| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
26 May 2011 13:54:08
  |
wxs  |
Document drupal6 multiple vulnerabilities.
Submitted by: Nick Hilliard <nick@foobar.org> |
1.1_1
25 May 2011 21:14:43
|
olgeni |
Document Erlang R14B02 ssh library vulnerability (cryptographically
weak RNG).
Security: CVE-2011-0766 |
1.1_1
25 May 2011 16:38:56
|
rene |
Document latest www/chromium vulnerabilities.
Security: CVE-2011-1801, -1804, -1806, -1807 |
1.1_1
25 May 2011 10:58:15
|
miwi |
- Cleanup Part 1
PS: wonder when pplz start to ask ports-security for review ... |
1.1_1
25 May 2011 09:44:01
|
sem |
- Document the last unbound vulnerability |
1.1_1
24 May 2011 23:51:21
|
ohauer |
- revert last change of apr-* entry
Broken build reported by wxs@ |
1.1_1
24 May 2011 22:59:52
|
ohauer |
- use apr-* and add <gt></gt> entries for all apr0/apr1 issues
(<gt> .. is needed else the parser cannot make a difference
between apr0 and apr1)
- lowercase ViewVC -> viewvc
Thanks Jun Kuriyama ( kuriyama@ ) for the notice and the patch
for the apr entries. |
1.1_1
24 May 2011 16:05:58
|
brooks |
Update the mod_pubcookie entry with an ap20 prefix. The port has alwasy
has USE_APACHE=2.0 in it so we can avoid enumarating all values of
APACHE_PKGNAMEPREFIX.
Pointy hat: brooks |
1.1_1
24 May 2011 06:19:13
|
simon |
Unbreak VuXML web build by changing "ap*-" to "ap-" in package name for
1ca8228f-858d-11e0-a76c-000743057ca2 / mod_pubcookie -- Empty
Authentication Security Advisory.
While the new one is likely not correct, this fixes the build until
somebody can put in the right thing. |
1.1_1
24 May 2011 05:55:10
|
delphij |
Fix build. |
1.1_1
23 May 2011 23:04:41
|
brooks |
Partially address several years of neglect of pubcookie. Indicate the
security issues in two two ports.
I've not use pubcookie in several year and given the lack of complaint
about the deprication of mod_pubcookie, I doubt anyone else uses it from
ports. The mod_pubcookie port has already expired and I've set a two
week expriation for pubcookie-login-server. If not maintainer
appears I will send both to the Attic on June 6th.
While I'm here, address the use of CONF_FILES and CONF_DIRS in
pubcookie-login-server to avoid getting in the way of progress. [0]
PR: ports/157164 [0]
Security: vuxml:115a1389-858e-11e0-a76c-000743057ca2
vuxml:1ca8228f-858d-11e0-a76c-000743057ca2 |
1.1_1
23 May 2011 22:22:44
|
ohauer |
- add entry for ViewVC < 1.1.11
- add entry for apr1 (CVE-2011-1928)
- correct version in previous apr1 entry
- run tidy |
1.1_1
23 May 2011 21:17:51
|
nox |
Update to 10.3r181.14 .
PR: ports/156996
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/d226626c-857f-11e0-95cc-001b2134ef46.html |
1.1_1
23 May 2011 10:58:03
|
mandree |
Document Opera Frameset unload code injection vulnerability. |
1.1_1
23 May 2011 09:58:16
|
delphij |
Document pure-ftpd multiple vulnerabilities prior to 1.0.32. |
1.1_1
14 May 2011 17:48:33
|
rea |
mail/exim: document CVE-2011-1764 and CVE-2011-1407
Both vulnerabilities are in the DKIM code and were fixed in 4.76.
Approved-by: erwin (mentor)
Feature-safe: yes |
1.1_1
13 May 2011 23:33:17
|
ohauer |
- document Apache APR DoS vulnerabilities |
1.1_1
13 May 2011 15:06:00
|
glarkin |
- Document www/zend-framework (potential SQL injection when using PDO_MySQL)
Security: http://framework.zend.com/security/advisory/ZF2011-02 |
1.1_1
12 May 2011 23:46:14
|
wxs |
Document mediawiki multiple vulnerabilities.
