Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 28 Sep 2022 16:00:59 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerabilities for Matrix clients |
1.1_5 27 Sep 2022 19:43:48 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 106.0.5249.61
Obtained
from: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html |
1.1_5 27 Sep 2022 04:17:13 |
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in expat < 2.4.9
Rhodri James discovered a heap use-after-free vulnerability in the
doContent function in Expat, an XML parsing C library, which could
result in denial of service or potentially the execution of arbitrary
code, if a malformed XML file is processed.
https://www.debian.org/security/2022/dsa-5236
https://nvd.nist.gov/vuln/detail/CVE-2022-40674
Security: CVE-2022-40674 |
1.1_5 26 Sep 2022 10:17:05 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document exposure of sensitive information in cache manager of
squid |
1.1_5 22 Sep 2022 07:32:04 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document potential remote code execution vulnerability in redis |
1.1_5 21 Sep 2022 14:25:34 |
Nuno Teixeira (eduardo) Author: Boris Korzun |
security/vuxml: Document Grafana vulnerabilies
PR: 266530 |
1.1_5 19 Sep 2022 23:50:54 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.2
The potential DoS vulnerabilities include:
- Fix a possible overflow and crash in the ICMP analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the IRC analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the SMB analyzer when
receiving a specially crafted packet
- Fix two possible crashes when converting IP headers for output
via the raw_packet event
Reported by: Tim Wojtulewicz |
1.1_5 16 Sep 2022 20:57:40 |
Romain Tartière (romain) |
security/vuxml: Document vulnerability in PuppetDB |
1.1_5 14 Sep 2022 20:47:02 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 105.0.5195.125
Obtained
from: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html |
1.1_5 12 Sep 2022 12:56:53 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for net-im/dendrite |
1.1_5 11 Sep 2022 14:03:23 |
Dmitri Goutnik (dmgk) Author: Stefan Bethke |
security/vuxml: Document Gitea vulnerabilities
PR: 266359 |
1.1_5 08 Sep 2022 00:22:51 |
Wen Heping (wen) |
security/vuxml: Document python multiple vulnerabilities |
1.1_5 07 Sep 2022 12:36:51 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_5 03 Sep 2022 11:30:39 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 105.0.5195.102
Obtained from:
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html |
1.1_5 01 Sep 2022 22:21:10 |
Ashish SHUKLA (ashish) |
security/vuxml: Unbreak vuxml build
Fix malformed CVE entry which I added in 46eb6e07f37e2. Thanks to dbaio@
for pointing it out. |
1.1_5 01 Sep 2022 21:55:10 |
Neel Chauhan (nc) Author: Ralf van der Enden |
dns/powerdns-recursor: Add VUXML entry |
1.1_5 01 Sep 2022 12:00:54 |
Nuno Teixeira (eduardo) |
security/vuxml: Document Grafana vulnerabilities
- vuxml: CVE-2022-31176 - Unauthorized file disclosure
PR: 266128 |
1.1_5 31 Aug 2022 22:37:41 |
Ashish SHUKLA (ashish) |
security/vuxml: Document Matrix clients' vulnerabilities |
1.1_5 31 Aug 2022 10:33:41 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 105.0.5195.52
Obtained
from: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html |
1.1_5 31 Aug 2022 06:04:38 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:13.zlib |
1.1_5 30 Aug 2022 18:45:20 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_5 26 Aug 2022 23:50:45 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.1 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.1
The potential DoS vulnerabilities include:
- Fix a possible overflow and crash in the ARP analyzer when
receiving a specially crafted packet.
- Fix a possible overflow and crash in the Modbus analyzer when
receiving a specially crafted packet.
- Fix two possible crashes when converting IP headers for output
via the raw_packet event.
