Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 19 Dec 2006 20:02:47
 |
remko  |
Document openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3) |
1.1_1 19 Dec 2006 14:46:15
 |
lth  |
sql-ledger -- multiple vulnerabilities
Reviewed by: remko |
1.1_1 15 Dec 2006 19:47:28
 |
remko  |
Update several entries, making them a bit clearer (Were possible),
adjusting some package names, and collapsing some ruby entries that
can be combined. Also properly sort the <bid> and <cvename> tags.
b comes before c. |
1.1_1 14 Dec 2006 20:35:50
 |
marcus  |
Document the recent D-BUS vulnerability as described by CVE-2006-6107.
Submitted by: mnag |
1.1_1 14 Dec 2006 19:27:02
 |
mnag  |
- evince -- Buffer Overflow Vulnerability |
1.1_1 14 Dec 2006 13:44:03
 |
mnag  |
- Change spaces to tabs in <name> and <range>
- Remove some empty lines
- Respect 2 spaces between <body> and <p>
- Respect empty line between <vuln vid=""> entry. |
1.1_1 13 Dec 2006 22:56:31
 |
miwi  |
tDiary - Injection Vulnerability |
1.1_1 13 Dec 2006 12:44:56
 |
mnag  |
- wv -- Multiple Integer Overflow Vulnerabilities |
1.1_1 13 Dec 2006 12:37:17
 |
mnag  |
- wv2 -- Integer Overflow Vulnerability |
1.1_1 13 Dec 2006 07:04:45
 |
miwi  |
- Fix tnftpd entry (made validate happy) |
1.1_1 13 Dec 2006 06:42:52
 |
miwi  |
tnftpd - remote root exploit
Reviewed by: simon
Approved by: secteam |
1.1_1 12 Dec 2006 20:51:25
 |
mnag  |
- clamav -- Multipart Nestings Denial of Service |
1.1_1 09 Dec 2006 09:36:27
 |
remko  |
Rewrite the libxine entry:
o Use the FDP style to fill in the entry.
o Remove the secunia references and use the libxine information.
o Properly sort the references section
o Add the modified tag (since I changed it). |
1.1_1 07 Dec 2006 17:50:39
 |
nobutaka  |
Add an entry for libxine multiple buffer overflow vulnerabilities. |
1.1_1 07 Dec 2006 12:37:01
 |
mnag  |
- Ok. gnupg-devel are not affected. |
1.1_1 07 Dec 2006 12:24:17
 |
mnag  |
- Add gnupg-devel package in last entry
- Add secunia reference in las entry |
1.1_1 07 Dec 2006 09:00:00
 |
vd  |
Forced commit to note that my last commit is:
Approved by: secteam (remko) |
1.1_1 07 Dec 2006 08:54:53
 |
vd  |
* Fix typo in the latest GnuPG entry, inherited from the original message
* Fix the URL in references, the former one gives 404 Not found.
Kuriyama, where did you get it from? |
1.1_1 07 Dec 2006 00:35:32
 |
kuriyama  |
Add CVE-2006-6235 entry for GnuPG. |
1.1_1 04 Dec 2006 21:25:32
 |
stas  |
- Add a modified field for the entry, touched by the previous commit |
1.1_1 04 Dec 2006 21:16:20
 |
stas  |
- List all affected packages for the Novermber ruby cgi DOS vulnerability
- This vulnerability was not fixed in ruby_static |
1.1_1 04 Dec 2006 21:10:08
 |
stas  |
- Documenet ruby cgi library vulnerability |
1.1_1 03 Dec 2006 07:59:38
 |
stas  |
- Document buffer overflow vulnerabilities in the libmusicbrainz. |
1.1_1 02 Dec 2006 16:06:27
 |
simon  |
Fix markup in last entry so the file is valid XML again.
Pointy hat to: simon |
1.1_1 02 Dec 2006 15:09:59
 |
miwi  |
- Add a entry for www/tDiary, www/tDiary-devel
Reviewed by: simon |
1.1_1 02 Dec 2006 11:41:50
 |
stas  |
- Document the SGI Image File heap overflow vulnerability in ImageMagick |
1.1_1 30 Nov 2006 20:33:54
 |
naddy  |
Document "gtar -- GNUTYPE_NAMES directory traversal vulnerability". |
1.1_1 30 Nov 2006 00:32:58
 |
shaun  |
Document 'kronolith -- arbitrary local file inclusion vulnerability' |
1.1_1 28 Nov 2006 13:45:14
 |
simon  |
In latest gnupg entry:
- Use "Werner Koch reports" instead of "Author reports" to follow
normal style in vuln.xml.