PR: ports/156914
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
1.1_1
12 May 2011 20:13:50
|
rene |
Document CVE-2011-1799 and CVE-2011-1800 for www/chromium |
1.1_1
12 May 2011 18:09:28
|
wxs |
Incorporate changes recommended by the tidy target. While here, properly
label dc9f8335-2b3b-11e0-a91b-00e0815b8da8. |
1.1_1
09 May 2011 13:11:11
|
sahil |
Document CVE-2011-1720: Postfix memory corruption error. |
1.1_1
30 Apr 2011 09:25:16
|
rene |
Document www/chromium vulnerabilities fixed in version 11.0.696.57
Security: CVE-2011-[1303-1305, 1434-1452, 1454-1456] |
1.1_1
29 Apr 2011 06:26:34
|
flo |
Document mozilla -- multiple vulnerabilities |
1.1_1
21 Apr 2011 22:41:45
|
flo |
- document recent asterisk vulnerabilities
- fix topic in RT entry |
1.1_1
17 Apr 2011 20:31:01
|
jsa |
Document VideoLAN-SA-1103. Heap corruption in MP4 demultiplexer in VLC. |
1.1_1
17 Apr 2011 18:32:15
|
nox |
Update to 10.2r159.1 .
Security:
http://www.freebsd.org/ports/portaudit/32b05547-6913-11e0-bdc4-001b2134ef46.html |
1.1_1
17 Apr 2011 10:59:05
|
flo |
Document multiple vulnerabilities in RT www/rt36 and www/rt38 |
1.1_1
14 Apr 2011 22:14:58
|
rene |
Document www/chromium vulnerabilities
Security: CVE-2011-1301, CVE-2011-1302 |
1.1_1
14 Apr 2011 21:08:30
|
simon |
Unbreak file format:
- Place <vuxml> tag at the start of the file.
- Close topic tags.
Pointy hat to: cy |
1.1_1
14 Apr 2011 19:51:41
|
cy |
Add the following for security/krb5:
MITKRB5-SA-2011-001 - kpropd denial of service
MITKRB5-SA-2011-002 - KDC denial of service attacks
MITKRB5-SA-2011-003 - KDC vulnerable to double-free when PKINIT enabled
MITKRB5-SA-2011-004 - kadmind invalid pointer free() |
1.1_1
14 Apr 2011 07:43:06
|
kwm |
Document a root exploit via rogue hostname in xrdb. |
1.1_1
13 Apr 2011 11:01:09
|
bapt |
Limit affected mupdf version to <0.8
Submitted by: tobez@ (irc) |
1.1_1
12 Apr 2011 17:52:28
|
skv |
Document "otrs" - several XSS attacks possible. |
1.1_1
12 Apr 2011 15:36:44
|
erwin |
Fix typo
Submitted by: Dan Langille <dan@langille.org> |
1.1_1
10 Apr 2011 21:39:37
|
wxs |
Document isc-dhcp41-client and isc-dhcp31-client vulnerabilities.
PR: ports/156246
Submitted by: Douglas Thrift <douglas@douglasthrift.net> |
1.1_1
09 Apr 2011 01:41:36
|
wxs |
Add CVE entry for recent tinyproxy vulnerability. |
1.1_1
08 Apr 2011 07:39:58
|
pav |
- tinyproxy |
1.1_1
01 Apr 2011 18:03:50
|
sem |
Document two quagga DoS vulnerabilities |
1.1_1
29 Mar 2011 13:50:13
|
kwm |
Add a missing </p>.
Pointed out by: jadawin@ |
1.1_1
29 Mar 2011 13:38:24
|
kwm |
Document gdm privilege escalation vulnerability |
1.1_1
26 Mar 2011 20:13:47
|
rene |
Document vulnerabilities before Chromium 10.0.648.204
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
1.1_1
25 Mar 2011 11:09:07
|
ale |
Add entries for php5-exif and php5-zip before 5.3.6 release.
PR: ports/155922
Submitted by: Chris Tandiono <christandiono@tbp.berkeley.edu> |
1.1_1
24 Mar 2011 18:40:35
|
nox |
Update to 10.2r153.
Security:
http://www.freebsd.org/ports/portaudit/501ee07a-5640-11e0-985a-001b2134ef46.html
PR: ports/155874
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1
24 Mar 2011 00:56:30
|
beat |
- Document mozilla -- update to HTTPS certificate blacklist |
1.1_1
19 Mar 2011 06:10:04
|
sahil |
Document CVE-2011-0411: Postfix "STARTTLS" Plaintext
Injection Vulnerability.
