| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
30 Dec 2010 17:13:32
  |
kwm  |
Document webkit-gtk2 multiple vulnerabilities < 1.2.6.
Document some CVE's that didn't make it to release notes from older releases. |
1.1_1
29 Dec 2010 19:50:56
|
delphij |
Document django multiple vulnerabilities. |
1.1_1
28 Dec 2010 06:34:32
|
remko |
Add Drupal views plugin - Cross Site Scripting (XSS).
While here, improve previously added vuln entry by
following style a bit better.
PR: 153474
Submitted by: rea |
1.1_1
23 Dec 2010 14:12:21
|
decke |
- Document redmine -- multiple vulnerabilities |
1.1_1
22 Dec 2010 16:10:46
|
remko |
Add Tor remote crash and the possibility of remote code execution.
Submitted by: Janne Snabb <snabb at epipe dot com> |
1.1_1
16 Dec 2010 18:11:28
|
delphij |
Update to properly cover php52.
Noticed by: Chris St Denis <chris smartt com> |
1.1_1
15 Dec 2010 23:48:53
|
glarkin |
- Document JavaScript injection exploits in Yahoo UI (YUI) library |
1.1_1
13 Dec 2010 23:44:32
|
delphij |
Document PHP multiple vulnerabilities |
1.1_1
10 Dec 2010 11:48:31
|
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1
10 Dec 2010 01:02:04
|
stas |
- Document recent MIT krb5 checksum handling vulnerabilities. |
1.1_1
07 Dec 2010 18:02:47
|
rene |
Document the known vulnerabilities for www/chromium.
The [numbers] in the entry represent bug numbers which are clickable at
the referenced site, but most of them give a 403. |
1.1_1
04 Dec 2010 04:29:19
|
osa |
Document ProFTPD compromised source packages backdoor security issue. |
1.1_1
30 Nov 2010 03:00:12
|
sunpoet |
- Document phpMyAdmin XSS attack in database search |
1.1_1
24 Nov 2010 18:27:03
|
wxs |
Document net/isc-dhcp41-server DHCPv6 DoS. The update to the port is coming
shortly. |
1.1_1
24 Nov 2010 06:07:01
|
danfe |
Add entry for CVE-2010-4168: denial of service (server/client) via invalid
read in OpenTTD.
PR: ports/152529
Submitted by: kwm |
1.1_1
24 Nov 2010 04:54:24
|
danfe |
- Kill EOL whitespace and reformat to fit in standard terminal width better
- Clean up the way <p>...</p> tags are used throughout the file for consistency |
1.1_1
23 Nov 2010 19:02:12
|
thierry |
Add an entry for www/horde-base VCARD attachments XSS vulnerability.
Security: VuXML: a3314314-f731-11df-a757-0011098ad87f |
1.1_1
23 Nov 2010 17:42:24
|
simon |
Fix discovery date in last entry.
Pointy hat to: remko |
1.1_1
23 Nov 2010 16:38:51
|
remko |
Add proftpd remote root vulnerability.
Based on: Vladimir Nikolic <vladimir dot nikolic at amis dot net>
Feature proof: yes
With hat: secteam |
1.1_1
17 Nov 2010 11:09:34
|
dinoex |
- add security/openssl CVE-2010-3864 |
1.1_1
06 Nov 2010 17:55:52
|
nox |
- Update to 10.1r102 resp. 9.0r289.
- Drop MD5 hashes from distinfos
Security:
http://www.freebsd.org/ports/portaudit/76b597e4-e9c6-11df-9e10-001b2134ef46.html
Reported by: Matthias Apitz on -emulation |
1.1_1
06 Nov 2010 04:08:59
|
delphij |
Add wireshark CVE-2010-3445.
PR: ports/151891
Submitted by: Eygene Ryabinkin |
1.1_1
04 Nov 2010 01:50:23
|
sunpoet |
- Limit affected version of dovecot to 1.2.* before 1.2.8
(vid: 30211c45-e52a-11de-b5cd-00e0815b8da8)
Reported by: Adam McDougall <mcdouga9@egr.msu.edu>
Reference:
http://www.dovecot.org/list/dovecot-news/2009-November/000143.html |
1.1_1
03 Nov 2010 20:29:56
|
wxs |
Document mailman XSS.
