Bugzilla:
* Confidential product and component names can be disclosed to
unauthorized users if they are used to control the visibility of
a custom field.
* When calling the 'User.get' WebService method with a 'groups'
argument, it is possible to check if the given group names exist
or not. (Only the first 15 lines of the commit message are shown above ) |
1.1_1
13 Nov 2012 18:17:13
|
jase |
- Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c)
- Document assigned CVE Identifier
- Document workaround for vulnerable versions
Feature safe: yes |
1.1_1
12 Nov 2012 21:47:27
|
rene |
Document vulnerabilities in two typo3 components.
Obtained
from: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
Feature safe: yes |
1.1_1
12 Nov 2012 13:07:31
|
madpilot |
Fix typo.
Feature safe: yes |
1.1_1
12 Nov 2012 13:04:37
|
madpilot |
- Update to 2.7.1
- Convert to new options framework
- Document US-CERT VU#268267
- Trim Makefile headers
PR: ports/173226
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> (maintainer)
Feature safe: yes |
1.1_1
10 Nov 2012 15:17:31
|
swills |
- Improve latest ruby entry slightly
Feature safe: yes |
1.1_1
10 Nov 2012 14:45:55
|
jase |
- Modify recent e02c572f-2af0-11e2-bb44-003067b2972c entry
- Add constraints to vulnerable versions
- Add additional references
- Improve topic
- Correct description
Feature safe: yes |
1.1_1
10 Nov 2012 04:55:47
|
eadler |
Apply an upstream patch that fixes a security hole
when receiving a special colored message.
The maintainer was contacted but due to the nature of
the issue apply the patch ASAP.
Approved by: secteam-ports (swills)
Security: e02c572f-2af0-11e2-bb44-003067b2972c
Feature safe: yes |
1.1_1
10 Nov 2012 04:00:41
|
swills |
- Update lang/ruby19 to 1.9.3p327
- Document security issue in earlier versions
Security: 5e647ca3-2aea-11e2-b745-001fd0af1a4c
Feature safe: yes |
1.1_1
09 Nov 2012 23:02:15
|
jgh |
- clarification that ASF reported issue for:
- 152e4c7e-2a2e-11e2-99c7-00a0d181e71d
- 4ca26574-2a2c-11e2-99c7-00a0d181e71d
Feature safe: yes |
1.1_1
09 Nov 2012 19:09:32
|
jgh |
- document tomcat vulnerabilities
Feature safe: yes |
1.1_1
09 Nov 2012 04:31:14
|
eadler |
Update latest version and document security issues
PR: ports/173487
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security: 4b8b748e-2a24-11e2-bb44-003067b2972c
Feature safe: yes |
1.1_1
07 Nov 2012 10:15:19
|
rene |
Document new vulnerabilities in www/chromium < 23.0.1271.64
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
1.1_1
06 Nov 2012 20:45:14
|
crees |
Document opera vulnerabilities
Feature safe: yes |
1.1_1
05 Nov 2012 17:55:45
|
eadler |
Fix minor typo
Feature safe: yes |
1.1_1
05 Nov 2012 17:53:51
|
eadler |
Update latest version and document security issues
PR: ports/172619
Submitted by: tijl
Security: 36533a59-2770-11e2-bb44-003067b2972c
Feature safe: yes |
1.1_1
03 Nov 2012 11:59:52
|
crees |
Correct plural of "vulnerability"
Feature safe: yes |
1.1_1
02 Nov 2012 18:45:32
|
ohauer |
- update apache22 to version 2.22.23
- trim vuxml/Makefile header
with hat apache@
Feature safe: yes
Security: CVE-2012-2687 |
1.1_1
02 Nov 2012 18:08:19
|
olgeni |
Add entry for webmin < 1.600_1 (potential XSS attack).
Feature safe: yes |
1.1_1
02 Nov 2012 03:17:18
|
bdrewery |
- Document ruby vulnerabilities:
* CVE-2012-4464 + CVE-2012-4466
$SAFE escaping vulnerability about Exception#to_s / NameError#to_s
* CVE-2012-4522
Unintentional file creation caused by inserting an illegal NUL character
Reviewed by: eadler
Feature safe: yes |
1.1_1
01 Nov 2012 14:10:55
|
flo |
Update to 3.8.15
Security: 4b738d54-2427-11e2-9817-c8600054b392
Feature safe: yes |
1.1_1
30 Oct 2012 21:01:17
|
rm |
- update to 7.16 [1]
while here:
- trim Makefile header
- remove indefinite article in COMMENT
- remove IGNORE_WITH_PHP and IGNORE_WITH_PGSQL since
we have not this versions in the tree anymore
- fix pkg-plist
- add vuxml entry
PR: 173211
Submitted by: Rick van der Zwet <info at rickvanderzwet dot nl> [1]
Approved by: Nick Hilliard <nick at foobar dot org> (maintainer)
Security: 2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5
Feature safe: yes |
1.1_1
28 Oct 2012 17:03:29
|
flo |
- Update www/firefox{,-i18n} to 16.0.2
- Update seamonkey to 2.13.2
- Update ESR ports and libxul to 10.0.10
- Update nspr to 4.9.3
- Update nss to 3.14
- with GNOMEVFS2 option build its extension, too [1]
- make heap-committed and heap-dirty reporters work in about:memory
- properly mark QT4 as experimental (needs love upstream)
- *miscellaneous cleanups and fixups*
mail/thunderbird will be updated once the tarballs are available.
PR: ports/173052 [1]
Security: 6b3b1b97-207c-11e2-a03f-c8600054b392
Feature safe: yes
In collaboration with: Jan Beich <jbeich@tormail.org> |
1.1_1
26 Oct 2012 08:46:40
|
rea |
mail/exim: upgrade to 4.80.1
This is bugfix-only release, it eliminates remote code execution
in the DKIM code.
Security: http://www.vuxml.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html
QA page: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1
Feature safe: yes |
1.1_1
25 Oct 2012 19:31:50
|
rm |
- add CVE reference (still in reserved state) for recent django vulnerabilty
Feature safe: yes |
1.1_1
25 Oct 2012 10:12:42
|
rm |
- update django ports to 1.3.4 and 1.4.2, that fixing couple of security issues.
All users are encouraged to upgrade immediately.
- add vuxml entry
changes common for both ports:
- trim Makefile header
- strict python version to 2.x only
- utilize options framework multiple choice feature to let user to choose
database backends needed. Make SQLITE option default
- shorten description of HTMLDOCS_DESC to make it fit into dialog screen
- SITELIBDIR -> PKGNAMEPREFIX change in dependencies
- convert NOPORTDOCS condition to optionsng
- tab -> space change in pkg-descr
PR: 173017
Submitted by: rm (myself)
Approved by: lwhsu (maintainer, by mail)
Security: 5f326d75-1db9-11e2-bc8f-d0df9acfd7e5
Feature safe: yes |
1.1_1
22 Oct 2012 02:37:08
|
wxs |
Document multiple wireshark vulnerabilities.
Feature safe: yes |
As an Amazon Associate I earn from qualifying purchases.
