Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 01 Dec 2005 16:08:47 |
mnag |
Add drupal -- multiple vulnerabilities
Reviewed by: simon |
1.1_1 30 Nov 2005 20:55:37 |
simon |
Document opera -- multiple vulnerabilities. |
1.1_1 30 Nov 2005 20:35:51 |
simon |
Document opera -- command line URL shell command injection. |
1.1_1 30 Nov 2005 13:41:54 |
mnag |
Add entry to www/mambo
Reviewed by: simon |
1.1_1 29 Nov 2005 08:46:13 |
simon |
Backup rev 1.9 which should not have been committed since it was just my
local hack.
Note to self: Do not commit before having at least two cups of coffee.
Pointy hat to: simon |
1.1_1 29 Nov 2005 08:41:52 |
simon |
Mark flyspar 0.9.8 as fixed wrt. "flyspray -- cross-site scripting
vulnerabilities" since our port version of 0.9.8 includes update1 which
fixes the issue.
Reported by: Volodymyr Kostyrko via pav |
1.1_1 28 Nov 2005 15:37:04 |
mnag |
Change topic zope28 to zope (www/zope affected too)
Add <cvename> to zope entry
Change CAN-XXXX-XXXX to CVE-XXXX-XXXX
Reviewed by: simon |
1.1_1 27 Nov 2005 17:57:19 |
hrs |
Security fix: several shell scripts included in the Ghostscript package
allow local users to overwrite files via a symlink attack on temporary
files.
Security: CAN-2004-0967 |
1.1_1 26 Nov 2005 10:58:05 |
remko |
Forced commit to notice that I also added some references to the
latest horde entry. |
1.1_1 26 Nov 2005 10:54:22 |
remko |
Standarize the horde -- Cross site scripting vulnerabilities in MIME
viewers entry as per the FDP-primer and the vuxml layout (topic).
Also correct the qpopper vulnerability to match 4.0 and above since
the 2.x range is listed as affected at the moment but has an entirely
different base. After checking it appears that the information all
point to >= 4.0. [1]
Noticed by: ache [1] |
1.1_1 22 Nov 2005 19:56:54 |
thierry |
Add an entry for cross site scripting vulnerabilities in Horde's MIME
viewers. |
1.1_1 16 Nov 2005 14:17:44 |
mnag |
phpmyadmin -- HTTP Response Splitting vulnerability
Reviewed by: simon |
1.1_1 14 Nov 2005 16:57:26 |
simon |
Add CVE name to an old sudo entry. |
1.1_1 14 Nov 2005 08:45:09 |
simon |
Update latest phpSysInfo entry to reflect that 2.4 was in fact not fixed
(or rather, had an incorrect "fix").
Reported by: Christopher Kunz (advisory author)
Security: http://www.hardened-php.net/advisory_222005.81.html |
1.1_1 13 Nov 2005 21:39:56 |
sem |
- Micromedia -> Macromedia
- Standard FDP primer documentation rules apply
- Two dots fixed
Noted by: remko |
1.1_1 13 Nov 2005 21:21:16 |
sem |
- Document phpSysInfo vulnerability |
1.1_1 13 Nov 2005 20:59:47 |
sem |
- Document flashplugin vulnerability |
1.1_1 10 Nov 2005 11:09:56 |
sem |
- Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports)
- Document flyspray cross-site scripting vulnerabilities |
1.1_1 08 Nov 2005 17:34:40 |
remko |
Update the recent gallery2 and webcalendar entries:
o Add a better topic (description)
o Reword the webcalendar entry to have some more usefull data
o Add references (bid's and CVE names). |
1.1_1 07 Nov 2005 20:44:06 |
remko |
Document qpopper -- multiple privilege escalation vulnerabilities.
Note that the current version is not affected anymore. |
1.1_1 06 Nov 2005 17:28:04 |
sem |
- Add missed </p> tag [1]
- Modify 594eb447-e398-11d9-a8bd-000cf18bbe54 entry:
ruby 1.6.x is not affected this vulnerability,
it have no XMLRPC support.
Pointy hat to: simon [1] |
1.1_1 04 Nov 2005 22:49:34 |
simon |
Add a bit more info from the PEAR advisory about the vulnerability to
make the scope of the vulnerability a bit more clear.
Disussed with: thierry |
1.1_1 04 Nov 2005 22:35:06 |
simon |
The two latest OpenVPN vulnerabilities were both only for 2.0 and
newer, so mark the correctly as such.