PR: ports/151918
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> |
1.1_1
03 Nov 2010 15:45:50
|
skv |
Document "otrs" - multiple XSS and denial of service vulnerabilities. |
1.1_1
28 Oct 2010 09:17:23
|
beat |
- Document mozilla -- Heap buffer overflow mixing document.write and DOM
insertion |
1.1_1
26 Oct 2010 16:46:27
|
dinoex |
- www/opera
PR: 151471
Submitted by: Arjan van Leeuwen |
1.1_1
25 Oct 2010 16:03:49
|
sunpoet |
- Add bzip2 integer overflow vulnerability
Approved by: pgollucci (mentor, implicit) |
1.1_1
25 Oct 2010 14:58:41
|
wxs |
Add the missing FreeBSD SA entries. We used to add these but stopped a while
back. This should catch us up.
According to cperciva@ the reason we stopped was that it was causing a lot of
false positives. I ran portaudit with these changes and did not see any false
positives but if it turns out to be too noisy I will remove them.
Submitted by: Christopher J. Umina (private mail)
Approved by: cperciva@ |
1.1_1
24 Oct 2010 17:08:03
|
rene |
Add monotone denial of service.
Security: http://www.monotone.ca/NEWS |
1.1_1
20 Oct 2010 21:13:40
|
pgollucci |
- Add devel/apr0 to list of packages that is affect. |
1.1_1
20 Oct 2010 15:12:52
|
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1
20 Oct 2010 12:42:51
|
kwm |
Add multiple vulnabilities in webkit-gtk2. |
1.1_1
06 Oct 2010 05:44:01
|
pgollucci |
- set modified date |
1.1_1
06 Oct 2010 05:41:27
|
pgollucci |
- these 2 urls are covered by the <cvename/> tags
Suggested by: stas |
1.1_1
06 Oct 2010 05:36:56
|
pgollucci |
- Fix a minor typo
Reported by: stas |
1.1_1
06 Oct 2010 05:29:50
|
pgollucci |
Document devel/apr1's apr-util vunerabilities
Security: http://secunia.com/advisories/41701
Reviewed by: secteam (cperciva) via irc |
1.1_1
02 Oct 2010 11:16:58
|
niels |
Documented phpMyFaq XSS vulnerability
PR: ports/151055
Submitted by: Florian Smeets <flo@smeets.im>
Approved by: itetcu (mentor, implicit)
Security: http://www.phpmyfaq.de/advisory_2010-09-28.php |
1.1_1
28 Sep 2010 18:04:46
|
thierry |
Report an XSS vulnerability in ftp/horde-gollem. |
1.1_1
28 Sep 2010 17:48:19
|
thierry |
Report a XSS vulnerability in mail/horde-dimp. |
1.1_1
28 Sep 2010 17:30:10
|
thierry |
Report a XSS vulnerability in mail/horde-imp. |
1.1_1
28 Sep 2010 17:09:35
|
thierry |
Report 2 vulnerabilities in www/horde-base. |
1.1_1
26 Sep 2010 13:32:10
|
niels |
Documented remote code execution vulnerability in OpenX
PR: ports/150610
Approved by: itetcu (mentor, implicit)
Security: ttp://blog.openx.org/09/security-update/ |
1.1_1
24 Sep 2010 20:24:37
|
niels |
Documented squid denial of service vulnerability
PR: ports/150364
Submitted by: Thomas-Martin Seck <tmseck@web.de>
Approved by: itetcu (mentor, implicit)
Security: CVE-2010-3072
Security: http://www.squid-cache.org/Advisories/SQUID-2010_3.txt |
1.1_1
22 Sep 2010 17:45:56
|
nox |
Update to 10.1r85 resp. 9.0r283 [1].
Security:
http://www.freebsd.org/ports/portaudit/8a34d9e6-c662-11df-b2e1-001b2134ef46.html
PR: ports/150832 [2]
Submitted by: pointyhat via pav [1], Tsurutani Naoki
<turutani@scphys.kyoto-u.ac.jp> [2] |
1.1_1
17 Sep 2010 20:07:07
|
delphij |
Correct discovery date, my bad :( |
1.1_1
17 Sep 2010 19:31:59
|
delphij |
Document django XSS vulnerability. |
1.1_1
15 Sep 2010 15:37:24
|
decke |
- Add libxul as affected package to the latest mozilla entry
Approved by: beat (co-mentor) |
1.1_1
10 Sep 2010 13:41:57
|
jadawin |
- Fix CVE name for webkit-gtk2 |
1.1_1
10 Sep 2010 13:03:20
|
kwm |
Document webkit-gtk2 - multiple vulnerabilities.
Also add 1 extra CVE to the previous webkit-gtk2 entry that was fixed but
didn't make it to the release notes. |
1.1_1
09 Sep 2010 03:13:09
|
shaun |
Belatedly (and perhaps pointlessly) document [1]:
vim6 -- heap-based overflow while parsing shell metacharacters
While here, prepare this old port for termination with DEPRECATED.