- Fix an abort related to an error related to the ordering of
record fields when processing DNS EDNS headers via events
Reported by: Tim Wojtulewicz |
1.1_5 25 Aug 2022 19:56:02 |
Ashish SHUKLA (ashish) |
security/vuxml: update Dendrite vulnerability
- add CVE information |
1.1_5 25 Aug 2022 15:56:42 |
Bernard Spil (brnrd) |
security/vuxml: Document MariaDB vulnerabilities |
1.1_5 23 Aug 2022 05:05:01 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerability |
1.1_5 20 Aug 2022 01:24:38 |
Wen Heping (wen) |
security/vuxml: Document drupal9 multiple vulnerabilities |
1.1_5 17 Aug 2022 08:34:12 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 104.0.5112.101
Obtained
from: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html |
1.1_5 15 Aug 2022 13:57:01 |
Ashish SHUKLA (ashish) |
security/vuxml: Document dendrite vulnerability |
1.1_5 14 Aug 2022 17:00:29 |
Nuno Teixeira (eduardo) |
security/vuxml: Document Apache Tomcat vulnerability
CVE-2022-34305 Apache Tomcat - XSS in examples web application
PR: 265821
Approved by: riggs (ports-secteam) |
1.1_5 12 Aug 2022 09:15:01 |
Guido Falsi (madpilot) |
security/vuxml: Document xfce4-tumbler vulnerability.
The vulnerability details are undisclosed at present. |
1.1_5 10 Aug 2022 21:30:06 |
Danilo G. Baio (dbaio) |
security/vuxml: Document varnish cache vulnerability |
1.1_5 10 Aug 2022 10:20:09 |
Philip Paeps (philip) |
security/vuxml: correct entry for FreeBSD SA-22:10.aio
The vulnerability reported in FreeBSD-SA-22:10.aio was corrected on the
stable/13 branch before releng/13.1 was created. Consequently, FreeBSD
13.1-RELEASE-p0 is not affected. |
1.1_5 10 Aug 2022 10:20:08 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:12.lib9p |
1.1_5 10 Aug 2022 10:20:08 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:11.vm |
1.1_5 10 Aug 2022 09:53:28 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:10.aio |
1.1_5 10 Aug 2022 09:53:28 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:09.elf |
1.1_5 10 Aug 2022 09:04:11 |
Rodrigo Osorio (rodrigo) |
security/vuxml: Document rsync client-side arbitrary file write vulnerability
PR: 265633 |
1.1_5 09 Aug 2022 09:07:27 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document double free vulnerability in GnuTLS |
1.1_5 08 Aug 2022 20:35:27 |
Santhosh Raju (fox) |
security/vuxml: Document wolfSSL multiple vulnerabilities. |
1.1_5 05 Aug 2022 19:02:44 |
Nuno Teixeira (eduardo) Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 265527 |
1.1_5 05 Aug 2022 18:39:58 |
Bernard Spil (brnrd) |
security/vuxml: Document Unbound vulnerabilities |
1.1_5 05 Aug 2022 16:36:48 |
Nuno Teixeira (eduardo) Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
- Add write check for creating Commit status
https://github.com/go-gitea/gitea/pull/20334
- Check for permission when fetching user controlled issues
https://github.com/go-gitea/gitea/pull/20196
PR: 265526 |
1.1_5 05 Aug 2022 02:08:36 |
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_5 03 Aug 2022 14:50:50 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 104.0.5112.79
Obtained from:
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html |
1.1_5 02 Aug 2022 13:24:41 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerability |
1.1_5 30 Jul 2022 06:50:09 |
Matthias Fechner (mfechner) |
security/vuxml: Document www/gitlab-ce vulnerabilities |
1.1_5 23 Jul 2022 21:57:43 |
Nuno Teixeira (eduardo) Author: Boris Korzun |
security/vuxml: Document new Grafana vulnerabilities
CVE-2022-31097 - Stored XSS
CVE-2022-31107 - OAuth Account Takeover
PR: 265330 |
1.1_5 21 Jul 2022 08:59:18 |
Guido Falsi (madpilot) |
security/vuxml: Document new VirtualBox vulnerabilities.