- Fix some indentation and markup in body. |
1.1_1 28 Nov 2006 05:57:34
 |
kuriyama  |
Add recent gnupg one. |
1.1_1 21 Nov 2006 00:27:26
 |
shaun  |
Add <modified> tag to previous proftpd entry.
Requested by: remko |
1.1_1 15 Nov 2006 14:40:09
 |
shaun  |
Add proftpd-mysql to the previous entry. |
1.1_1 14 Nov 2006 23:25:19
 |
shaun  |
Document "proftpd -- Remote Code Execution Vulnerability". |
1.1_1 14 Nov 2006 16:57:17
 |
delphij  |
The Command Injection Vulnerability was corrected by awstats 6.5_2,1.
Submitted by: Alex Samorukov
PR: ports/105233 |
1.1_1 14 Nov 2006 08:35:08
 |
ehaupt  |
Add archivers/unzoo Directory Traversal Vulnerability.
Reviewed by: simon |
1.1_1 11 Nov 2006 15:56:04
 |
simon  |
Add bugzilla -- multiple vulnerabilities entry.
Update earleir bugzilla entry with better topic, add ja-bugzilla as
also potentially vulnerable (thought the version currently in
ja-bugzilla isn't), and add more references. |
1.1_1 08 Nov 2006 19:32:32
 |
remko  |
Add cvs+ipv6 to the cvsbug to the vulnerability.
PR: ports/104638
Submitted by: KIMURA Yasuhiro <yasu at utahime dot org> |
1.1_1 08 Nov 2006 17:13:44
 |
stas  |
- Document recent vulerabilties in the imlib2. |
1.1_1 04 Nov 2006 21:09:18
 |
stas  |
- Document recent vulnerability in the ruby CGI library.
Reviewed by: simon |
1.1_1 03 Nov 2006 05:27:02
 |
dinoex  |
- pgp < 3.0 and pgpin does not support OpenPGP format
no user given symetric key encryption
Submitted by: dinoex |
1.1_1 02 Nov 2006 06:33:01
 |
simon  |
The latest couple of firefox vulnerabilities should be fixed in the
2.0 release, so mark 2.0 as fixed.
Prodded by: ahze |
1.1_1 01 Nov 2006 13:15:16
 |
lev  |
ru-apache and ru-apacvhe+mod_ssl were fixed. |
1.1_1 30 Oct 2006 07:34:06
 |
vd  |
Add a <modified> tag with the current date to reflect my previous change.
I knew I should ask someone before committing, however trivial was the change.
Spotted by: remko
Approved by: portmgr (implicit) |
1.1_1 30 Oct 2006 07:04:39
 |
vd  |
Fix typo: "Dmitri Lenev reports reports a privilege ..."
Approved by: portmgr (implicit) |
1.1_1 29 Oct 2006 19:07:08
 |
simon  |
Document screen -- combined UTF-8 characters vulnerability.
Approved by: portmgr (secteam blanket) |
1.1_1 29 Oct 2006 13:50:01
 |
simon  |
Document two MySQL privilege escalations.
PR: ports/104890
Submitted by: Henrik Brix Andersen <henrik@brixandersen.dk>
Approved by: portmgr (secteam blanket) |
1.1_1 23 Oct 2006 13:15:31
 |
miwi  |
- Add entry for www/serendipity and www/serendipity-devel
Reviewed by: markus@
Approved by: portmgr (implicit VuXML), secteam (Remko (not reviewed yet)) |
1.1_1 23 Oct 2006 11:15:11
 |
markus  |
Document an integer overflow vulnerability in Qt and kdelibs, based on an
entry by sat
Approved by: portmgr (erwin) |
1.1_1 20 Oct 2006 22:59:39
 |
simon  |
Add reference, which I missed the first time around, from Opera
Software to opera -- URL parsing heap overflow vulnerability entry,
Approved by: portmgr (secteam blanket) |
1.1_1 20 Oct 2006 22:56:04
 |
simon  |
Document opera -- URL parsing heap overflow vulnerability.
Approved by: portmgr (secteam blanket) |
1.1_1 20 Oct 2006 22:45:27
 |
simon  |
Minor correction to last commit; the NVIDIA driver version 1.0.8762
was also affected, so mark it as such.
