| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_6
16 Dec 2024 19:20:40
     |
Fernando Apesteguía (fernape) 
Author: John Hein |
security/vuxml: Fix range for thunderbird vulnerability
PR: 283357
Reported by: John Hein <jcfyecrayz@liamekaens.com> |
1.1_6
16 Dec 2024 19:15:22
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 7.0.5 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v7.0.5
This release fixes the following potential DoS vulnerability:
- Large QUIC packets can cause Zeek to overflow memory and potentially
crash. Due to the possibility of receiving these packets from
remote hosts, this is a DoS risk.
Reported by: Tim Wojtulewicz |
1.1_6
15 Dec 2024 11:36:17
|
Yuri Victorovich (yuri)
Author: Älven |
textproc/halibut: update 1.2 → 1.3
PR: 282213 |
1.1_6
12 Dec 2024 05:39:59
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
11 Dec 2024 14:07:36
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 131.0.6778.139
Obtained
from: https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html
Obtained
from: https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html |
1.1_6
10 Dec 2024 19:10:23
|
Fernando Apesteguía (fernape) |
security/vuxml: Add mozilla vulnerabilities
* CVE-2024-11692
* CVE-2024-11696
* CVE-2024-11697
* CVE-2024-11699 |
1.1_6
07 Dec 2024 15:59:31
|
Jason E. Hale (jhale) |
security/vuxml: Add www/qt6-webengine < 6.7.3_3 |
1.1_6
06 Dec 2024 16:56:56
|
Jason E. Hale (jhale) |
security/vuxml: Document gstreamer1-plugins* < 1.24.10 |
1.1_6
02 Dec 2024 20:04:55
|
Fernando Apesteguía (fernape) |
security/vuxml: Add zabbix-frontend vulnerability
* Base Score: 9.9 CRITICAL
* Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
1.1_6
02 Dec 2024 19:40:36
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron33 inappropriate implementation in extensions
Obtained from: https://github.com/electron/electron/releases/tag/v33.2.1 |
1.1_6
29 Nov 2024 03:15:03
|
Li-Wen Hsu (lwhsu) |
security/vuxml: security/vuxml: Document Jenkins Security Advisory 2024-11-27
Sponsored by: The FreeBSD Foundation |
1.1_6
27 Nov 2024 11:57:29
|
Robert Clausecker (fuz)
Author: Matthias Wolf |
net/keycloak: document multiple vulnerabilities
Security: CVE-2024-9666 CVE-2024-10039 CVE-2024-10270
Security: CVE-2024-10451 CVE-2024-10492
PR: 282983 |
1.1_6
27 Nov 2024 05:39:27
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
25 Nov 2024 08:48:30
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 131.0.6778.85
Obtained
from: https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html |
1.1_6
23 Nov 2024 15:57:43
|
Jason E. Hale (jhale) |
security/vuxml: Add www/qt6-webengine < 6.7.3_2 |
1.1_6
23 Nov 2024 05:40:00
|
Jason E. Hale (jhale) |
security/vuxml: Add www/qt5-webengine < 5.15.18p5 |
1.1_6
19 Nov 2024 18:57:57
|
Kurt Jaeger (pi) |
security/vuxml: Add x11-servers/xorg-server, x11-servers/xwayland
PR: 282415 |
1.1_6
19 Nov 2024 16:28:53
|
Michael Reifenberger (mr) |
security/vuxml: Add vaultwarden
Vaultwarden -- Multiple vulnerabilities
PR: 282795
Reported by: Bernard Spil |
1.1_6
18 Nov 2024 16:16:23
|
Fernando Apesteguía (fernape) |
security/vuxml: Add mongodb vulnerability
Buffer over-read. |
1.1_6
16 Nov 2024 12:22:32
|
Bernard Spil (brnrd) |
security/vuxml: Document vaultwarden vulnerabilities |
1.1_6
16 Nov 2024 08:14:28
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron32 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v32.2.5 |
1.1_6
16 Nov 2024 07:34:26
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 131.0.6778.69
Obtained
from: https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html |
1.1_6
15 Nov 2024 17:28:01
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron31 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v31.7.5 |