PR: ports/129300 [1]
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> [1] |
1.1_1
08 Sep 2010 06:51:06
|
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1
07 Sep 2010 18:11:49
|
wxs |
Document sudo Runas group vulnerability. |
1.1_1
04 Sep 2010 16:20:33
|
bapt |
- wget 1.12_1 is also concerned |
1.1_1
03 Sep 2010 13:57:14
|
bapt |
- Add wget entry CVE-2010-2252
- Add lftp entry CVE-2010-2251 |
1.1_1
31 Aug 2010 14:53:00
|
jadawin |
- Document p5-libwww vulnerability (remote servers can create .(dot) files) |
1.1_1
25 Aug 2010 07:49:08
|
niels |
Documented quagga vulnerabilities (stack overflow, DoS)
Approved by: itetcu (mentor,implicit)
Security: http://www.openwall.com/lists/oss-security/2010/08/24/3
Security: http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100 |
1.1_1
24 Aug 2010 16:26:54
|
skv |
Document "bugzilla" - information disclosure, denial of service. |
1.1_1
23 Aug 2010 07:12:57
|
lwhsu |
- Fix version range of phpMyAdmin
Submitted by: Marko Njezic <mr.max AT maxempire.com> |
1.1_1
22 Aug 2010 17:19:50
|
danfe |
Adjust the version range in previous entry: 1.0.1 is also vulnerable, and
fix minor whitespace nit while here. |
1.1_1
22 Aug 2010 12:30:07
|
kwm |
Add entry for OpenTTD denial of server vulnability.
Reviewed by: danfe@ (OpenTTD maintainer) |
1.1_1
21 Aug 2010 21:30:32
|
niels |
- Added corkscrew: overflow condition due to insecure sscanf usage
- Fixed SLiM title: /SLiM/slim/
Approved by: itetcu (mentor, implicit)
Security: http://people.freebsd.org/~niels/issues/corkscrew-20100821.txt |
1.1_1
21 Aug 2010 12:42:18
|
lwhsu |
- Add phpMyAdmin's CVE-2010-3056 entry |
1.1_1
20 Aug 2010 23:34:13
|
stas |
- Fix date of the latest ruby entry. |
1.1_1
20 Aug 2010 21:00:34
|
niels |
Added CVE to SLiM vulnerability
Approved by: itetcu (mentor, implicit)
Security: CVE-2010-2945 |
1.1_1
19 Aug 2010 21:11:53
|
niels |
- Document SLiM insecure PATH assignment issue
- Removed space from vlc title
Approved by: itetcu (implicit, mentor)
Security: http://seclists.org/oss-sec/2010/q3/198 |
1.1_1
18 Aug 2010 06:36:26
|
stas |
- Document recent WEBrick XSS vulnerability in ruby. |
1.1_1
17 Aug 2010 12:50:38
|
bapt |
- Add security/isolate entry
PR: ports/148911
Submitted by: Steve Wills <steve _at_ mouf.net> (maintainer)
Approved by: tabthorpe (mentor) |
1.1_1
15 Aug 2010 17:10:53
|
shaun |
Fix krb5 entry (86b8b655-4d1a-11df-83fb-0015587e2cc1) version range
mark-up.
Submitted by: Peggy Wilkins via freebsd-ports |
1.1_1
14 Aug 2010 22:43:51
|
gabor |
- Fix last entry by adding the forgotten package name.
(Hint: always run make validate before committing to this file)
Forgotten by: jsa, kwm |
1.1_1
14 Aug 2010 20:51:52
|
jsa |
Document VLC CVE-2010-2937.
Approved by: kwm (mentor) |
1.1_1
13 Aug 2010 20:15:54
|
nox |
Update to 10.1r82 resp. 9.0r280.
Security:
http://www.freebsd.org/ports/portaudit/e19e74a4-a712-11df-b234-001b2134ef46.html |
1.1_1
13 Aug 2010 15:23:18
|
shaun |
Document opera -- multiple vulnerabilities. |
1.1_1
09 Aug 2010 09:10:12
|
beat |
- Belatedly document firefox -- Dangling pointer crash regression from plugin
parameter array fix
Approved by: miwi |
1.1_1
04 Aug 2010 14:47:39
|
wxs |
Whitespace fixes. |
1.1_1
04 Aug 2010 09:32:27
|
lwhsu |
- Fix Piwik entry's <name> tag
Pointed out by: jadawin |
1.1_1
04 Aug 2010 09:18:12
|
lwhsu |
- Add Piwik CVE-2010-2786 entry |
1.1_1
31 Jul 2010 12:00:24
|
kuriyama |
Previous vuln affects only apache-2.2.x |
1.1_1
29 Jul 2010 23:03:53
|
gabor |
- Document libmspack and cabextract vulnerability |
1.1_1
26 Jul 2010 01:42:21
|
kuriyama |
Add entry for apache. |
1.1_1
23 Jul 2010 00:37:11
|
wxs |
Document buffer overflow when parsing gitdir.
