| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
21 Dec 2007 21:43:14
  |
miwi  |
- Document e2fsprogs -- heap buffer overflow
PR: 118848 (based on)
Submitted by: Matthias Andree <matthias.andree@gmx.de>
Reviewed by: remko |
1.1_1
19 Dec 2007 23:03:56
|
simon |
Document wireshark -- multiple vulnerabilities. |
1.1_1
19 Dec 2007 21:06:25
|
simon |
Document opera -- multiple vulnerabilities. |
1.1_1
19 Dec 2007 20:52:06
|
simon |
Document peercast -- buffer overflow vulnerability. |
1.1_1
18 Dec 2007 13:06:29
|
simon |
Unbreak vuln.xml: & -> &
Pointy hat to: brooks |
1.1_1
17 Dec 2007 22:24:48
|
brooks |
Upgrade to Ganglia 3.0.6.
Release 3.0.5 contained minor bug fixes. 3.0.6 corrects XSS
vulnerabilities in the webfrontend.
Security: vid:fee7e059-acec-11dc-807f-001b246e4fdf |
1.1_1
14 Dec 2007 19:55:16
|
remko |
Sort references section for last commit. |
1.1_1
14 Dec 2007 00:17:02
|
sat |
- Mark latest linux-firefox/seamonkey-devel snapshots as safe
- Add (linux-)flock and linux-*-devel to latest firefox advisory
- Note that the tradition of covering more gecko ports with
firefox-related advisories should probably be kept up |
1.1_1
13 Dec 2007 00:36:54
|
nox |
Document qemu -- Translation Block Local Denial of Service Vulnerability |
1.1_1
12 Dec 2007 15:48:01
|
remko |
Document drupal -- SQL injection vulnerability
Submitted by: Nick Hilliard <nick at netability dot ie> |
1.1_1
12 Dec 2007 15:29:14
|
remko |
Document samba -- buffer overflow vulnerability. |
1.1_1
12 Dec 2007 15:11:17
|
remko |
Remove redundant "A" in the latest entry |
1.1_1
12 Dec 2007 08:32:33
|
miwi |
- Fix previous commit
- Sorting
- more referencs |
1.1_1
12 Dec 2007 08:11:07
|
beech |
- Missed a section - smbftpd
Pointyhat to: Self |
1.1_1
12 Dec 2007 07:55:42
|
beech |
- Document smbftpd - format string vulnerability.
Requested by: linimon
Approved by: linimon (mentor) |
1.1_1
10 Dec 2007 07:00:06
|
remko |
Document jetty - multiple vulnerabilities
PR: ports/118524
Submitted by: Nick Barkas <snb at threerings dot net>
with minor modifications by me
Approved by: portmgr (secteam blanket) |
1.1_1
09 Dec 2007 15:47:20
|
nork |
Update to 2007.12.07 with fix security issue.
Security: VuXML ID: 821afaa2-9e9a-11dc-a7e3-0016360406fa
CVE-2007-6036
http://aluigi.altervista.org/adv/live555x-adv.txt
Approved by: portmgr (erwin) |
1.1_1
08 Dec 2007 23:26:34
|
remko |
Document liveMedia -- DoS vulnerability
Submitted by: Rafae«l Careé <funm at videolan dot org>
with modifications by me
Approved by: portmgr (secteam blanket) |
1.1_1
07 Dec 2007 10:25:05
|
delphij |
Update to reflect the squid issue has been assigned
CVE-2007-6239.
Approved by: portmgr (ports-security blanket) |
1.1_1
05 Dec 2007 07:49:40
|
miwi |
- Update gnu-finger entry
* Fix cvename handling
Approved by: portmgr (ports-security blanket) |
1.1_1
05 Dec 2007 07:27:00
|
linimon |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-1999-1165: gnu-finger is old,
creaky, and not for use in production environments.
Submitted by: tabthorpe
Approved by: portmgr (self) |
1.1_1
05 Dec 2007 00:28:14
|
delphij |
Update to reflect an updated www/squid30 version which is no
longer vulnerable.
Approved by: portmgr (ports-security blanket) |
1.1_1
04 Dec 2007 19:49:48
|
delphij |
Update to reflect an updated www/squid version which is no
longer vulnerable.
Approved by: portmgr (ports-security blanket) |
1.1_1
04 Dec 2007 19:20:45
|
delphij |
Document squid denial of service vulnerability. This can be
triggered from trusted squid client only.
Approved by: portmgr (ports-security blanket) |
1.1_1
02 Dec 2007 00:15:28
|
delphij |
Remove the rsync entry for now. Better way of handling
this is still under discussion, as the vendor patch does
not automatically resolve problem for customized
configuration that have chroot = no.
