| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
14 Nov 2006 16:57:17
  |
delphij  |
The Command Injection Vulnerability was corrected by awstats 6.5_2,1.
Submitted by: Alex Samorukov
PR: ports/105233 |
1.1_1
14 Nov 2006 08:35:08
|
ehaupt |
Add archivers/unzoo Directory Traversal Vulnerability.
Reviewed by: simon |
1.1_1
11 Nov 2006 15:56:04
|
simon |
Add bugzilla -- multiple vulnerabilities entry.
Update earleir bugzilla entry with better topic, add ja-bugzilla as
also potentially vulnerable (thought the version currently in
ja-bugzilla isn't), and add more references. |
1.1_1
08 Nov 2006 19:32:32
|
remko |
Add cvs+ipv6 to the cvsbug to the vulnerability.
PR: ports/104638
Submitted by: KIMURA Yasuhiro <yasu at utahime dot org> |
1.1_1
08 Nov 2006 17:13:44
|
stas |
- Document recent vulerabilties in the imlib2. |
1.1_1
04 Nov 2006 21:09:18
|
stas |
- Document recent vulnerability in the ruby CGI library.
Reviewed by: simon |
1.1_1
03 Nov 2006 05:27:02
|
dinoex |
- pgp < 3.0 and pgpin does not support OpenPGP format
no user given symetric key encryption
Submitted by: dinoex |
1.1_1
02 Nov 2006 06:33:01
|
simon |
The latest couple of firefox vulnerabilities should be fixed in the
2.0 release, so mark 2.0 as fixed.
Prodded by: ahze |
1.1_1
01 Nov 2006 13:15:16
|
lev |
ru-apache and ru-apacvhe+mod_ssl were fixed. |
1.1_1
30 Oct 2006 07:34:06
|
vd |
Add a <modified> tag with the current date to reflect my previous change.
I knew I should ask someone before committing, however trivial was the change.
Spotted by: remko
Approved by: portmgr (implicit) |
1.1_1
30 Oct 2006 07:04:39
|
vd |
Fix typo: "Dmitri Lenev reports reports a privilege ..."
Approved by: portmgr (implicit) |
1.1_1
29 Oct 2006 19:07:08
|
simon |
Document screen -- combined UTF-8 characters vulnerability.
Approved by: portmgr (secteam blanket) |
1.1_1
29 Oct 2006 13:50:01
|
simon |
Document two MySQL privilege escalations.
PR: ports/104890
Submitted by: Henrik Brix Andersen <henrik@brixandersen.dk>
Approved by: portmgr (secteam blanket) |
1.1_1
23 Oct 2006 13:15:31
|
miwi |
- Add entry for www/serendipity and www/serendipity-devel
Reviewed by: markus@
Approved by: portmgr (implicit VuXML), secteam (Remko (not reviewed yet)) |
1.1_1
23 Oct 2006 11:15:11
|
markus |
Document an integer overflow vulnerability in Qt and kdelibs, based on an
entry by sat
Approved by: portmgr (erwin) |
1.1_1
20 Oct 2006 22:59:39
|
simon |
Add reference, which I missed the first time around, from Opera
Software to opera -- URL parsing heap overflow vulnerability entry,
Approved by: portmgr (secteam blanket) |
1.1_1
20 Oct 2006 22:56:04
|
simon |
Document opera -- URL parsing heap overflow vulnerability.
Approved by: portmgr (secteam blanket) |
1.1_1
20 Oct 2006 22:45:27
|
simon |
Minor correction to last commit; the NVIDIA driver version 1.0.8762
was also affected, so mark it as such.
Approved by: portmgr (secteam blanket) |
1.1_1
20 Oct 2006 22:32:30
|
simon |
Update entry for nvidia-driver -- arbitrary root code execution
vulnerability:
- Add new info about vulnerable versions from NVIDIA.
- Add workaround.
- Add more references.
- Remove suggestion to move to "nv" driver now that we have a simpler
workaround.
Approved by: portmgr (secteam blanket)
Parts submitted by: mnag |
1.1_1
20 Oct 2006 08:13:07
|
remko |
Document asterisk -- remote heap overwrite vulnerability
Approved by: portmgr (VuXML blanket)
Submitted by: Thomas Sandford
Facilitated by: Snow B.V. |
1.1_1
20 Oct 2006 07:44:02
|
remko |
Some style changes to the plone entry.
Previous commit was also reviewed by myself.