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1 04 Nov 2005 21:23:28 |
thierry |
Add an entry for pear-PEAR arbitrary code execution vulnerability. |
1.1_1 02 Nov 2005 10:16:51 |
simon |
Correct skype entry to match the correct fixed port version number.
Noted by: Stefan Lambrev, cheffo FreeBSD-BG org |
1.1_1 01 Nov 2005 22:49:20 |
simon |
Document two OpenVPN vulnerabilities.
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1 01 Nov 2005 21:39:25 |
naddy |
As Peter Jeremy points out, the recent lynx vulnerability also concerns
lynx-ssl. |
1.1_1 01 Nov 2005 09:33:41 |
sem |
- Document skype vulnerabilities
- Document PHP vulnerabilities
- Convert first letters in titles from upcase to lowercase
in my last additions. |
1.1_1 01 Nov 2005 08:44:37 |
sem |
- Document CVE-2005-3258:
Squid FTP Server Response Handling Denial of Service |
1.1_1 31 Oct 2005 19:03:13 |
sem |
- Document a BASE Basic Analysis and Security Engine vulnerability |
1.1_1 31 Oct 2005 18:02:10 |
simon |
Back out the accidentally committed white-space modification parts of
rev. 1.869, but keep the lynx entry.
Pointy hat to: naddy
OK'ed by: naddy |
1.1_1 31 Oct 2005 09:04:22 |
barner |
Add entry for "fetchmail -- fetchmailconf local password exposure",
which was fixed with fetchmail-6.2.5.2_1 and above. |
1.1_1 30 Oct 2005 22:17:55 |
naddy |
Document lynx remote buffer overflow in NNTP header handling. |
1.1_1 27 Oct 2005 19:40:25 |
sem |
- Fix a ruby vulnerabuility in the safe level settings.
Based on: ports/87816
Submitted by: Phil Oleson <oz@nixil.net>
Security:
http://vuxml.FreeBSD.org/1daea60a-4719-11da-b5c6-0004614cc33d.html |
1.1_1 26 Oct 2005 19:53:25 |
simon |
Add more references to entry net-snmp -- remote DoS vulnerability. |
1.1_1 26 Oct 2005 10:00:18 |
simon |
- Mark linux-firefox 1.0.7 as fixed
wrt. 8665ebb9-2237-11da-978e-0001020eed82 (Mozilla/firefox IDN buffer
overflow) [1].
- Correct some of the the earlier linux-firefox entries to match
versions before 1.0.7, not after (whoops)...
Prodded by: Andrew P. <infofarmer@gmail.com> [1] |
1.1_1 25 Oct 2005 19:52:37 |
lesi |
Add misc/compat5x to "openssl -- potential SSL 2.0 rollback".
Reviewed by: simon |
1.1_1 23 Oct 2005 17:10:48 |
simon |
Also mark xli as vulnerable to xloadimage -- buffer overflows in NIFF
image title handling, and latest port version as fixed.
Reported by: jkoshy |
1.1_1 23 Oct 2005 16:50:43 |
simon |
For entry libgadu -- multiple vulnerabilities:
- Mark latest centericq port version as fixed.
- Fix cite in description. |
1.1_1 23 Oct 2005 09:09:47 |
simon |
For entry zope28 -- expose RestructuredText functionality to untrusted
users:
- Do not match zope 2.7.8 which has been fixed. [1]
- Fix typo in topic.
- Add another reference.
Reported by: Gerhard Schmidt <estartu augusta de> [1] |
1.1_1 22 Oct 2005 13:41:20 |
simon |
Add another reference to clamav -- arbitrary code execution and DoS
vulnerabilities entry. |
1.1_1 20 Oct 2005 13:52:35 |
naddy |
Document x11/xloadimage buffer overflows in NIFF image title handling. |
1.1_1 19 Oct 2005 18:17:47 |
nectar |
Rename all CAN-yyyy-nnnn to CVE-yyyy-nnnn, with the exception of text
inside <blockquote>s.
See <URL:http://www.cve.mitre.org/cve/renumber.html>. |
1.1_1 18 Oct 2005 19:45:58 |
simon |
For entry: snort -- Back Orifice preprocessor buffer overflow vulnerability:
- Sort references.
- Add ISS advisory to references. |
1.1_1 18 Oct 2005 17:42:14 |
simon |
- Document snort -- Back Orifice preprocessor buffer overflow vulnerability.
- Use standard topic format for webcalendar entry.