Requested by: pav
Approved by: portmgr (ports-security blanket) |
1.1_1
01 Dec 2007 20:23:43
|
delphij |
Document rsync security bypass vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
01 Dec 2007 14:25:29
|
simon |
Make the rubygem-rails -- JSON XSS vulnerability entry valid UTF-8 (at
least the special chars doesn't look like UTF-8 as per emacs or
freshports).
Reported by: freshports via dvl
Approved by: portmgr (secteam blanket) |
1.1_1
28 Nov 2007 00:26:57
|
delphij |
Also cover rubygem-activesupport which is part of rails and is
affected by CVE-2007-3227 as well.
Approved by: portmgr (ports-security blanket) |
1.1_1
28 Nov 2007 00:19:09
|
delphij |
Document recent Ruby On Rails vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
27 Nov 2007 21:57:02
|
brix |
Document ikiwiki improper symlink verification vulnerability.
Reviewed by: remko
Approved by: portmgr (erwin), erwin (mentor) |
1.1_1
27 Nov 2007 21:35:54
|
delphij |
Document firefox multiple unspecified memory corruption vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
21 Nov 2007 18:58:28
|
miwi |
- Document phpmyadmin -- Cross Site Scripting
Reviewed by: remko
Approved by: portmgr (ports-security blanket |
1.1_1
21 Nov 2007 09:02:58
|
miwi |
- Update last Samba entry,
* Add reference to the samba advisories
* Fix the PORTVERSION/PORTEPOCH
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
21 Nov 2007 07:40:51
|
miwi |
Document samba - multiple vulnerabilities
Reviewed by: remko
Approved by: portmgr (ports-security blanket) |
1.1_1
18 Nov 2007 00:47:43
|
delphij |
postnuke 0.763 is not vulnerable to 35f2679f-52d7-11db-8f1a-000a48049292
so mark it as not vulnerable.
Approved by: portmgr (ports-security blanket) |
1.1_1
17 Nov 2007 07:07:41
|
delphij |
Improve JDK version coverage. We should consider PORTEPOCH'ed version
separately, so restruct the range.
Approved by: portmgr (ports-security blanket) |
1.1_1
16 Nov 2007 19:53:07
|
delphij |
Document PHP multiple vulnerabilities that are fixed by php 5.2.5.
Approved by: portmgr (ports-security blanket) |
1.1_1
16 Nov 2007 08:05:48
|
miwi |
- Fix c93e4d41-75c5-11dc-b903-0016179b2dd5 entry
Submitted by: glewis
Reviewed by: remko
Approved by: portmgr (ports-security blanket) |
1.1_1
14 Nov 2007 22:19:07
|
erwin |
print/cups-base is vulnerable for all previous versions to
1.3.3_2, not all coming ones.
Submitted by: Andrew Daugherity <ADaugherity@vprmail.tamu.edu>
Approved by: portmgr (self) |
1.1_1
14 Nov 2007 14:23:33
|
remko |
Document mt-daapd -- denial of service vulnerability, also
correct the previous entry style wise.
Submitted by: Mark D. Foster <mark at foster dot cc> with minor
modifications by me.
Approved by: portmgr (secteam blanket) |
1.1_1
14 Nov 2007 09:23:51
|
miwi |
- Update xpdf -- multiple remote Stream.CC vulnerabilities
* Mark cups-base as safe
Approved by: portmgr (ports-security blanket) |
1.1_1
14 Nov 2007 05:45:24
|
kuriyama |
o Add a patch for CVE-2007-5846, and add an entry for vuxml.
Approved by: portmgr (marcus) |
1.1_1
13 Nov 2007 15:41:57
|
miwi |
- Document flac -- media file processing integer overflow vulnerabilities
Reviewed by: simon
Approved by: portsmgr (ports-security blanket)
Thanks to: naddy |
1.1_1
13 Nov 2007 06:46:44
|
simon |
Unbreak file by closing </li> tag.
Approved by: portmgr (secteam blanket) |
1.1_1
13 Nov 2007 01:14:50
|
delphij |
Document xpdf arbitrary code execution vulnerability, as documented in
CVE-2007-4352, CVE-2007-5392, CVE-2007-5393.
Approved by: portmgr (ports-security blanket) |
1.1_1
12 Nov 2007 19:46:09
|
delphij |
dinoex@ has choosen to apply a vendor patch that has resolved CVE-2007-4351
instead of upgrading to 1.3.4. Mark this updated version as not vulnerable.