1.1_6
14 Nov 2024 16:29:07
|
Palle Girgensohn (girgen) |
security/vuxml: Add CVEs for PostreSQL |
1.1_6
14 Nov 2024 09:22:31
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron31 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v31.7.4 |
1.1_6
14 Nov 2024 05:03:07
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
13 Nov 2024 04:21:13
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SAs issued on 2024-10-29
FreeBSD-SA-24:17.bhyve affects all supported versions of FreeBSD
FreeBSD-SA-24:18.ctl affects all supported versions of FreeBSD
FreeBSD-SA-24:19.fetch affects all supported versions of FreeBSD |
1.1_6
12 Nov 2024 22:20:17
|
Ashish SHUKLA (ashish) |
security/vuxml: Document element-web vulnerabilities
Security: CVE-2024-51749
Security: CVE-2024-51750 |
1.1_6
12 Nov 2024 22:20:16
|
Ashish SHUKLA (ashish) |
security/vuxml: Document matrix-js-sdk vulnerability
Security: CVE-2024-50336 |
1.1_6
12 Nov 2024 20:41:13
|
Florian Smeets (flo) |
security/vuxml: Document icinga2 vulnerability |
1.1_6
12 Nov 2024 19:50:39
|
Joseph Mingrone (jrm) |
security/vuxml: Document new Intel CPU vulnerabilities
Intel has disclosed new CPU vulnerabilities in the release notes for
microcode-20241112. This release also includes updates to previous
microcode updates for CVE-2024-24968 and CVE-2024-23984.
Reference: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20241112
Security: CVE-2024-21820
Security: CVE-2024-21853
Security: CVE-2024-23918
Security: CVE-2024-23984 (updated microcode)
Security: CVE-2024-24968 (updated microcode)
Sponsored by: The FreeBSD Foundation |
1.1_6
08 Nov 2024 17:49:55
|
Dirk Meyer (dinoex) |
security/vuxml: add CVE-2018-10195, CVE-2020-29074 |
1.1_6
08 Nov 2024 14:04:20
|
Renato Botelho (garga)
Author: Älven |
security/vuxml: Document tnef vulnerabilities
PR: 282228 |
1.1_6
08 Nov 2024 11:24:02
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron32 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v32.2.3 |
1.1_6
08 Nov 2024 01:22:51
|
Jason E. Hale (jhale) |
security/vuxml: Document gstreamer1-rtsp-server
Only affected if assertions are enabled, which we don't do by default. |
1.1_6
06 Nov 2024 12:03:21
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 130.0.6723.116
Obtained
from: https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html |
1.1_6
04 Nov 2024 19:01:32
|
Vladimir Druzenko (vvd)
Author: Älven |
security/vuxml: Add record for devel/libqb < 2.0.8 CVE-2023-39976
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long
log messages because the header size is not considered.
https://nvd.nist.gov/vuln/detail/CVE-2023-39976
PR: 282536 |
1.1_6
02 Nov 2024 08:14:11
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 130.0.6723.91
Obtained
from: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html |
1.1_6
01 Nov 2024 00:41:09
|
Jason E. Hale (jhale) |
security/vuxml: Add www/qt5-webengine < 5.15.18p2
Fix indentation issues caught by `make validate` for previous entry. |
1.1_6
31 Oct 2024 10:50:31
|
Vladimir Druzenko (vvd)
Author: Matthias Wolf |
security/vuxml: Add record for net/keycloak < 26.0.4 CVE-2021-44549
PR: 282419 |
1.1_6
30 Oct 2024 18:47:01
|
Vladimir Druzenko (vvd)
Author: Martin Filla |
security/vuxml: www/librewolf < 131.0.3 CVE-2024-9936
PR: 282423 |
1.1_6
29 Oct 2024 15:37:50
|
Vladimir Druzenko (vvd)
Author: Älven |
security/vuxml: Add record for devel/hwloc2 < 2.9.2 CVE-2022-47022
PR: 282215 |
1.1_6
29 Oct 2024 15:24:02
|
Vladimir Druzenko (vvd)
Author: Stefan Bethke |
security/vuxml: add record for www/forgejo < 9.0.1 and www/forgejo7 < 7.0.10
https://codeberg.org/forgejo/forgejo/milestone/8544
https://codeberg.org/forgejo/forgejo/pulls/5719
https://codeberg.org/forgejo/forgejo/pulls/5718