Reviewed by: miwi (secteam) |
1.1_1
17 Mar 2011 17:42:19
|
glarkin |
- Documented integer overflow in hiawatha web server
Submitted by: C-S <c-s@c-s.li> |
1.1_1
17 Mar 2011 00:03:10
|
delphij |
Document asterisk multiple vulnerabilities. |
1.1_1
14 Mar 2011 18:34:08
|
rene |
Mark chromium-9.0.597.107 and chromium-10.0.648.127 as vulnerable. |
1.1_1
14 Mar 2011 16:46:27
|
miwi |
- Cleanup a bit |
1.1_1
14 Mar 2011 16:25:12
|
miwi |
- Add correct infos to the avahi issus
- Add url to original advisory |
1.1_1
14 Mar 2011 16:14:06
|
kwm |
Fix date in avahi entry. |
1.1_1
14 Mar 2011 16:04:07
|
kwm |
Add avahi denial of services attack. |
1.1_1
10 Mar 2011 15:01:11
|
wxs |
Fix discovery for mailman XSS vulnerabilities.
Noticed by: erwin@
Pointyhat to: wxs@ |
1.1_1
10 Mar 2011 14:31:36
|
wxs |
Document mail/mailman XSS vulnerabilities. |
1.1_1
07 Mar 2011 21:31:26
|
decke |
- Document redmine -- XSS vulnerability |
1.1_1
05 Mar 2011 12:21:44
|
lev |
Document subversion -- remote HTTP DoS vulnerability
Obtained from http://subversion.apache.org/security/CVE-2011-0715-advisory.txt |
1.1_1
01 Mar 2011 23:05:08
|
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1
01 Mar 2011 18:15:40
|
rene |
Document Chromium versions 9.0.597.[84,94,107]
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
1.1_1
25 Feb 2011 18:39:16
|
delphij |
Add two OpenLDAP security by-pass vulnerabilities. |
1.1_1
25 Feb 2011 14:01:15
|
mandree |
Fix broken linux-sun-jdk vulndb entries.
VuXML: 18e5428f-ae7c-11d9-837d-000e0c2e438a
VuXML: c93e4d41-75c5-11dc-b903-0016179b2dd5
PR: ports/154918 |
1.1_1
23 Feb 2011 14:43:41
|
miwi |
- Cleanup previous entry |
1.1_1
22 Feb 2011 21:30:19
|
flo |
- add asterisk -- Exploitable Stack and Heap Array Overflows |
1.1_1
20 Feb 2011 05:04:28
|
delphij |
Document PivotX administrator password reset vulnerability. |
1.1_1
15 Feb 2011 08:18:21
|
miwi |
- Update lastest tomcat entry (tomcat6/7 have the same problem)
Note: Please ask for review at ports-security@ THX! |
1.1_1
15 Feb 2011 08:00:38
|
wen |
- Document tomcat vulnerability |
1.1_1
11 Feb 2011 22:23:48
|
delphij |
Document two phpMyAdmin vulnerabilities. |
1.1_1
11 Feb 2011 21:39:03
|
nox |
Update to 10.2r152.
PR: ports/154630
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/4a3482da-3624-11e0-b995-001b2134ef46.html
Feature safe: yes |
1.1_1
11 Feb 2011 19:59:48
|
delphij |
Document mupdf PDF handling remote code execution vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:51:21
|
delphij |
Document rubygem-mail Remote Arbitrary Shell Command Injection Vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:48:03
|
delphij |
Document plone remote security bypass vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:40:12
|
delphij |
Document exim local privilege escalasion vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:36:45
|
delphij |
Document OpenOffice multiple vulnerabilities.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
10 Feb 2011 16:44:00
|
miwi |
- Cleanup previous commit |
1.1_1
10 Feb 2011 10:41:58
|
kwm |
Document multiple webkit-gtk2 security vulnabilities, fixed in 1.2.7. |
1.1_1
10 Feb 2011 00:44:26
|
delphij |
Document awstat multiple vulnerability.