Approved by: portmgr (ports-security blanket) |
1.1_1
12 Nov 2007 00:39:01
|
delphij |
Document plone arbitrary code execution vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
11 Nov 2007 18:43:12
|
miwi |
- Updated the last gftp entry (we have 2.0.18_6 in the portstree not 2.10.18_6)
Submitted by: Fabian Keil (via private mail)
Approved by: portmgr (ports-security blanket) |
1.1_1
11 Nov 2007 15:52:24
|
miwi |
- Document phpmyadmin -- cross-site scripting vulnerability
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
09 Nov 2007 19:05:51
|
delphij |
Document gallery2 multiple vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
09 Nov 2007 10:00:02
|
miwi |
- Document tikiwiki -- multiple vulnerabilities
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
09 Nov 2007 07:51:43
|
delphij |
Document cups-base remote buffer overflow vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
07 Nov 2007 22:03:26
|
delphij |
Make perl entry to cover perl-threaded as well.
Reported by: Andy Greenwood <greenwood.andy gmail com>
Approved by: portmgr (ports-security blanket) |
1.1_1
06 Nov 2007 22:19:50
|
miwi |
- Document perl -- regular expressions unicode data buffer overflow
Reviewed by: simon/tobez
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
06 Nov 2007 18:28:58
|
delphij |
Document pcre arbitrary code execution vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
06 Nov 2007 11:03:36
|
beech |
- perdition entry - correct range
Approved by: portmgr (pav) linimon (mentor) |
1.1_1
06 Nov 2007 09:58:50
|
beech |
- Add entry for mail/perdition
PR: ports/117796
Approved by: portmgr (pav), linimon (mentor) |
1.1_1
05 Nov 2007 21:12:08
|
miwi |
- gftp -- multiple vulnerabilities
Reviewed by: simom
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
05 Nov 2007 11:46:14
|
miwi |
- Update dirproxy -- remote denial of service
* Add net/dirproxy with the same affect
* Update net/dirproxy-devel as safe
Reviewed by: simon
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
04 Nov 2007 13:43:35
|
miwi |
- dirproxy -- remote denial of service
Reviewed by: remko
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
01 Nov 2007 15:16:38
|
miwi |
- Fix discovery date on my previous commit
Approved by: portmgr (ports-security blanket) |
1.1_1
01 Nov 2007 12:46:52
|
miwi |
- document wordpress -- cross-site scripting
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
01 Nov 2007 00:58:11
|
delphij |
Extend coverage to OpenLDAP 2.4.x series which is affected according
to CVS history.
Approved by: portmgr (ports-security blanket) |
1.1_1
31 Oct 2007 21:48:27
|
delphij |
Document openldap multiple vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
31 Oct 2007 17:21:15
|
simon |
Bump modified date for entry updated in last commit.
Approved by: portmgr (secteam blanket) |
1.1_1
31 Oct 2007 16:38:08
|
girgen |
Update vuxml to reflect that mod_jk and mod_jk-ap2 have
different portepochs.
Approved by: portmgr (pav) |
1.1_1
31 Oct 2007 12:44:04
|
miwi |
- Update mozilla -- code execution via Quicktime media-link files
PR: 117704
Submitted by: John Hein <jhein@timing.com>
Reviewed by: simon
Approved by: portmgr (blanket) secteam (blanket via simon) |
1.1_1
28 Oct 2007 22:22:45
|
delphij |
Document django DoS issue. |
1.1_1
26 Oct 2007 20:41:39
|
miwi |
- Fix day entry for 498a8731-7cfc-11dc-96e6-0012f06707f0
Reviewed by: simon |
1.1_1
25 Oct 2007 18:34:32
|
miwi |
- Document opera -- multiple vulnerabilities
Reviewed by: remko |
1.1_1
25 Oct 2007 08:47:23
|
miwi |
- Document drupal --- multiple vulnerabilities
Reviewed by: simon |
1.1_1
23 Oct 2007 11:12:42
|
miwi |
- Document ldapscripts -- Command Line User Credentials Disclosure
PR: 117152
Submitted by: Ganael Laplanche <ganael.laplanche at martymac.com>
(maintainer/author)
rafan@
Reviewed by: simon@ |
1.1_1
22 Oct 2007 18:51:33
|
delphij |
Modify firefox entry to cover linux-* variants. |
1.1_1
22 Oct 2007 01:37:32
|
delphij |
Document firefox JavaScript Entrapment vulnerabilities. |
1.1_1
20 Oct 2007 20:48:33
|
miwi |
- Fix year entry in 498a8731-7cfc-11dc-96e6-0012f06707f0
Submitted by: freshports
Thanks to: Dan Langille |
1.1_1
19 Oct 2007 14:23:36
|
mnag |
- Add new line between entries. |
1.1_1
17 Oct 2007 22:15:35
|
stas |
- Add entry about recent phpMyAdmin XSS server_status.php vulnerability
- Fix URL in my previous entry while I'm here. |
1.1_1
16 Oct 2007 18:29:34
|
stas |
- Fix package name in 51b51d4a-7c0f-11dc-9e47-0011d861d5e2 and
229577a8-0936-11db-bf72-00046151137e entries (phpmyadmin->phpMyAdmin). |
1.1_1
16 Oct 2007 18:13:04
|
stas |
- Add entry about phpMyAdmin XSS vulnerability. |
1.1_1
13 Oct 2007 09:45:27
|
miwi |
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
Reviewed by: simon |
1.1_1
11 Oct 2007 17:28:01
|
miwi |
Document png -- multiple vulnerabilities
Reviewed by: simon |
1.1_1
10 Oct 2007 12:47:22
|
remko |
Document ImageMagick - Multiple vulnerabilities
Submitted by: Nick Barkas |
1.1_1
10 Oct 2007 12:35:43
|
remko |
Correct mediawiki package names.