PR: 282387 |
1.1_6
26 Oct 2024 13:12:25
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 130.0.6723.{58,69}
Obtained
from: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html
Obtained from:
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html |
1.1_6
24 Oct 2024 11:51:36
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron31 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v31.7.2 |
1.1_6
24 Oct 2024 04:45:07
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
23 Oct 2024 20:33:44
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron32 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v32.2.2 |
1.1_6
21 Oct 2024 09:36:03
|
Robert Clausecker (fuz) |
security/vuxml: document www/oauth2-proxy vulnerabilities
Reported by: Matthias Wolf <freebsd@rheinwolf.de>
PR: 282004 |
1.1_6
19 Oct 2024 15:52:43
|
Bernard Spil (brnrd) |
security/vuxml: OpenSSL 3.4 not affected by CVE-2024-9143 |
1.1_6
19 Oct 2024 15:06:24
|
Bernard Spil (brnrd) |
security/vuxml: Fix and add OpenSSL versions |
1.1_6
19 Oct 2024 14:57:57
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL low vulnerability |
1.1_6
18 Oct 2024 08:35:16
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron{31,32} multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v31.7.1,
https://github.com/electron/electron/releases/tag/v32.2.1 |
1.1_6
15 Oct 2024 15:03:24
|
Ashish SHUKLA (ashish) |
security/vuxml: Document element-web vulnerability |
1.1_6
11 Oct 2024 08:13:00
|
Hiroki Tagato (tagattie) |
security/vuxml: document VSCode remote code execution vulnerability
Obtained from: https://github.com/microsoft/vscode/issues/230824 |
1.1_6
10 Oct 2024 17:59:22
|
Fernando Apesteguía (fernape) |
security/vuxml: Fix typo in firefox entry
Reported by: jbeich@ |
1.1_6
10 Oct 2024 17:33:23
|
Fernando Apesteguía (fernape) |
security/vuxml: Add firefox{-esr} use-after-free code execution
CVE-2024-9680 |
1.1_6
10 Oct 2024 02:46:53
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
09 Oct 2024 22:08:03
|
Vladimir Druzenko (vvd)
Author: Stefan Bethke |
security/vuxml: Add record for www/gitea: Fix bug when a token is given public
only
PR: 281949 |
1.1_6
09 Oct 2024 20:26:44
|
Vladimir Druzenko (vvd)
Author: Ralf van der Enden |
security/vuxml: Add record about CVE-2024-25590 in dns/powerdns-recursor
PowerDNS Recursor Security Advisory 2024-04:
https://blog.powerdns.com/2024/10/03/powerdns-recursor-4-9-9-5-0-9-5-1-2-released
PR: 281914 |
1.1_6
09 Oct 2024 17:46:50
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 129.0.6668.{89,100}
Obtained
from: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html
Obtained
from: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html |
1.1_6
09 Oct 2024 15:35:07
|
Fernando Apesteguía (fernape) |
security/vuxml: Fix Thunderbird version
PR: 281960
Reported by: John Hein <jcfyecrayz@liamekaens.com>
Fixes: 86d1aa3caa24c97cdc63962d13fef16be12c84b7 |
1.1_6
06 Oct 2024 16:16:19
|
Robert Clausecker (fuz) |
security/vuxml: document unbound vulnerability
PR: 281894
Security: CVE-2024-8508
Security: 2368755b-83f6-11ef-8d2e-a04a5edf46d9 |
1.1_6
05 Oct 2024 01:31:38
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 7.0.3 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v7.0.3
This release fixes the following potential DoS vulnerability:
- Adding to the POP3 hardening in 7.0.2, the parser now simply
discards too many pending commands, rather than any attempting
to process them. Further, invalid server responses do not result
in command completion anymore. Processing out-of-order commands
or finishing commands based on invalid server responses could
result in inconsistent analyzer state, potentially triggering
null pointer references for crafted traffic.