Approved by: portmgr (secteam blanket) |
1.1_1 20 Oct 2006 22:32:30
 |
simon  |
Update entry for nvidia-driver -- arbitrary root code execution
vulnerability:
- Add new info about vulnerable versions from NVIDIA.
- Add workaround.
- Add more references.
- Remove suggestion to move to "nv" driver now that we have a simpler
workaround.
Approved by: portmgr (secteam blanket)
Parts submitted by: mnag |
1.1_1 20 Oct 2006 08:13:07
 |
remko  |
Document asterisk -- remote heap overwrite vulnerability
Approved by: portmgr (VuXML blanket)
Submitted by: Thomas Sandford
Facilitated by: Snow B.V. |
1.1_1 20 Oct 2006 07:44:02
 |
remko  |
Some style changes to the plone entry.
Previous commit was also reviewed by myself.
Approved by: portmgr (Blanket VuXML)
Facilitated by: Snow B.V. |
1.1_1 19 Oct 2006 22:47:49
 |
miwi  |
- Add a entry for www/plone
Approved by: portmgr (erwin) |
1.1_1 19 Oct 2006 13:48:59
 |
shaun  |
Document:
drupal -- HTML attribute injection
drupal -- cross site request forgeries
drupal -- multiple XSS vulnerabilities
Submitted by: brooks
Reviewed by: remko
Approved by: portmgr (erwin) |
1.1_1 19 Oct 2006 13:19:45
 |
shaun  |
Document "ingo -- local arbitrary shell command execution"
Submitted by: thierry
Reviewed by: remko
Approved by: portmgr (erwin) |
1.1_1 17 Oct 2006 20:45:55
 |
simon  |
Update php -- _ecalloc Integer Overflow Vulnerability entry with
details from Steffan Essers advisory about the implications of this
issue. The advisory was not public when this issue was initially
fixed.
Approved by: portmgr (secteam blanket) |
1.1_1 17 Oct 2006 09:21:00
 |
erwin  |
Mark multimedia/win32-codecs as not-vulnerable after the quicktime codecs
were optional. The quicktime codecs are still vulnerable though, but we
rely on the conditional FORBIDDEN statement in the ports Makefile for this.
Approved by: portmgr (self), secteam (simon) |
1.1_1 16 Oct 2006 21:54:38
 |
simon  |
Document "nvidia-driver -- arbitrary root code execution vulnerability".
Note that I haven't actually had time to make a test system to reproduce
this on FreeBSD, but due to the nature of this issue and that there is a
PoC exploit in the advisory, I'm adding this entry due to "better safe
than sorry"...
Approved by: portmgr (secteam blanket) |
1.1_1 16 Oct 2006 17:44:32
 |
sat  |
- Mark php open_basedir fixed
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket) |
1.1_1 16 Oct 2006 14:32:54
 |
mnag  |
- clamav -- CHM unpacker and PE rebuilding vulnerabilities
Approved by: portmgr (mnag with secteam hat) |
1.1_1 15 Oct 2006 19:43:01
 |
sat  |
- Add some references
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket) |
1.1_1 15 Oct 2006 16:04:57
 |
sat  |
- Document temporary file symlink privilege escalation in tkdiff
- Correct Javier's name spelling in an old advisory
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket) |
1.1_1 15 Oct 2006 11:31:33
 |
sat  |
- Document multiple remote file inclusion vulnerabilities in vtiger
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket) |
1.1_1 14 Oct 2006 12:32:43
 |
sat  |
- Document heap overflow in the KML engine in google-earth
Reviewed by: secteam (simon)
Approved by: portmgr (implicit) |
1.1_1 11 Oct 2006 08:32:05
 |
erwin  |
devel/cscope was fixed in version 15.6 so use lt instead of le.
Submitted by: joerg
Pointyhat to: erwin
Approved by: portmgr (self) |
1.1_1 09 Oct 2006 15:45:02
 |
simon  |
Mark zgv as fixed wrt. "zgv, xzgv -- heap overflow vulnerability". |
1.1_1 08 Oct 2006 16:41:50
 |
sat  |
- Add php-suhosin to edabe438-542f-11db-a5ae-00508d6a62df
as per original advisory
Discussed with: ale |
1.1_1 08 Oct 2006 07:44:16
 |
sat  |
- Fix python package naming in 6afa87d3-764b-11d9-b0e7-0000e249a0a2
Reported by: simon |
1.1_1 08 Oct 2006 07:17:50
 |
simon  |
Update versions affected by python -- buffer overrun in repr() for
unicode strings:
- Python 2.5.c2 was already fixed (verified in upstream SVN).