- Fix package name in webcalendar so it matches the actual package
name. |
1.1_1 14 Oct 2005 21:57:41 |
sem |
- Document www/webcalendar vulnerability. |
1.1_1 14 Oct 2005 21:38:08 |
sem |
- Document www/gallery2 vulnerability. |
1.1_1 12 Oct 2005 22:53:00 |
simon |
Improve last couple of entries:
- Use standard topic format.
- Fix packagename in phpmyadmin and zone entries.
- Fix indention and remove EOL white-space.
- Make lead in a bit more verbose.
- Add more references to phpmyadmin issue.
- Remove some redundant quoted text in zope issue. |
1.1_1 12 Oct 2005 14:51:14 |
mnag |
Add entry for openssl
Remove entry about safe mode in phpmyadmin |
1.1_1 12 Oct 2005 00:24:39 |
mnag |
Add entry for phpmyadmin (PMASA-2005-4) |
1.1_1 12 Oct 2005 00:12:21 |
mnag |
Fix typo with range values |
1.1_1 12 Oct 2005 00:01:03 |
mnag |
Add entry from zope28 |
1.1_1 09 Oct 2005 21:03:07 |
simon |
For libxine -- format string vulnerability entry:
- Add reference to xine security announcement.
- Fix indention on a few lines. |
1.1_1 09 Oct 2005 16:14:41 |
nobutaka |
Add an entry for libxine format string vulnerability. |
1.1_1 09 Oct 2005 10:14:28 |
simon |
Mark older revisions linux_base-suse 9.3 as vulnerable to kdebase --
Kate backup file permission leak. |
1.1_1 07 Oct 2005 07:31:51 |
sergei |
- Mark cfengine's arbitrary file overwriting vulnerability as fixed in 2.1.6_1
- Add another possible variant of package name - cfengine2 |
1.1_1 05 Oct 2005 17:44:06 |
thierry |
Add an entry for UW-IMAP Mailbox Name Handling Remote Buffer Overflow
Vulnerability (CAN-2005-2933). |
1.1_1 05 Oct 2005 15:55:08 |
ehaupt |
Add credit for recent ftp/weex incident
Approved by: novel (mentor) |
1.1_1 04 Oct 2005 13:23:00 |
garga |
rinetd >= 0.62_1 has no more vulnerabilities |
1.1_1 02 Oct 2005 20:10:42 |
remko |
Add references to three squid entries.
Submitted by: Thomas-Martin Seck <tmseck at netcologne dot de>
(except for the bid's which i added myself). |
1.1_1 02 Oct 2005 17:46:23 |
simon |
Use the <freebsdpr> tag to markup a PR in weex -- remote format string
vulnerability entry. |
1.1_1 02 Oct 2005 16:11:30 |
jylefort |
Document a format string vulnerability in ftp/weex. |
1.1_1 02 Oct 2005 07:45:29 |
simon |
Document picasm -- buffer overflow vulnerability. |
1.1_1 01 Oct 2005 16:43:38 |
nobutaka |
Add an URL to the entry of the japanese/uim. |
1.1_1 01 Oct 2005 16:35:20 |
nobutaka |
Document japanese/uim privilege escalation vulnerability. |
1.1_1 01 Oct 2005 15:21:57 |
simon |
Document cfengine -- arbitrary file overwriting vulnerability. |
1.1_1 01 Oct 2005 10:17:19 |
remko |
Mark zsync <= 0.4.1 vulnerable to the zlib buffer overflow vulnerability.
Inspired by: gordon's commit |
1.1_1 01 Oct 2005 08:40:58 |
simon |
Add more references to unace -- multiple vulnerabilities entry. |
1.1_1 01 Oct 2005 07:14:34 |
simon |
Add CVE name to an older ProZilla entry. |
1.1_1 29 Sep 2005 20:01:41 |
simon |
Add more references for latest phpmyfaq entry. |
1.1_1 29 Sep 2005 19:31:13 |
simon |
- Add a note that new entries, per convention, should be added to the
start of this file.
For latest phpmyfaq entry:
- Use port directory name as first part of topic.
- No need to include information about affected releases in topic
(it's somewhat redundant and makes the title longer).
- Reindent body with standard FreeBSD Doc Project (more or less)
style. |
1.1_1 28 Sep 2005 22:54:43 |
vsevolod |
Document vulnerabilities in www/phpmyfaq |
1.1_1 24 Sep 2005 09:22:30 |
remko |
Add linux_base-suse-9.3 to the zlib entry.
Inspired by: trevors commit. |
1.1_1 24 Sep 2005 08:31:47 |
simon |
Document clamav -- arbitrary code execution and DoS vulnerabilities. |
1.1_1 23 Sep 2005 21:44:15 |
simon |
- Be consistent and call entries "firefox & mozilla", not the other way
around.