Reported by: Tim Wojtulewicz |
1.1_6
04 Oct 2024 17:00:42
|
Fernando Apesteguía (fernape) |
security/vuxml: Fix name tag for textproc/expat2
Reported by: Adam McDougall <mcdouga9@egr.msu.edu>
Fixes: 47955717fc53 |
1.1_6
03 Oct 2024 11:18:17
|
Fernando Apesteguía (fernape) |
security/vuxml: Add firefox{-esr}, thunderbird vulnerabilities
CVE-2024-9392
CVE-2024-9396
CVE-2024-9400
CVE-2024-9401
CVE-2024-9402
CVE-2024-9403 |
1.1_6
03 Oct 2024 08:45:35
|
Yasuhiro Kimura (yasu) |
security/vuxml: Update range of redis in 8b20f21a-8113-11ef-b988-08002784c58d
In 2024Q3 branch databases/redis still stays in 7.2.x.
Fixes: e44e4021e418 |
1.1_6
03 Oct 2024 08:25:00
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2024-10-02
Sponsored by: The FreeBSD Foundation |
1.1_6
02 Oct 2024 23:56:04
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple valnerabilities in Redis and Valkey |
1.1_6
02 Oct 2024 21:28:47
|
Torsten Zuehlsdorff (tz) |
security/vuxml: Document PHP vulnerabilities
There were 4 vulnerabilities found and fixed in PHP.
PR: 281770
Reported by: FiLis <freebsdbugs@filis.org> |
1.1_6
02 Oct 2024 09:28:09
|
Tijl Coosemans (tijl) |
security/vuxml: Update cups-filters entry |
1.1_6
30 Sep 2024 19:27:57
|
Mateusz Piotrowski (0mp) |
security/vuxml: Add CVE-2022-45197 |
1.1_6
30 Sep 2024 15:27:39
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 129.0.6668.70
Obtained
from: https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html |
1.1_6
30 Sep 2024 06:42:19
|
Fernando Apesteguía (fernape) |
security/vuxml: Fix typos
Add linux-*-sqlite3 to last entry.
s/mozilla/firefox in an older entry
Reported by: Edward Sanford Sutton, III (mirror176@hotmail.com) |
1.1_6
29 Sep 2024 17:11:10
|
Fernando Apesteguía (fernape) |
security/vuxml: Add sqlite use after free vulnerability
CVE-2024-0232
* Base Score: 5.5 MEDIUM
* Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.1_6
27 Sep 2024 15:15:19
|
Tijl Coosemans (tijl) |
security/vuxml: Add cups-browsed RCE |
1.1_6
27 Sep 2024 08:42:19
|
Fernando Apesteguía (fernape) |
security/vuxml: Add textproc/expat2 vulnerabilities
CVE-2024-45490
CVE-2024-45491
CVE-2024-45492
PR: 281738
Reported by: FiLiS <freebsdbugs@filis.org> |
1.1_6
26 Sep 2024 04:30:21
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
24 Sep 2024 15:52:08
|
Olivier Cochard (olivier) |
security/vuxml: document frr vulnerabilities |
1.1_6
24 Sep 2024 06:03:35
|
Craig Leres (leres) |
security/vuxml: Update zeek range for 6.X
Really, it was silly of me to add the <ge> range since there were
no commited 6.X versions that were not vulnerable to the new issue. |
1.1_6
24 Sep 2024 05:44:35
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 7.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v7.0.2
This release fixes the following potential DoS vulnerability:
- The POP3 parser has been hardened to avoid unbounded state growth
in the face of one-sided traffic capture or when enabled for
non-POP3 traffic.