While here, tidy up a whitespace problem. |
1.1_1
21 Jul 2010 22:25:34
|
glarkin |
- Document www/codeigniter file upload class vulnerability
Approved by: secteam (timeout - 1 week)
Security: http://codeigniter.com/news/codeigniter_1.7.2_security_patch/ |
1.1_1
21 Jul 2010 12:46:17
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: remko |
1.1_1
19 Jul 2010 00:07:23
|
kwm |
Add vte as package name, instead of empty. |
1.1_1
18 Jul 2010 23:28:32
|
kwm |
Document vte title set+query attack vulnerability.
While here add the CVE numbers to the webkit-gtk2 entry I forgot in the
previous commit.
PR: ports/148678
Submitted by: Janne Snabb <snabb@epipe.com> |
1.1_1
18 Jul 2010 22:44:05
|
kwm |
Document webkit-gtk2 vulnerabilities.
Security: http://blog.kov.eti.br/?p=116 |
1.1_1
10 Jul 2010 08:34:16
|
decke |
- Document redmine vulnerabilities
Approved by: miwi (secteam)
Security: http://www.redmine.org/news/41 |
1.1_1
07 Jul 2010 09:13:02
|
nemoliu |
- Update to 3.1.1
- VuXML entry for PNG decoder security vulnerability
- License information
PR: ports/147871
Approved by: Pavel Pankov <pankov_p@mail.ru> (maintainer)
Feature safe: yes |
1.1_1
06 Jul 2010 21:39:10
|
delphij |
Add bogofilter heap underrun on malformed base64 input.
Submitted by: mandree
PR: ports/148408
Feature safe: yes |
1.1_1
06 Jul 2010 04:38:12
|
miwi |
- Cleanup a bit
Feature safe: yes |
1.1_1
05 Jul 2010 15:41:27
|
skv |
Document "bugzilla" - information disclosure.
Feature safe: yes |
1.1_1
30 Jun 2010 21:00:07
|
makc |
Document multiple vulnerabilities in irc/kvirc*
Approved by: remko@
Feature safe: yes |
1.1_1
28 Jun 2010 17:38:13
|
delphij |
Add bid reference for libpng entry.
Feature safe: yes |
1.1_1
28 Jun 2010 16:18:53
|
dinoex |
- graphics/png CVE-2010-1205
Feature safe: yes |
1.1_1
28 Jun 2010 00:46:12
|
wen |
- Document moodle -- multiple vulnerabilities
Reviewed by: delphij@, miwi@
Feature safe: yes |
1.1_1
27 Jun 2010 21:14:28
|
rene |
Document mDNSResponder -- corrupted stack crash when parsing bad resolv.conf
This only happens on a system where one has a system where
resolv.conf is writable by an untrusted user or where mdnsd is setuid
and can be tricked into opening an alternate resolv.conf.
PR: ports/147007
Submitted by: jmallett@
Approved by: tabthorpe (mentor)
Feature safe: yes |
1.1_1
25 Jun 2010 23:29:50
|
shaun |
Document opera -- Data URIs can be used to allow cross-site scripting.
Assume opera-devel is vulnerable too, although snapshots aren't
mentioned in the advisory, and it's months out of date.
Feature safe: yes |
1.1_1
24 Jun 2010 12:54:49
|
niels |
- Cancelled movemail symlink vulnerability (doesnt affect our ports)
- Added entry for multiple vulnerabilities in cacti 0.8.7f
- Updated ziproxy entry to satisfy "make tidy"
Approved by: itetcu (mentor, implicit)
Feature safe: yes |
1.1_1
23 Jun 2010 18:01:10
|
beat |
- Document mozilla -- multiple vulnerabilities
Feature safe: yes
Approved by: delphij |
1.1_1
18 Jun 2010 00:38:36
|
delphij |
vuln 4e8344a3-ca52-11de-8ee8-00215c6a37bb has been fixed with
php4-gd-4.4.9_4.
Requested by: Michael Gmelin <mg bindone de> |
As an Amazon Associate I earn from qualifying purchases.
