Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 28 Apr 2009 21:32:24 |
stas |
- CVE-2007-3387 has been fixed in pdftohtml 0.39_3. |
1.1_1 22 Apr 2009 08:38:33 |
miwi |
- Document mozilla -- multiple vulnerabilities |
1.1_1 18 Apr 2009 18:26:26 |
marcus |
Document the recent poppler vulnerabilities fixed in 0.10.6.
PR: 133838
Submitted by: Mark Foster <mark@foster.cc>
Approved by: portmgr (implicit) |
1.1_1 18 Apr 2009 17:55:20 |
miwi |
- Rework previus entry (xpdf -- multiple vulnerabilities)
* fix typos
* added more information about security issues
* added more reference sites
Approved by: portmgr (secteam blanked) |
1.1_1 18 Apr 2009 17:20:19 |
araujo |
- Document xpdf -- multiple vulnerabilities
Approved by: portmgr (erwin) |
1.1_1 18 Apr 2009 09:41:32 |
miwi |
- Document freetype2 -- multiple vulnerabilities
Approved by: portmgr (secteam blanked) |
1.1_1 17 Apr 2009 16:51:06 |
wxs |
- Document ejabberd cross-site scripting vulnerability.
PR: ports/132800
Submitted by: Mark Foster <mark@foster.cc>
Reviewed by: miwi
Approved by: portmgr (secteam blanket, explicitly miwi) |
1.1_1 15 Apr 2009 13:34:52 |
miwi |
- Document ziproxy -- Multiple HTTP Proxy HTTP Host Header Incorrect Relay
Behavior Vulnerability
Approved by: portmgr (secteam blanked) |
1.1_1 15 Apr 2009 13:17:13 |
miwi |
- Document phpmyadmin -- insufficient output sanitizing when generating
configuration file
Approved by: portmgr (secteam blanked) |
1.1_1 11 Apr 2009 12:01:18 |
miwi |
- Document drupal6-cck -- cross-site scripting
PR: 133550
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
1.1_1 27 Mar 2009 21:49:39 |
miwi |
- Document pivot-weblog -- file deletion vulnerability |
1.1_1 26 Mar 2009 14:13:03 |
mat |
Fix the roundcube version of CVE-2009-0413, should be 0.2.1,1 and not 0.2.1.
Pointy Hat To: miwi |
1.1_1 25 Mar 2009 07:41:42 |
delphij |
Document phpmyadmin: insufficient output sanitizing when generating
configuration file. |
1.1_1 23 Mar 2009 15:43:25 |
miwi |
- Update 8e8b8b94-7f1d-11dd-a66a-0019666436c2 (www/rubygem-rails) now secure
- Bump modified day
Reported by: Mike Duchene |
1.1_1 23 Mar 2009 15:28:09 |
miwi |
- Fix daf045d7-b211-11dd-a987-000c29ca8953
- Fix discovery date
- Tell portaudit net-snmp is secure
Reported by: Oliver Brandmueller <ob@e-Gitt.NET> (via private mail)
Reviewed by: tabthorpe |
1.1_1 23 Mar 2009 15:08:29 |
miwi |
- Update zabbix entry is now secure |
1.1_1 23 Mar 2009 14:22:46 |
miwi |
- Fix spelling |
1.1_1 23 Mar 2009 14:17:47 |
miwi |
- Document amarok -- multiple vulnerabilitie
PR: based on 132938 |
1.1_1 23 Mar 2009 14:09:31 |
miwi |
- Fix portaudit build
- Rework latest wireshark entry
- Bump modified |
1.1_1 22 Mar 2009 19:26:13 |
miwi |
- Cleanup latest Wireshark entry |
1.1_1 22 Mar 2009 19:24:02 |
miwi |
- Bump modified date for zope entry |
1.1_1 22 Mar 2009 18:24:25 |
pav |
- zope-2.7.9_2 secure |
1.1_1 22 Mar 2009 17:11:18 |
marcus |
Add an entry for Wireshark less than or equal to 1.0.5 pertaining to
multiple DoS situations as described at
http://www.wireshark.org/security/wnpa-sec-2009-01.html.