PR: 265350 |
1.1_5 21 Jul 2022 08:10:24 |
Bernard Spil (brnrd) |
security/vuxml: Document new MySQL vulnerabilities |
1.1_5 20 Jul 2022 14:22:56 |
Tobias C. Berner (tcberner) |
security: remove 'Created by' lines
A big Thank You to the original contributors of these ports:
* <ports@c0decafe.net>
* Aaron Dalton <aaron@FreeBSD.org>
* Adam Weinberger <adamw@FreeBSD.org>
* Ade Lovett <ade@FreeBSD.org>
* Aldis Berjoza <aldis@bsdroot.lv>
* Alex Dupre <ale@FreeBSD.org>
* Alex Kapranoff <kappa@rambler-co.ru>
* Alex Samorukov <samm@freebsd.org>
* Alexander Botero-Lowry <alex@foxybanana.com>
* Alexander Kriventsov <avk@vl.ru>
* Alexander Leidinger <netchild@FreeBSD.org> (Only the first 15 lines of the commit message are shown above ) |
1.1_5 20 Jul 2022 08:32:05 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 103.0.5060.134
Obtained
from: https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html |
1.1_5 18 Jul 2022 16:11:25 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document potential remote code execution vulnerability in redis |
1.1_5 14 Jul 2022 12:39:43 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_5 12 Jul 2022 22:54:57 |
Brad Davis (brd) |
security/vuxml: document devel/git CVE-2022-29187 |
1.1_5 11 Jul 2022 15:47:56 |
Joseph Mingrone (jrm) |
security/vuxml: Note that the 2022-07-08 Node.js entry was modified
Requested by: sunpoet |
1.1_5 10 Jul 2022 09:19:26 |
Dries Michiels (driesm) Author: Robert Clausecker |
security/vuxml: document multimedia/py-mat2 CVE-2022-35410
PR: 265104 |
1.1_5 09 Jul 2022 06:09:01 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_5 08 Jul 2022 13:08:26 |
Joseph Mingrone (jrm) |
security/vuxml: Remove extra dash in 2022-07-08 Node.js CVE name
Reported by: joneum |
1.1_5 08 Jul 2022 12:56:23 |
Joseph Mingrone (jrm) |
security/vuxml: Fix CVE Names in 2022-07-08 Node.js entry
Sponsored by: The FreeBSD Foundation |
1.1_5 08 Jul 2022 12:12:18 |
Joseph Mingrone (jrm) |
security/vuxml: Document Node.js July 7th 2022 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
Sponsored by: The FreeBSD Foundation |
1.1_5 07 Jul 2022 16:15:20 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 103.0.5060.114
Obtained
from: https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html |
1.1_5 05 Jul 2022 14:51:47 |
Bernard Spil (brnrd) |
security/vuxml: Add/update OpenSSL vulnerability
* Update the RSA key AVX512 vuln to 3.0.4 only
* Add new AES OCB vuln in 1.1.1q/3.0.5 |
1.1_5 04 Jul 2022 10:52:31 |
Wen Heping (wen) |
security/vuxml: Fix a typo in previous commit of document django multiple
vulnerabilities |
1.1_5 04 Jul 2022 10:48:08 |
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_5 03 Jul 2022 18:55:26 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL vulnerability |
1.1_5 03 Jul 2022 06:04:08 |
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_5 29 Jun 2022 03:56:40 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for net-im/py-matrix-synapse |
1.1_5 27 Jun 2022 08:16:36 |
Bernard Spil (brnrd) |
security/vuxml: Document cURL vulnerabilities |
1.1_5 23 Jun 2022 19:18:01 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix vuxml build
<cvename> tag needs a valid CVE name
Fixes: 8f4091638ddd9e3c0484c5791359e58aa97b493a |
1.1_5 22 Jun 2022 19:11:40 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2022-06-22
Sponsored by: The FreeBSD Foundation |
1.1_5 22 Jun 2022 08:29:39 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL vulnerability
* Pet `make validate`
* Fix spacing for 482456fb-e9af-11ec-93b6-318d1419ea39
* Add discovery date for 482456fb-e9af-11ec-93b6-318d1419ea39
using tor wiki page update date. |
1.1_5 22 Jun 2022 08:02:26 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 103.0.5060.53 |
1.1_5 21 Jun 2022 21:09:38 |
Neel Chauhan (nc) Author: Rafael Grether |
graphics/p5-Image-ExifTool: Add an vuxml entry for update 12.42