Approved by: portmgr (Blanket VuXML)
Facilitated by: Snow B.V. |
1.1_1
19 Oct 2006 22:47:49
|
miwi |
- Add a entry for www/plone
Approved by: portmgr (erwin) |
1.1_1
19 Oct 2006 13:48:59
|
shaun |
Document:
drupal -- HTML attribute injection
drupal -- cross site request forgeries
drupal -- multiple XSS vulnerabilities
Submitted by: brooks
Reviewed by: remko
Approved by: portmgr (erwin) |
1.1_1
19 Oct 2006 13:19:45
|
shaun |
Document "ingo -- local arbitrary shell command execution"
Submitted by: thierry
Reviewed by: remko
Approved by: portmgr (erwin) |
1.1_1
17 Oct 2006 20:45:55
|
simon |
Update php -- _ecalloc Integer Overflow Vulnerability entry with
details from Steffan Essers advisory about the implications of this
issue. The advisory was not public when this issue was initially
fixed.
Approved by: portmgr (secteam blanket) |
1.1_1
17 Oct 2006 09:21:00
|
erwin |
Mark multimedia/win32-codecs as not-vulnerable after the quicktime codecs
were optional. The quicktime codecs are still vulnerable though, but we
rely on the conditional FORBIDDEN statement in the ports Makefile for this.
Approved by: portmgr (self), secteam (simon) |
1.1_1
16 Oct 2006 21:54:38
|
simon |
Document "nvidia-driver -- arbitrary root code execution vulnerability".
Note that I haven't actually had time to make a test system to reproduce
this on FreeBSD, but due to the nature of this issue and that there is a
PoC exploit in the advisory, I'm adding this entry due to "better safe
than sorry"...
Approved by: portmgr (secteam blanket) |
1.1_1
16 Oct 2006 17:44:32
|
sat |
- Mark php open_basedir fixed
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket) |
1.1_1
16 Oct 2006 14:32:54
|
mnag |
- clamav -- CHM unpacker and PE rebuilding vulnerabilities
Approved by: portmgr (mnag with secteam hat) |
1.1_1
15 Oct 2006 19:43:01
|
sat |
- Add some references
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket) |
1.1_1
15 Oct 2006 16:04:57
|
sat |
- Document temporary file symlink privilege escalation in tkdiff
- Correct Javier's name spelling in an old advisory
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket) |
1.1_1
15 Oct 2006 11:31:33
|
sat |
- Document multiple remote file inclusion vulnerabilities in vtiger
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket) |
1.1_1
14 Oct 2006 12:32:43
|
sat |
- Document heap overflow in the KML engine in google-earth
Reviewed by: secteam (simon)
Approved by: portmgr (implicit) |
1.1_1
11 Oct 2006 08:32:05
|
erwin |
devel/cscope was fixed in version 15.6 so use lt instead of le.
Submitted by: joerg
Pointyhat to: erwin
Approved by: portmgr (self) |
1.1_1
09 Oct 2006 15:45:02
|
simon |
Mark zgv as fixed wrt. "zgv, xzgv -- heap overflow vulnerability". |
1.1_1
08 Oct 2006 16:41:50
|
sat |
- Add php-suhosin to edabe438-542f-11db-a5ae-00508d6a62df
as per original advisory
Discussed with: ale |
1.1_1
08 Oct 2006 07:44:16
|
sat |
- Fix python package naming in 6afa87d3-764b-11d9-b0e7-0000e249a0a2
Reported by: simon |
1.1_1
08 Oct 2006 07:17:50
|
simon |
Update versions affected by python -- buffer overrun in repr() for
unicode strings:
- Python 2.5.c2 was already fixed (verified in upstream SVN).
- Python 2.4 port just got the fix.
- I can't find any trace of python23, python22, and python-devel ever
having existed as package names, so I removed them.