PR: 131688
Submitted by: Mark Foster <mark@foster.cc> |
1.1_1 20 Mar 2009 22:01:24 |
miwi |
- Mark *seamonkey as safe |
1.1_1 20 Mar 2009 21:59:37 |
miwi |
- Add CVE's referenc to 78f5606b-f9d1-11dd-b79c-0030843d3802
PR: 132797
Submitted by: Mark Foster <mark@foster.cc> |
1.1_1 20 Mar 2009 21:13:46 |
miwi |
- Mark mail/*thunderbird as safe |
1.1_1 18 Mar 2009 16:18:57 |
miwi |
- Added more references to the netatalk |
1.1_1 18 Mar 2009 15:34:56 |
miwi |
- Small cleanup |
1.1_1 18 Mar 2009 15:05:04 |
miwi |
- Document netatalk -- arbitrary command execution in papd daemon
PR: based on 132427
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
1.1_1 16 Mar 2009 21:01:10 |
miwi |
- Fix discovery date from previous entry |
1.1_1 16 Mar 2009 20:37:17 |
miwi |
- Document gstreamer-plugins-good -- multiple memory overflows
PR: based on 132428 |
1.1_1 16 Mar 2009 19:50:10 |
miwi |
- Document libsndfile -- CAF processing integer overflow vulnerability
PR: based on 132371 |
1.1_1 16 Mar 2009 19:33:23 |
miwi |
- Fix roundcube entry
Pointy hat to: me |
1.1_1 16 Mar 2009 19:25:07 |
miwi |
- Document ffmpeg -- 4xm processing memory corruption vulnerability
PR: based on 132434
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
1.1_1 16 Mar 2009 18:49:33 |
miwi |
- Document roundcube -- webmail script insertion and php code injection
PR: based on 130968 |
1.1_1 16 Mar 2009 18:11:52 |
miwi |
- Document proftpd -- multiple sql injection vulnerabilities
PR: based on 132369 |
1.1_1 16 Mar 2009 17:51:11 |
miwi |
- Fix a typo |
1.1_1 16 Mar 2009 17:38:25 |
miwi |
- Document zappix -- php frontend multiple vulnerabilities
PR: based on 132315 |
1.1_1 16 Mar 2009 17:13:49 |
miwi |
- Document php-mbstring -- php mbstring buffer overflow vulnerability
PR: based on 130603 |
1.1_1 16 Mar 2009 17:01:05 |
miwi |
- Document phppgadmin -- directory traversal with register_globals enabled
PR: based on 132346 |
1.1_1 15 Mar 2009 20:42:26 |
miwi |
- Document opera -- multiple vulnerabilities
PR: based on 132437 |
1.1_1 14 Mar 2009 08:35:45 |
miwi |
- Clean up latest curl entry |
1.1_1 12 Mar 2009 02:30:02 |
tabthorpe |
- Document epiphany -- untrusted search path vulnerability |
1.1_1 11 Mar 2009 20:17:11 |
tabthorpe |
- Document apache -- Cross-site scripting vulnerability |
1.1_1 05 Mar 2009 00:35:08 |
amdmi3 |
- Document pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability
Reviewed by: tabthorpe |
1.1_1 04 Mar 2009 15:30:27 |
roam |
Document the cURL redirection security bypass - CVE-2009-0037.
I'll update the ftp/curl port itself ASAP.
PR: 132299
Reported by: Mark Foster <mark@foster.cc> (the PR),
Daniel Bond <db@danielbond.org> (e-mail) |
1.1_1 23 Feb 2009 20:48:17 |
marcus |
Bump the modified date for the previous Firefox change.
Requested by: miwi |
1.1_1 23 Feb 2009 20:41:48 |
marcus |
Correct the Firefox 2.0 version for the recent Firefox vulnerabilities. |
1.1_1 23 Feb 2009 00:53:23 |
mnag |
- Add CVE entries for last lighttpd security issue.