Reported by: Tim Wojtulewicz |
1.1_6
20 Sep 2024 06:48:05
|
Philip Paeps (philip) |
security/vuxml: belatedly add FreeBSD SAs issued on 2024-08-07
FreeBSD-SA-24:05.pf affects all supported versions of FreeBSD
FreeBSD-SA-24:06.ktrace affects all supported versions of FreeBSD
FreeBSD-SA-24:07.nfsclient affects all supported versions of FreeBSD |
1.1_6
20 Sep 2024 06:48:04
|
Philip Paeps (philip) |
security/vuxml: complete FreeBSD reference for CVE-2024-7589
FreeBSD-SA-24:08.openssh was issued on 2024-08-07 to address
CVE-2024-7589. All supported versions of FreeBSD were affected.
While here, correct minor markup nits in the vuxml entry. |
1.1_6
20 Sep 2024 06:48:04
|
Philip Paeps (philip) |
security/vuxml: reference FreeBSD-SA-24:04.openssh in CVE-2024-6387
All supported versions of FreeBSD were affected by CVE-2024-6387,
announced on 2024-07-01. Reference FreeBSD-SA-24:04.openssh in the
vuxml entry. |
1.1_6
20 Sep 2024 06:13:37
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SAs issued on 2024-09-19
FreeBSD-SA-24:15.bhyve affects all supported versions of FreeBSD
FreeBSD-SA-24:16.libnv affects all supported versions of FreeBSD |
1.1_6
18 Sep 2024 07:01:07
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerability |
1.1_6
17 Sep 2024 13:44:49
|
Alan Somers (asomers) |
security/vuxml: correct vulnerable package range for nginx
14dc2636e72c396459a6559868033910ee8a4532 added a new vuxml entry, but
forgot to account for PORTEPOCH.
PR: 281250
Approved by: maintainer timeout
Security: CVE-2024-7347 |
1.1_6
17 Sep 2024 12:03:42
|
Mateusz Piotrowski (0mp) |
security/vuxml: Document OpenSSH's CVE-2024-7589
Sponsored by: Klara, Inc. |
1.1_6
16 Sep 2024 21:25:50
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple mXSS vulnerabilities in SnappyMail |
1.1_6
15 Sep 2024 17:59:00
|
Fernando Apesteguía (fernape) |
security/vuxml: Fix entry
Correct number of recorded CVEs.
Fixes: 019e45d60224 |
1.1_6
13 Sep 2024 07:11:15
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 128.0.6613.137
Obtained
from: https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html |
1.1_6
12 Sep 2024 16:27:58
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
10 Sep 2024 18:49:21
|
Joseph Mingrone (jrm) |
security/vuxml: Document Intel CPU vulnerabilities
Security: CVE-2024-23984
Security: CVE-2024-24968
Sponsored by: The FreeBSD Foundation |
1.1_6
10 Sep 2024 03:57:15
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in ClamAV |
1.1_6
09 Sep 2024 14:17:13
|
Joe Marcus Clarke (marcus) |
security/vuxml: Document recent netatalk3 CVEs |
1.1_6
08 Sep 2024 16:11:31
|
Fernando Apesteguía (fernape)
Author: Tom Hukins |
security/vuxml: add minio vulnerabilities
PR: 281362
Reported by: tom@eborcom.com |
1.1_6
07 Sep 2024 14:12:07
|
Fernando Apesteguía (fernape) |
security/vuxml: Fix firefox version
Reported by: bapt@ |
1.1_6
07 Sep 2024 13:49:19
|
Fernando Apesteguía (fernape) |
security/vuxml: Record firefox vulnerability
CVE-2024-7652 |
1.1_6
07 Sep 2024 13:43:04
|
Fernando Apesteguía (fernape) |
security/vuxml: Fix topic
Reported by: jhaley@
Fixes: 05d4a95e7f58 |
1.1_6
07 Sep 2024 11:44:49
|
Baptiste Daroussin (bapt) |
security/vuxml: really fix versionning for firefox
in 8a5936ed301ec363fd7e80762e74bacf0d69fd05 I added the missing
portepoch except I added the wrong one, portepoch is at 2, not at 1
Reported by: Piotr Smyrak <piotr@smyrak.com> |
1.1_6
07 Sep 2024 09:29:09
|
Jason E. Hale (jhale) |
security/vuxml: Add exiv2 >= 0.28.0 and < 0.28.3 |
As an Amazon Associate I earn from qualifying purchases.