- Add python+ipv6. I don't really know if it contained the
problematic unicode code, but better safe than sorry. |
1.1_1
08 Oct 2006 06:51:43
|
simon |
Fix whitespace in openssh -- multiple vulnerabilities entry, which I
originally missed. |
1.1_1
07 Oct 2006 23:01:05
|
tmclaugh |
Update vuxml id 5a39a22e-5478-11db-8f1a-000a48049292
- Fixed in version 1.1.13.8.1 |
1.1_1
07 Oct 2006 22:16:41
|
tmclaugh |
Remove mono-devel and mono-svn from 5a39a22e-5478-11db-8f1a-000a48049292
- These are packages from BSD#'s (my project) development repo. Don't even
give the impression that FreeBSD is supporting security updates for an
outside project. |
1.1_1
07 Oct 2006 15:22:55
|
sat |
- Remove an empty url (a typo) |
1.1_1
07 Oct 2006 09:24:29
|
sat |
- Document User-Agent XSS Vulnerability in torrentflux |
1.1_1
07 Oct 2006 09:13:36
|
sat |
- Document buffer overrun in repr() for unicode strings in python |
1.1_1
06 Oct 2006 20:57:09
|
erwin |
devel/cscope was fixed in version 15.6
Glanced at by: remko |
1.1_1
06 Oct 2006 05:12:29
|
sat |
- Document _ecalloc Integer Overflow Vulnerability in php5 |
1.1_1
05 Oct 2006 21:34:26
|
sat |
- Update an old mambo advisory and document its new vulnerabilities |
1.1_1
05 Oct 2006 16:46:38
|
sat |
- Add linux-curl to a curl advisory and tweak versions a bit |
1.1_1
05 Oct 2006 16:38:29
|
sat |
- Add ja-lynx* to a lynx advisory |
1.1_1
05 Oct 2006 16:32:15
|
sat |
- chinese/tin was also vulnerable |
1.1_1
05 Oct 2006 16:30:52
|
sat |
- Document buffer overflow vulnerabilities in tin |
1.1_1
05 Oct 2006 14:47:59
|
sat |
- Use >0 for unpatched vulnerabilities
Submitted by: simon |
1.1_1
05 Oct 2006 14:31:50
|
sat |
- Document slapd acl selfwrite Security Issue in openldap |
1.1_1
05 Oct 2006 14:00:57
|
sat |
- Document "System.CodeDom.Compiler" Insecure Temporary Creation in mono |
1.1_1
05 Oct 2006 05:24:37
|
sat |
- Document open_basedir Race Condition Vulnerability in php |
1.1_1
04 Oct 2006 17:10:46
|
sat |
- Document NULL byte injection vulnerability in phpbb |
1.1_1
04 Oct 2006 10:27:16
|
sat |
- Add references and use earlier discovery date in
fffa9257-3c17-11db-86ab-00123ffe8333 |
1.1_1
03 Oct 2006 12:14:22
|
sat |
- Add CVE names to 19b17ab4-51e0-11db-a5ae-00508d6a62df |
1.1_1
03 Oct 2006 12:10:50
|
sat |
- Document admin section SQL injection in postnuke |
1.1_1
02 Oct 2006 12:39:24
|
sat |
- Document LWFN Files Buffer Overflow Vulnerability in freetype |
1.1_1
02 Oct 2006 12:21:55
|
sat |
- Document Buffer Overflow Vulnerabilities in cscope |
1.1_1
02 Oct 2006 12:05:49
|
sat |
- Document RSA Signature Forgery Vulnerability in gnutls |
1.1_1
02 Oct 2006 11:50:49
|
sat |
- Document Search Unspecified XSS in MT |
1.1_1
02 Oct 2006 11:38:14
|
sat |
- Update dokuwiki advisories |
1.1_1
02 Oct 2006 06:59:06
|
sat |
- Document latest XSRF vulnerabilities in phpmyadmin |
1.1_1
01 Oct 2006 07:34:35
|
sat |
- Mark gtetrinet 0.7.10 safe |
1.1_1
30 Sep 2006 20:52:36
|
simon |
Document openssh -- multiple vulnerabilities AKA
FreeBSD-SA-06:22.openssh. |
1.1_1
30 Sep 2006 10:25:32
|
sat |
- Document multiple vulnerabilities in dokuwiki |
1.1_1
30 Sep 2006 09:36:44
|
sat |
- Document multiple vulnerabilities in tikiwiki |
1.1_1
30 Sep 2006 09:10:14
|
sat |
- Document NULL byte injection vulnerability in punbb |
1.1_1
26 Sep 2006 18:43:41
|
sat |
- Concisify a Secunia report
- Use <gt>0 for an unpatched bug
Suggested by: simon |
1.1_1
26 Sep 2006 06:29:20
|
sat |
- Document (another) Denial of Service Vulnerability in freeciv |
1.1_1
26 Sep 2006 06:12:16
|
sat |
- Document Packet Parsing Denial of Service Vulnerability in freeciv |
1.1_1
26 Sep 2006 05:47:04
|
sat |
- Document multiple vulnerabilities in plans |
1.1_1
26 Sep 2006 05:27:16
|
sat |
- Update the unace advisory |
1.1_1
25 Sep 2006 19:38:39
|
sat |
- Document multiple XSS security bugs in eyeOS |
1.1_1
22 Sep 2006 13:05:33
|
sat |
- Document restructuredText "csv_table" Information Disclosure in zope |
1.1_1
22 Sep 2006 12:23:28
|
sat |
- Document stack-based buffer overflow in libmms |
1.1_1
22 Sep 2006 07:08:56
|
sat |
- Document Opera SSL RSA Signature Forgery |
1.1_1
22 Sep 2006 05:59:58
|
simon |
Bump modified data which was missed in last commit. |
1.1_1
21 Sep 2006 17:07:15
|
sat |
- Mark latest linux-{firefox,seamonkey}-devel safe |
1.1_1
15 Sep 2006 10:18:04
|
simon |
Document mozilla -- multiple vulnerabilities. |
1.1_1
14 Sep 2006 14:26:44
|
remko |
In the PHP entry, replace mod-php with mod_php [1].