- Mark latest linux-mozilla port as fixed for recent mozilla
vulnerabilities. |
1.1_1 23 Sep 2005 19:19:04 |
simon |
- Document mozilla & firefox -- multiple vulnerabilities.
- Add Mozilla Foundation Security Advisory references to two other
firefox/mozilla entries. |
1.1_1 21 Sep 2005 23:03:57 |
simon |
Add real references to urban -- stack overflow vulnerabilities. |
1.1_1 21 Sep 2005 22:31:09 |
simon |
Document mozilla & firefox -- command line URL shell command injection. |
1.1_1 21 Sep 2005 21:59:32 |
simon |
Add CVE name for tor -- diffie-hellman handshake flaw. |
1.1_1 21 Sep 2005 21:46:26 |
simon |
Correct package name for entry bind -- buffer overrun vulnerability. |
1.1_1 21 Sep 2005 21:15:51 |
simon |
Add CVE name to an older CUPS issue. |
1.1_1 19 Sep 2005 16:12:07 |
remko |
Fix the htdig entry, the port version and the VuXML version did not
align.
Reported by: Nic Bellamy <nic at bellamy dot co dot nz> |
1.1_1 19 Sep 2005 16:09:28 |
remko |
Fix the squirrelmail entry since only versions prior to 1.4.5 were
affected. Bump modification date accordingly.
Reported by: Avinash Piare <avinash at piare dot org> |
1.1_1 17 Sep 2005 19:08:43 |
remko |
Document the following items:
o apache -- Certificate Revocation List (CRL) off-by-one vulnerability
o squirrelmail -- _$POST variable handling allows for various attacks
Reviewed by: simon |
1.1_1 15 Sep 2005 20:14:27 |
pav |
- Add an entry on possible DOS condition regarding NTLM in squid
PR: ports/86179
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1 14 Sep 2005 22:22:49 |
lesi |
Document X11 server -- pixmap allocation vulnerability.
Reviewed by: simon |
1.1_1 13 Sep 2005 20:18:44 |
remko |
Document unzip -- permission race vulnerability. [1]
Update the recent htdig entry with it's corrected version.
Reviewed by: simon [1] |
1.1_1 10 Sep 2005 20:55:35 |
simon |
Document firefox & mozilla -- buffer overflow vulnerability.
Prodded by: pav |
1.1_1 07 Sep 2005 08:46:53 |
lawrance |
Mark the latest version of cups-base fixed for "xpdf -- disk fill DoS
vulnerability" |
1.1_1 04 Sep 2005 15:24:56 |
remko |
Add forgotten </package> line.
Spotted by: simon |
1.1_1 04 Sep 2005 15:16:52 |
remko |
Mark b2evolution prior to 0.9.0.12_2 vulnerable to the XML_RPC remote php code
injection vulnerability.
Inspired by: pav's commit, updating the port. |
1.1_1 04 Sep 2005 09:03:05 |
remko |
Document htdig -- cross site scripting vulnerability.
Reviewed by: simon |
1.1_1 04 Sep 2005 07:54:46 |
sem |
- Document two squid security related issues.
PR: ports/85688
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer) |
1.1_1 03 Sep 2005 19:05:01 |
remko |
Document bind9 -- denial of service.
Also merge the FreeBSD-SA-05:12.bind9 advisory in the entry. [1]
Suggested by: simon [1]
Reviewed by: simon |
1.1_1 03 Sep 2005 18:06:52 |
remko |
Document bind -- buffer overrun vulnerability |
1.1_1 02 Sep 2005 13:10:52 |
simon |
Add a more or less bogus reference section to the last entry, to make it
a valid entry. The reference simply references the VuXML entry itself,
but at least it fixes the build for now.
Missed by: simon |
1.1_1 02 Sep 2005 12:59:55 |
jylefort |
Document stack overflow vulnerabilities in games/urban.
Approved by: simon |
1.1_1 29 Aug 2005 20:47:28 |
simon |
Mark latest evolution port version as fixed wrt. evolution -- remote
format string vulnerabilities. |
1.1_1 29 Aug 2005 15:10:30 |
kuriyama |
Add entry for fswiki's vuln. |
1.1_1 29 Aug 2005 08:11:21 |
niels |
Dante 1.1.15 is no longer affected by the fd_set bitmap index overflow.
Updated the version in VuXML (was 0).
Approved by: nectar (mentor) |