Spotted by: Nick Barkas |
1.1_1
09 Oct 2007 07:18:11
|
miwi |
- Dokument jdk/jre -- Applet Caching May Allow Network Access Restrictions to be
Circumvented
Reviewed by: remko |
1.1_1
08 Oct 2007 12:05:08
|
flz |
Document xfs -- multiple vulnerabilities. |
1.1_1
05 Oct 2007 09:35:50
|
miwi |
- Document tcl/tk -- buffer overflow in ReadImage function
PR: 116881
Submitted by: Nick Barkas <snb@threerings.net>
Reviewed by: simon |
1.1_1
04 Oct 2007 22:56:29
|
delphij |
Document firebird multiple remote buffer overflow vulnerabilities |
1.1_1
02 Oct 2007 18:27:37
|
remko |
Update the bugzilla and mediawiki entries to properly match their corrected
versions.
Prodded by: Nick Barkas (and a few others) |
1.1_1
02 Oct 2007 02:04:41
|
delphij |
Update to reflect the fixed version of id3lib. |
1.1_1
01 Oct 2007 21:04:45
|
delphij |
Document id3lib insecure temporary file creation vulnerability |
1.1_1
23 Sep 2007 09:09:33
|
miwi |
- modify mediawiki entry (add missing mediawiki18)
Reviewed by: remko |
1.1_1
23 Sep 2007 01:37:07
|
delphij |
Some PHP 5.x vulnerabilities is also found in PHP 4.x series,
unfortunately it seems that there is no newer PHP release to
fix these issue for 4.x series, so mark it as so.
While I'm there add a new CVE that was not mentioned in
previous revision of entry. |
1.1_1
21 Sep 2007 13:14:30
|
remko |
Document mediawiki -- cross site scripting vulnerability, our port versions
had not been updated yet, 1.8.x is not vulnerable by default unless you are
using the $wgEnableAPI = true; statement, in that case please set it to
$wgEnableAPI = false; (where possible ofcourse, else upgrade to 1.8.5). |
1.1_1
21 Sep 2007 13:02:54
|
remko |
Document wordpress -- remote sql injection vulnerability, our versions are
already up to date for this vulnerability. |
1.1_1
21 Sep 2007 12:41:30
|
remko |
samba -- nss_info plugin privilege escalation vulnerability, the FreeBSD
port had already been fixed for this. |
1.1_1
21 Sep 2007 06:49:49
|
remko |
Document bugzilla -- multiple vulnerabilities
PR: ports/116060
Submitted by: Nick Barkas <snb at threerings dot net>, minor nits from me |
1.1_1
21 Sep 2007 06:35:53
|
delphij |
Document clamav CVE-2007-4510 issue (Remote DoS). |
1.1_1
20 Sep 2007 12:20:27
|
remko |
Document coppermine -- multiple vulnerabilities, the FreeBSD
port is already up to date. |
1.1_1
20 Sep 2007 12:12:54
|
remko |
Document openoffice -- arbitrary command execution vulnerability,
all current versions marked vulnerable, everything as of 2.3 is
believed to be fixed, but we do not have that yet ( I am also not
sure whether the -devel version has the correct fix or not ) so
lets be on the safe side till we know what version will be fixed
in our repro. |
1.1_1
20 Sep 2007 12:04:30
|
remko |
Document bugzilla -- "createmailregexp" security bypass vulnerability,
marking all versions as vulnerable till we know what version is the
one fixed in our CVS repository. |
As an Amazon Associate I earn from qualifying purchases.