Rewrite the win32-codecs entry to even better explain the vulnerability [2].
Noticed by: Dan Langille (with FreshPorts.org) [1]
Discussed with: simon [2] |
1.1_1
14 Sep 2006 11:31:27
|
remko |
Try to explain a bit better that users who have the Quicktime plugin
as a browser plugin can be directly affected by the remote code
execution.
Also mention that I changed the entry date in the previous entry
(PHP) which I had forgotten to do yesterday and did not mention
in the previous commit. |
1.1_1
14 Sep 2006 11:03:34
|
remko |
Document win32-codecs -- multiple vulnerabilities |
1.1_1
13 Sep 2006 22:07:28
|
remko |
Attempt two:
Document php -- multiple vulnerabilities |
1.1_1
13 Sep 2006 22:01:57
|
remko |
OK, I do not know WHAT went wrong but it went wrong, revert to the old
situation and i will re-adopt the PHP entry. |
1.1_1
13 Sep 2006 21:53:27
|
remko |
Document php -- multiple vulnerabilities |
1.1_1
13 Sep 2006 18:39:38
|
novel |
Cancel latest gnutls entry (GNUTLS-SA-2006-3) - it is a false alarm:
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001208.html |
1.1_1
13 Sep 2006 18:03:26
|
brooks |
Upgrade drupal-pubcookie to the latest version fixing a security hole
allowing anyone to bypass the authenication system and become an
arbitrary drupal user.
Security: vid:c0fd7890-4346-11db-89cc-000ae42e9b93 |
1.1_1
13 Sep 2006 15:17:36
|
novel |
Style neats for the latest gnutls entry.
Reviewed by: remko |
1.1_1
12 Sep 2006 20:48:18
|
remko |
correct the tomcat entry (change the ,5 to _5 since we talk about PORTREVISION
instead of PORTEPOCH) [1]
correct the jdk -- jar directory traversal vulnerability entry, the
FreeBSD Foundation uses different package names [2], [3].
For both entries the modification date was bumped.
Reported by: Gabor Kovesdan (on #bsdports) [1]
David Robillard <david dot robillard at gmail dot com>
[2]
Tim Zingelman <zingelman at fnal dot gov> |
1.1_1
12 Sep 2006 20:31:47
|
simon |
Document linux-flashplugin7 -- arbitrary code execution vulnerabilities. |
1.1_1
11 Sep 2006 13:02:11
|
lawrance |
Mark jakarta-tomcat5 as fixed since 5.0.30,5 regarding minor XSS issue. |
1.1_1
10 Sep 2006 17:50:17
|
novel |
Add an info about GNUTLS-SA-2006-3. |
1.1_1
04 Sep 2006 14:59:30
|
mnag |
- mailman -- Multiple Vulnerabilities |
1.1_1
03 Sep 2006 14:24:45
|
garga |
Bump modification date for last jabber entry change
Noted by: remko |
1.1_1
03 Sep 2006 12:51:30
|
garga |
Fix jabber entry |
1.1_1
02 Sep 2006 19:47:15
|
remko |
Document hlstats -- multiple cross site scripting vulnerabilities. |
1.1_1
02 Sep 2006 19:27:03
|
remko |
Document gtetrinet -- remote code execution |
As an Amazon Associate I earn from qualifying purchases.