Reported by: Eygene Ryabinkin <rea-fbsd___codelabs.ru> |
1.1_1 18 Feb 2009 18:06:37 |
glarkin |
- Update to 1.7.5
- Added UPDATING entry about incompatibility between 1.7.4 and 1.7.5
- Added vuln.xml entry for local file inclusion vulnerability in <1.7.5
- Added maintainer mode target in ZF Makefile to speed up fixups of
pkg-plist output from genplist
Security: cf495fd4-fdcd-11dd-9a86-0050568452ac
Security: http://framework.zend.com/issues/browse/ZF-5748
Security:
http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html |
1.1_1 17 Feb 2009 21:11:06 |
jadawin |
- Document dia -- remote command execution vulnerability
Reviewed by: miwi |
1.1_1 15 Feb 2009 21:45:30 |
miwi |
- Document pycrypto -- ARC2 module buffer overflow
PR: based on 131689
Submitted by: Mark Foster <mark@foster.cc> |
1.1_1 15 Feb 2009 18:23:19 |
marcus |
Update the latest firefox vulnerability ranges. |
1.1_1 15 Feb 2009 13:29:57 |
kuriyama |
Minor whitespace nits. |
1.1_1 15 Feb 2009 13:08:20 |
miwi |
- Update previous entry
* remove duplicate bid entry
* add more referens
* fix whitespaces |
1.1_1 15 Feb 2009 11:06:48 |
des |
Document Varnish 2.0 DoS.
PR: ports/131690
Submitted by: Mark Foster <mark@foster.cc> |
1.1_1 13 Feb 2009 13:30:03 |
miwi |
- Document tor -- multiple vulnerabilites |
1.1_1 11 Feb 2009 19:15:08 |
miwi |
- Fix portaudit conflict with www/firefox and www/firefox3
- Mark www/firefox and www/linux-firefox FORBIDDEN
Discussion by: simon/stas
With hat: secteam |
1.1_1 11 Feb 2009 16:52:36 |
miwi |
- Fix latest firefox entry |
1.1_1 11 Feb 2009 14:37:26 |
miwi |
- Document firefox -- multiple vulnerabilities |
1.1_1 11 Feb 2009 14:15:25 |
glarkin |
- document codeigniter -- arbitrary script execution in the new
Form Validationclass |
1.1_1 11 Feb 2009 13:36:14 |
jadawin |
- Document pyblosxom -- atom flavor multiple XML injection vulnerabilities
Reviewed by: miwi |
1.1_1 11 Feb 2009 10:15:26 |
miwi |
- Document typo3 -- cross-site scripting and information disclosure |
1.1_1 10 Feb 2009 20:53:22 |
miwi |
- Update latest squid* entry
Add CVE-2009-0478
Submitted by: jadawin |
1.1_1 09 Feb 2009 17:55:33 |
stas |
- Update ruby vuxml entries due to ruby19 version bump. |
1.1_1 09 Feb 2009 15:31:02 |
miwi |
- Document amaya -- multiple buffer overflow vulnerabilities
PR: based on 131508
Submitted by: Mark Foster <mark@foster.cc> |
1.1_1 09 Feb 2009 14:52:55 |
miwi |
- Document websvn -- multiple vulnerabilities
PR: based on 130934
Submitted by: Mark Foster <mark@foster.cc> |
1.1_1 09 Feb 2009 14:20:16 |
miwi |
- Document phplist -- local file inclusion vulnerability
PR: based on 130932 |
1.1_1 09 Feb 2009 14:04:18 |
miwi |
- Document squid -- remote denial of service vulnerability
PR: based on 131431 |
1.1_1 09 Feb 2009 13:41:36 |
miwi |
- Fix topic s/typo/typo3 |
1.1_1 09 Feb 2009 13:30:09 |
miwi |
- Document typo3 -- Multiple Vulnerabilities |
1.1_1 06 Feb 2009 19:59:49 |
miwi |
- Fix previous entry |
1.1_1 06 Feb 2009 19:35:47 |
tmclaugh |
Security update for sudo to 1.6.9p20 for CVE 2009-0034
Changes:
- Only use the cached supplementory group vector when matching groups
for the invoking user. (security)
- When setting the umask, use the union of the user's umask and the
default value set in sudoers so that we never lower the user's umask
when running a command.
- Sudo now operates in the C locale again when doing a match against
sudoers.