Notified by: Tim Zingelman <tez netbsd.org> |
1.1_1
10 Feb 2011 00:28:17
|
delphij |
Document Opera multiple vulnerabilities.
Notified by: Tim Zingelman <tez netbsd.org> |
1.1_1
09 Feb 2011 21:37:55
|
delphij |
Document multiple vulnerabilities in Django.
Notified by: Jesco Freund <jesco.freund my-universe.com> |
1.1_1
09 Feb 2011 05:36:33
|
miwi |
- S/seriuos/serious |
1.1_1
09 Feb 2011 05:23:00
|
miwi |
- Document mediawiki - multiple vulnerabilites |
1.1_1
09 Feb 2011 04:53:13
|
miwi |
- Add chinese/wordpress-zh_CN and chinese/wordpress-zh_TW to the previous
wordpress entry |
1.1_1
05 Feb 2011 04:37:18
|
miwi |
- While here drop MD5 Support
Feature safe: yes |
1.1_1
05 Feb 2011 04:36:36
|
miwi |
- Add entry for wordpress - SQL injection vulnerability
PR: 153526
Submitted by: Mark Foster <mark@foster.cc>
Feature safe: yes |
1.1_1
02 Feb 2011 23:51:54
|
miwi |
- Cleanup previous commit
Feature safe: yes |
1.1_1
02 Feb 2011 15:45:11
|
kwm |
Add vlc - Insufficient input validation in MKV demuxer vulnability.
Feature safe: yes |
1.1_1
31 Jan 2011 14:02:34
|
miwi |
- Cleanup previous Entry
Feature safe: yes |
1.1_1
31 Jan 2011 09:47:54
|
decke |
- Document maradns -- denial of service when resolving a long DNS hostname
Submitted by: n j <nino80 at gmail dot com>
Feature safe: yes |
1.1_1
29 Jan 2011 00:23:19
|
wxs |
Adjust range for ISC DHCPv6 server crash.
Feature safe: yes |
1.1_1
29 Jan 2011 00:15:09
|
wxs |
Document ISC DHCPv6 server crash.
Feature safe: yes |
1.1_1
25 Jan 2011 15:07:36
|
skv |
Document "bugzilla" - multiple seriuos vulnerabilities.
Feature safe: yes |
1.1_1
24 Jan 2011 23:00:51
|
delphij |
Add dokuwiki multiple ACL escalation vulnerabilities.
Feature safe: yes |
1.1_1
23 Jan 2011 23:29:30
|
simon |
Try to unbreak vuxml portaudit build by removing use of HTML entity.
UTF-8 chars should be used.
This is not a fix, just a hack to get it working for now.
Feature safe: yes (really) |
1.1_1
23 Jan 2011 13:41:34
|
rene |
Describe www/chromium vulnerabilities between 8.0.552.215 and 8.0.552.237
Obtained from: http://googlechromereleases.blogspot.com/
Feature safe: yes |
1.1_1
21 Jan 2011 01:23:43
|
flo |
asterisk-1.8.2.1 is still vulnerable due to a botched merge upstream.
Feature safe: yes |
1.1_1
19 Jan 2011 09:19:48
|
flo |
- fix asterisk16 version string
Approved by: fjoe (mentor)
Feature safe: yes |
1.1_1
19 Jan 2011 08:46:28
|
flo |
- Document Exploitable Stack Buffer Overflow in asterisk
Approved by: fjoe (mentor)
Feature safe: yes |
1.1_1
19 Jan 2011 02:26:50
|
wxs |
Document tarsnap cryptographic nonce reuse vulnerability.
Discussed with: cperciva@
Feature safe: yes |
1.1_1
18 Jan 2011 09:26:18
|
delphij |
Add entry for moinmoin XSS vulnerabilities.
PR: ports/153898
Submitted by: Ruslan Mahmatkhanov <cvs-src yandex ru>
Feature safe: yes |
1.1_1
18 Jan 2011 02:14:53
|
delphij |
Document tor remote code execution and crash vulnerability.
Submitted by: Janne Snabb <snabb epipe com>
Feature safe: yes |
1.1_1
13 Jan 2011 14:09:25
|
rea |
security/sudo: document privilege escalation, CVE-2011-0010
PR: 153939
Approved by: delphij (secteam), erwin (mentor)
Feature safe: yes |
As an Amazon Associate I earn from qualifying purchases.