- Python 2.4 port just got the fix.
- I can't find any trace of python23, python22, and python-devel ever
having existed as package names, so I removed them.
- Add python+ipv6. I don't really know if it contained the
problematic unicode code, but better safe than sorry. |
1.1_1 08 Oct 2006 06:51:43
 |
simon  |
Fix whitespace in openssh -- multiple vulnerabilities entry, which I
originally missed. |
1.1_1 07 Oct 2006 23:01:05
 |
tmclaugh  |
Update vuxml id 5a39a22e-5478-11db-8f1a-000a48049292
- Fixed in version 1.1.13.8.1 |
1.1_1 07 Oct 2006 22:16:41
 |
tmclaugh  |
Remove mono-devel and mono-svn from 5a39a22e-5478-11db-8f1a-000a48049292
- These are packages from BSD#'s (my project) development repo. Don't even
give the impression that FreeBSD is supporting security updates for an
outside project. |
1.1_1 07 Oct 2006 15:22:55
 |
sat  |
- Remove an empty url (a typo) |
1.1_1 07 Oct 2006 09:24:29
 |
sat  |
- Document User-Agent XSS Vulnerability in torrentflux |
1.1_1 07 Oct 2006 09:13:36
 |
sat  |
- Document buffer overrun in repr() for unicode strings in python |
1.1_1 06 Oct 2006 20:57:09
 |
erwin  |
devel/cscope was fixed in version 15.6
Glanced at by: remko |
1.1_1 06 Oct 2006 05:12:29
 |
sat  |
- Document _ecalloc Integer Overflow Vulnerability in php5 |
1.1_1 05 Oct 2006 21:34:26
 |
sat  |
- Update an old mambo advisory and document its new vulnerabilities |
1.1_1 05 Oct 2006 16:46:38
 |
sat  |
- Add linux-curl to a curl advisory and tweak versions a bit |
1.1_1 05 Oct 2006 16:38:29
 |
sat  |
- Add ja-lynx* to a lynx advisory |
1.1_1 05 Oct 2006 16:32:15
 |
sat  |
- chinese/tin was also vulnerable |
1.1_1 05 Oct 2006 16:30:52
 |
sat  |
- Document buffer overflow vulnerabilities in tin |
1.1_1 05 Oct 2006 14:47:59
 |
sat  |
- Use >0 for unpatched vulnerabilities
Submitted by: simon |
1.1_1 05 Oct 2006 14:31:50
 |
sat  |
- Document slapd acl selfwrite Security Issue in openldap |
1.1_1 05 Oct 2006 14:00:57
 |
sat  |
- Document "System.CodeDom.Compiler" Insecure Temporary Creation in mono |
1.1_1 05 Oct 2006 05:24:37
 |
sat  |
- Document open_basedir Race Condition Vulnerability in php |
1.1_1 04 Oct 2006 17:10:46
 |
sat  |
- Document NULL byte injection vulnerability in phpbb |
1.1_1 04 Oct 2006 10:27:16
 |
sat  |
- Add references and use earlier discovery date in
fffa9257-3c17-11db-86ab-00123ffe8333 |
1.1_1 03 Oct 2006 12:14:22
 |
sat  |
- Add CVE names to 19b17ab4-51e0-11db-a5ae-00508d6a62df |
1.1_1 03 Oct 2006 12:10:50
 |
sat  |
- Document admin section SQL injection in postnuke |
1.1_1 02 Oct 2006 12:39:24
 |
sat  |
- Document LWFN Files Buffer Overflow Vulnerability in freetype |
1.1_1 02 Oct 2006 12:21:55
 |
sat  |
- Document Buffer Overflow Vulnerabilities in cscope |
1.1_1 02 Oct 2006 12:05:49
 |
sat  |
- Document RSA Signature Forgery Vulnerability in gnutls |
1.1_1 02 Oct 2006 11:50:49
 |
sat  |
- Document Search Unspecified XSS in MT |
1.1_1 02 Oct 2006 11:38:14
 |
sat  |
- Update dokuwiki advisories |
1.1_1 02 Oct 2006 06:59:06
 |
sat  |
- Document latest XSRF vulnerabilities in phpmyadmin |
1.1_1 01 Oct 2006 07:34:35
 |
sat  |
- Mark gtetrinet 0.7.10 safe |
1.1_1 30 Sep 2006 20:52:36
 |
simon  |
Document openssh -- multiple vulnerabilities AKA
FreeBSD-SA-06:22.openssh. |