PR: 131446
Submitted by: Eygene Ryabinkin
Security: vid:13d6d997-f455-11dd-8516-001b77d09812 |
1.1_1 04 Feb 2009 14:01:58 |
miwi |
- Fix a typo (s/drual/drupal) |
1.1_1 04 Feb 2009 13:53:49 |
miwi |
- Cleanup |
1.1_1 04 Feb 2009 13:47:09 |
miwi |
- Document drupal -- multible vulnerabilities |
1.1_1 04 Feb 2009 06:47:06 |
ale |
Update php5-gd entry. |
1.1_1 03 Feb 2009 21:42:52 |
miwi |
- Document perl -- Directory Permissions Race Condition
PR: based on 129317 |
1.1_1 30 Jan 2009 09:55:02 |
miwi |
- Rework ganglia entry
* Fix topic
* Fix discovery and entry day |
1.1_1 30 Jan 2009 09:13:58 |
miwi |
- Set modified for b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e entry
- more cleanup |
1.1_1 30 Jan 2009 08:59:45 |
miwi |
- Document moinmoin -- multiple cross site scripting vulnerabilities |
1.1_1 30 Jan 2009 08:51:50 |
miwi |
- Cleanup previous entry
* remove whitespaces
* sort bid/cvename/url |
1.1_1 30 Jan 2009 03:56:35 |
brooks |
Upgrade Ganglia to 3.1.1 plus a fix for CVE-2009-0241.
PR: ports/129822, ports/131067
Submitted by: Mark Foster <mark at foster dot cc> (vuxml)
Security: vid:b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e |
1.1_1 29 Jan 2009 22:49:10 |
miwi |
- Document Tor -- Unspecified Memory Corruption Vulnerability |
1.1_1 28 Jan 2009 13:11:24 |
miwi |
- Cleanup
* Fix whitespaces/ Tabs
* Sort <bid>/<cvename>/<url> |
1.1_1 28 Jan 2009 13:05:29 |
miwi |
- Rewording 2ffb1b0d-ecf5-11dd-abae-00219b0fc4d (glpi -- SQL Injection)
- Add more reference sites |
1.1_1 28 Jan 2009 05:07:48 |
pgollucci |
Document glpi -- SQL Injection vulnerabilty
PR: ports/131011
Submitted by: Mathias Monnerville <mathias@monnerville.com> |
1.1_1 25 Jan 2009 00:56:18 |
tabthorpe |
- Document openfire -- multiple vulnerabilities
PR: ports/130606
Submitted by: Mark Foster <mark foster.cc> |
1.1_1 24 Jan 2009 02:31:09 |
delphij |
Update information about 9fff8dc8-7aa7-11da-bf72-00123f589060
and 651996e0-fe07-11d9-8329-000e0c2e438a, newer versions of
apache+ipv6 has the problems fixed.
Submitted by: sumikawa |
1.1_1 21 Jan 2009 19:44:15 |
wxs |
- Document two old ipsec-tools DoS
PR: ports/129468
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
1.1_1 20 Jan 2009 15:20:17 |
wxs |
- Document directory traversal bug in teamspeak server
PR: ports/130608
Submitted by: Mark Foster <mark@foster.cc> |
1.1_1 19 Jan 2009 20:21:31 |
wxs |
- Document graphics/optipng buffer overflow
PR: ports/129072
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
1.1_1 19 Jan 2009 20:04:50 |
wxs |
- Document old gitweb privilege escalation vulnerability.
PR: ports/130600
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
1.1_1 16 Jan 2009 16:11:04 |
naddy |
Document vulnerability in older versions of GNU tar.
PR: 130602
Submitted by: Mark Foster <mark@foster.cc> |
1.1_1 16 Jan 2009 00:02:53 |
miwi |
- Mark net-mgmt/nagios2 as secure |
1.1_1 15 Jan 2009 23:00:51 |
miwi |
- Document mplayer -- vulnerability in STR files processor
PR: based on 130573 |
1.1_1 13 Jan 2009 12:22:21 |
miwi |
- Cleanup previous entry
- Add more references |
1.1_1 13 Jan 2009 03:30:53 |
wxs |
- Add missing blockquote and linewrap properly |
1.1_1 13 Jan 2009 03:19:19 |
wxs |
- Document cgiwrap XSS vulnerability
PR: ports/130277
Submitted by: Eric W. Bates <ericx@vineyard.net> |
1.1_1 12 Jan 2009 12:27:39 |
miwi |
- Document nagios -- web interface privilege escalation vulnerability |