PR: 264618 |
1.1_5 20 Jun 2022 14:09:26 |
Li-Wen Hsu (lwhsu) Author: Hung-Yi Chen |
security/vuxml: Add CVE-2022-24766 for www/mitmproxy
PR: 264782 |
1.1_5 17 Jun 2022 15:26:50 |
Yuri Victorovich (yuri) |
security/vuxml: Add vulnerability record for security/tor TROVE-2022-001[0] |
1.1_5 11 Jun 2022 08:06:56 |
Guido Falsi (madpilot) |
security/vuxml: Document XFCE libexo vulnerability. |
1.1_5 11 Jun 2022 00:18:10 |
Wen Heping (wen) |
security/vuxml: Document numpy vulnerabilities |
1.1_5 10 Jun 2022 09:58:15 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range for 49adfbe5-e7d1-11ec-8fbd-d4c9ef517024
PR: 264589
Reported by: Jordan Ostreff <jordan@ostreff.info> |
1.1_5 09 Jun 2022 20:26:21 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 102.0.5005.115
Obtained
from: https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html |
1.1_5 09 Jun 2022 09:05:02 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulnerabilities |
1.1_5 07 Jun 2022 12:36:39 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_5 05 Jun 2022 15:22:52 |
Matthias Andree (mandree) |
security/vuxml: add e2fsprogs CVE-2022-1304 < 1.46.5_1
Security: CVE-2022-1304
Security: a58f3fde-e4e0-11ec-8340-2d623369b8b5 |
1.1_5 04 Jun 2022 19:47:56 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5 03 Jun 2022 17:32:46 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.7 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.7
- Fix potential hang in the DNS analyzer when receiving a
specially-crafted packet. Due to the possibility of this happening
with packets received from the network, this is a potential DoS
vulnerability.
Reported by: Tim Wojtulewicz |
1.1_5 24 May 2022 19:48:26 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 102.0.5005.61
Obtained
from: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html |
1.1_5 23 May 2022 20:28:22 |
Bernard Spil (brnrd) |
security/vuxml: Add CVE numbers to latest MySQL vulnerabilities |
1.1_5 23 May 2022 20:17:17 |
Bernard Spil (brnrd) |
security/vuxml: Document MariaDB vulnerabilities |
1.1_5 23 May 2022 10:54:53 |
Yasuhiro Kimura (yasu) |
security/vuxml: Update and fix b2407db1-d79f-11ec-a15f-589cfc0f81b0
* security/clamav-lts is also vulnerable with them
* Fix range of security/clamav |
1.1_5 19 May 2022 18:28:37 |
Florian Smeets (flo) |
security/vuxml: Document ClamAV vulnerabilities |
1.1_5 15 May 2022 12:31:43 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerability
While here, fix package names for the previous Go entry (we also have
go117 now). |
1.1_5 13 May 2022 07:28:17 |
Bernard Spil (brnrd) |
security/vuxml: Document curl vulnerabilities |
1.1_5 12 May 2022 13:40:16 |
Palle Girgensohn (girgen) |
security/vuxml: postgresql??-server vuln CVE-2022-1552 |
1.1_5 10 May 2022 19:45:29 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 101.0.4951.64
Obtained
from: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html |
1.1_5 06 May 2022 19:34:43 |
Matthew Seaman (matthew) |
security/vuxml: add sysutils/rsyslog8 heap buffer overflow
https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8 |
1.1_5 05 May 2022 13:04:25 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document devel/gogs vulnerability |
1.1_5 05 May 2022 12:22:22 |
Dmitri Goutnik (dmgk) Author: Stefan Bethke |
security/vuxml: Document www/gitea vulnerability |
1.1_5 05 May 2022 11:50:45 |
Bernard Spil (brnrd) |
security/vuxml: Mark openssl-quictls vulnerable |
1.1_5 04 May 2022 07:22:06 |
Bernard Spil (brnrd) |
security/openssl: Security update to 1.1.1o
Security: fceb2b08-cb76-11ec-a06f-d4c9ef517024
MFH: 2022Q2 |
1.1_5 03 May 2022 10:12:53 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document cross-site-scripting (XSS) vulnerability in RainLoop |
1.1_5 02 May 2022 12:08:16 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerabilities |