| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
09 Nov 2007 07:51:43
  |
delphij  |
Document cups-base remote buffer overflow vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
07 Nov 2007 22:03:26
|
delphij |
Make perl entry to cover perl-threaded as well.
Reported by: Andy Greenwood <greenwood.andy gmail com>
Approved by: portmgr (ports-security blanket) |
1.1_1
06 Nov 2007 22:19:50
|
miwi |
- Document perl -- regular expressions unicode data buffer overflow
Reviewed by: simon/tobez
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
06 Nov 2007 18:28:58
|
delphij |
Document pcre arbitrary code execution vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
06 Nov 2007 11:03:36
|
beech |
- perdition entry - correct range
Approved by: portmgr (pav) linimon (mentor) |
1.1_1
06 Nov 2007 09:58:50
|
beech |
- Add entry for mail/perdition
PR: ports/117796
Approved by: portmgr (pav), linimon (mentor) |
1.1_1
05 Nov 2007 21:12:08
|
miwi |
- gftp -- multiple vulnerabilities
Reviewed by: simom
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
05 Nov 2007 11:46:14
|
miwi |
- Update dirproxy -- remote denial of service
* Add net/dirproxy with the same affect
* Update net/dirproxy-devel as safe
Reviewed by: simon
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
04 Nov 2007 13:43:35
|
miwi |
- dirproxy -- remote denial of service
Reviewed by: remko
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
01 Nov 2007 15:16:38
|
miwi |
- Fix discovery date on my previous commit
Approved by: portmgr (ports-security blanket) |
1.1_1
01 Nov 2007 12:46:52
|
miwi |
- document wordpress -- cross-site scripting
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
01 Nov 2007 00:58:11
|
delphij |
Extend coverage to OpenLDAP 2.4.x series which is affected according
to CVS history.
Approved by: portmgr (ports-security blanket) |
1.1_1
31 Oct 2007 21:48:27
|
delphij |
Document openldap multiple vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
31 Oct 2007 17:21:15
|
simon |
Bump modified date for entry updated in last commit.
Approved by: portmgr (secteam blanket) |
1.1_1
31 Oct 2007 16:38:08
|
girgen |
Update vuxml to reflect that mod_jk and mod_jk-ap2 have
different portepochs.
Approved by: portmgr (pav) |
1.1_1
31 Oct 2007 12:44:04
|
miwi |
- Update mozilla -- code execution via Quicktime media-link files
PR: 117704
Submitted by: John Hein <jhein@timing.com>
Reviewed by: simon
Approved by: portmgr (blanket) secteam (blanket via simon) |
1.1_1
28 Oct 2007 22:22:45
|
delphij |
Document django DoS issue. |
1.1_1
26 Oct 2007 20:41:39
|
miwi |
- Fix day entry for 498a8731-7cfc-11dc-96e6-0012f06707f0
Reviewed by: simon |
1.1_1
25 Oct 2007 18:34:32
|
miwi |
- Document opera -- multiple vulnerabilities
Reviewed by: remko |
1.1_1
25 Oct 2007 08:47:23
|
miwi |
- Document drupal --- multiple vulnerabilities
Reviewed by: simon |
1.1_1
23 Oct 2007 11:12:42
|
miwi |
- Document ldapscripts -- Command Line User Credentials Disclosure
PR: 117152
Submitted by: Ganael Laplanche <ganael.laplanche at martymac.com>
(maintainer/author)
rafan@
Reviewed by: simon@ |
1.1_1
22 Oct 2007 18:51:33
|
delphij |
Modify firefox entry to cover linux-* variants. |
1.1_1
22 Oct 2007 01:37:32
|
delphij |
Document firefox JavaScript Entrapment vulnerabilities. |
1.1_1
20 Oct 2007 20:48:33
|
miwi |
- Fix year entry in 498a8731-7cfc-11dc-96e6-0012f06707f0
Submitted by: freshports
Thanks to: Dan Langille |
1.1_1
19 Oct 2007 14:23:36
|
mnag |
- Add new line between entries. |
1.1_1
17 Oct 2007 22:15:35
|
stas |
- Add entry about recent phpMyAdmin XSS server_status.php vulnerability
- Fix URL in my previous entry while I'm here. |
1.1_1
16 Oct 2007 18:29:34
|
stas |
- Fix package name in 51b51d4a-7c0f-11dc-9e47-0011d861d5e2 and
229577a8-0936-11db-bf72-00046151137e entries (phpmyadmin->phpMyAdmin). |
1.1_1
16 Oct 2007 18:13:04
|
stas |
- Add entry about phpMyAdmin XSS vulnerability. |
1.1_1
13 Oct 2007 09:45:27
|
miwi |
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
Reviewed by: simon |
1.1_1
11 Oct 2007 17:28:01
|
miwi |
Document png -- multiple vulnerabilities
Reviewed by: simon |
1.1_1
10 Oct 2007 12:47:22
|
remko |
Document ImageMagick - Multiple vulnerabilities
Submitted by: Nick Barkas |
1.1_1
10 Oct 2007 12:35:43
|
remko |
Correct mediawiki package names.
Spotted by: Nick Barkas |
1.1_1
09 Oct 2007 07:18:11
|
miwi |
- Dokument jdk/jre -- Applet Caching May Allow Network Access Restrictions to be
Circumvented
Reviewed by: remko |
1.1_1
08 Oct 2007 12:05:08
|
flz |
Document xfs -- multiple vulnerabilities. |
1.1_1
05 Oct 2007 09:35:50
|
miwi |
- Document tcl/tk -- buffer overflow in ReadImage function
PR: 116881
Submitted by: Nick Barkas <snb@threerings.net>
Reviewed by: simon |
1.1_1
04 Oct 2007 22:56:29
|
delphij |
Document firebird multiple remote buffer overflow vulnerabilities |
1.1_1
02 Oct 2007 18:27:37
|
remko |
Update the bugzilla and mediawiki entries to properly match their corrected
versions.
Prodded by: Nick Barkas (and a few others) |
1.1_1
02 Oct 2007 02:04:41
|
delphij |
Update to reflect the fixed version of id3lib. |
1.1_1
01 Oct 2007 21:04:45
|
delphij |
Document id3lib insecure temporary file creation vulnerability |
1.1_1
23 Sep 2007 09:09:33
|
miwi |
- modify mediawiki entry (add missing mediawiki18)
Reviewed by: remko |
1.1_1
23 Sep 2007 01:37:07
|
delphij |
Some PHP 5.x vulnerabilities is also found in PHP 4.x series,
unfortunately it seems that there is no newer PHP release to
fix these issue for 4.x series, so mark it as so.
While I'm there add a new CVE that was not mentioned in
previous revision of entry. |
1.1_1
21 Sep 2007 13:14:30
|
remko |
Document mediawiki -- cross site scripting vulnerability, our port versions
had not been updated yet, 1.8.x is not vulnerable by default unless you are
using the $wgEnableAPI = true; statement, in that case please set it to
$wgEnableAPI = false; (where possible ofcourse, else upgrade to 1.8.5). |
1.1_1
21 Sep 2007 13:02:54
|
remko |
Document wordpress -- remote sql injection vulnerability, our versions are
already up to date for this vulnerability. |
1.1_1
21 Sep 2007 12:41:30
|
remko |
samba -- nss_info plugin privilege escalation vulnerability, the FreeBSD
port had already been fixed for this. |
1.1_1
21 Sep 2007 06:49:49
|
remko |
Document bugzilla -- multiple vulnerabilities
PR: ports/116060
Submitted by: Nick Barkas <snb at threerings dot net>, minor nits from me |
1.1_1
21 Sep 2007 06:35:53
|
delphij |
Document clamav CVE-2007-4510 issue (Remote DoS). |
1.1_1
20 Sep 2007 12:20:27
|
remko |
Document coppermine -- multiple vulnerabilities, the FreeBSD
port is already up to date. |
1.1_1
20 Sep 2007 12:12:54
|
remko |
Document openoffice -- arbitrary command execution vulnerability,
all current versions marked vulnerable, everything as of 2.3 is
believed to be fixed, but we do not have that yet ( I am also not
sure whether the -devel version has the correct fix or not ) so
lets be on the safe side till we know what version will be fixed
in our repro. |
1.1_1
20 Sep 2007 12:04:30
|
remko |
Document bugzilla -- "createmailregexp" security bypass vulnerability,
marking all versions as vulnerable till we know what version is the
one fixed in our CVS repository. |
1.1_1
19 Sep 2007 19:24:45
|
simon |
Spell Ulf Harnhammar (ASCII version of name) using UTF-8 instead of HTML
entities which can't be assumed is available to a paser by default.
This fixes a warning from packaudit. |
1.1_1
19 Sep 2007 17:06:28
|
remko |
Document kdm -- passwordless login vulnerability
Document konquerer -- address bar spoofing
Inspired by: lofi's cvs commits |
1.1_1
19 Sep 2007 16:56:12
|
remko |
Document flyspray -- authentication bypass
Submitted by: Nick Hilliard <nick at foobar dot org> |
1.1_1
19 Sep 2007 16:50:47
|
remko |
Document mozilla -- code execution via Quicktime media-link files,
The Mozilla advisory talks somewhat about Windows for this matter,
but better be safe then sorry (An updated firefox is available already). |
1.1_1
13 Sep 2007 05:50:33
|
delphij |
Update the PHP vulnerability entry:
- Use php5 to cover php 5.x as the port did.
- Add more information about the vulnerability.
Submitted by: Nick Barkas <snb threerings net>
PR: ports/116182 |
1.1_1
11 Sep 2007 19:40:03
|
remko |
Correct a style nit and bump modification date.
Bump modification date for "xpdf -- stack based buffer overflow"
which was forgotten by Jeremy (mezz) :-) |
1.1_1
11 Sep 2007 06:20:55
|
delphij |
Document Apache 2.0.x, 2.2.x series' vulnerabilities as well
as security related improvements in php 5.2.4. |
1.1_1
10 Sep 2007 21:59:15
|
mezz |
There is no code of CVE-2007-3387 vulnerability in evince, therefore remove
it from the database. It only merely depends on poppler and poppler has been
patched (marked as safe in database). |
1.1_1
10 Sep 2007 13:37:24
|
mnag |
- lighttpd -- FastCGI header overrun in mod_fastcgi |
1.1_1
05 Sep 2007 11:26:32
|
remko |
Fix mod_jk's version since PORTEPOCH came into play.
PR: 116115
Reported by: Klavs Klavsen <klavs at EnableIT dot dk> |
1.1_1
05 Sep 2007 08:50:44
|
gabor |
rkhunter -- insecure temporary file creation
Reviewed by: remko |
1.1_1
05 Sep 2007 08:47:00
|
gabor |
lsh -- multiple vulnerabilities
Reviewed by: remko |
1.1_1
02 Sep 2007 12:09:34
|
simon |
Document fetchmail -- denial of service on reject of local
warning message.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
PR: ports/??? (Not received by GNATS yet) |
1.1_1
01 Sep 2007 16:04:24
|
naddy |
Document gtar directory traversal vulnerability.
PR: 115914
Submitted by: Nick Barkas <snb@threerings.net> |
1.1_1
28 Aug 2007 21:03:20
|
miwi |
- Marked sylpheed2 as safe.
Reviewed by: remko |
1.1_1
27 Aug 2007 19:52:30
|
miwi |
- Fix a typo. |
1.1_1
27 Aug 2007 19:44:03
|
miwi |
- Document Sylpheed / Sylpheed-Claws POP3 Format String Vulnerability
Reviewed by: simon |
1.1_1
25 Aug 2007 19:36:42
|
simon |
From latest Opera entry:
- Remove redundant information.
- Bump modified date for recent changes to the entry. |
1.1_1
24 Aug 2007 15:20:17
|
itetcu |
linux-opera and (for the moment defunct) opera-devel are also affected by
df4a7d21-4b17-11dc-9fc2-001372ae3ab9 - Vulnerability in javascript handling so
addd them to the entry.
Submitted by: sat@ |
1.1_1
22 Aug 2007 16:31:46
|
delphij |
Update vuln.xml for rsync 2.6.9_1 which fixed CVE-2007-4091 |
1.1_1
21 Aug 2007 17:20:28
|
delphij |
Document rsync off-by-one stack overflow vulnerability. |
1.1_1
16 Aug 2007 11:53:01
|
miwi |
- Update the wordpress -- unmoderated comments disclosure entry. Is safe with
the 2.2.2 Release.
Approved by: simon |
1.1_1
15 Aug 2007 12:15:39
|
itetcu |
Add info about www/opera's JavaScript vulnerability
PR: ports/115543
Submitted by: Arjan van Leeuwen (maintainer)
Reviewed by: simon@ |
1.1_1
10 Aug 2007 07:31:11
|
remko |
Fix the flac entry by specificing the correct fixed version.
Bump modification date to reflect the above change.
Submitted by: Stefan Ehmann |
1.1_1
02 Aug 2007 19:52:51
|
miwi |
- Document fsplib -- multiple vulnerabilities
Reviewed by: remko |
1.1_1
02 Aug 2007 18:50:07
|
miwi |
Document joomla -- multiple vulnerabilities
Approved by: simon/remko |
1.1_1
02 Aug 2007 11:09:13
|
remko |
Use the superseded attribute in the cancelled tcpdump entry.
Requested by: simon |
1.1_1
02 Aug 2007 07:22:25
|
remko |
Document FreeBSD -- Buffer overflow in tcpdump(1).
See: FreeBSD-SA-07:06.tcpdump
This commit also takes over the older tcpdump entry that was specific
to ports, I merged that into this entry and I retired the old one. |
1.1_1
02 Aug 2007 06:18:19
|
remko |
Bump modification date for: SA-07:04.file
Which I just touched. |
1.1_1
02 Aug 2007 06:17:31
|
remko |
Correct the fixed version for the jail advisory which was revised yesterday.
Also correct the <freebsdsa>FreeBSD-SA* tags which should not have FreeBSD
in between. |
1.1_1
02 Aug 2007 06:15:15
|
remko |
Document FreeBSD -- Predictable query ids in named(8)
See: FreeBSD-SA-07:07.bind |
1.1_1
01 Aug 2007 17:51:26
|
miwi |
- Marked phpSysInfo as safe
Reviewed by: remko |
1.1_1
01 Aug 2007 00:47:02
|
shaun |
Update phpSysInfo entry: the current version (2.5.3) is affected. |
1.1_1
31 Jul 2007 22:21:22
|
miwi |
Update mozilla entry
- Marked seamonkey as safe
Submitted by: John E. Hein <jhein@timing.com>
Reviewed by: simon |
1.1_1
31 Jul 2007 14:43:22
|
miwi |
Update the xpdf entry
- Marked poppler as save |
1.1_1
31 Jul 2007 13:33:33
|
miwi |
Update xpdf entry
- Marked cups-base as safe
- Add poppler as affected port
Reviewed by: simon |
1.1_1
31 Jul 2007 11:31:29
|
miwi |
- Fix tcpdump entry |
1.1_1
31 Jul 2007 11:30:03
|
miwi |
Document xpdf -- stack based buffer overflow
Reviewed by: simon/remko |
1.1_1
31 Jul 2007 09:49:45
|
miwi |
- Fix a typo
Submitted by: shaun |
1.1_1
31 Jul 2007 07:50:55
|
miwi |
- Document tcpdump -- remote integer underflow vulnerability
Reviewed by: remko |
1.1_1
29 Jul 2007 18:28:31
|
miwi |
- Document mutt -- buffer overflow vulnerability
Reviewed by: remko |
1.1_1
29 Jul 2007 11:29:45
|
miwi |
- Document p5-Net-DNS -- multiple Vulnerabilities
Reviewed by: remko |
1.1_1
28 Jul 2007 21:52:31
|
miwi |
- Document phpsysinfo -- url Cross-Site Scripting |
1.1_1
28 Jul 2007 15:28:15
|
miwi |
- Document drupal -- Cross site request forgeries
- Document drupal -- Multiple cross-site scripting vulnerabilities
Submitted by: nick@foobar.org
Reviewed by: simon |
1.1_1
27 Jul 2007 18:04:49
|
miwi |
- Document vim -- Command Format String Vulnerability
Approved by: simon |
1.1_1
26 Jul 2007 22:06:21
|
miwi |
- Document libvorbis - Multiple memory corruption flaws
Submitted by: lx@
Reviewed by: simon |
1.1_1
24 Jul 2007 14:31:49
|
delphij |
Document XSS vulnerabilities in several tomcat versions;
update affected tomcat versions for CVE-2005-2090. |
1.1_1
24 Jul 2007 14:17:07
|
delphij |
The previous vuxml entry applies to jakarta-tomcat 4.0.x as well, so mark
it as affected as well. Since there is no newer release I have used 4.1.0
as the "fixed" version. |
1.1_1
24 Jul 2007 13:54:49
|
delphij |
Document multiple vulnerabilities found in www/tomcat41 |
1.1_1
24 Jul 2007 08:00:33
|
delphij |
Document dokuwiki spellchecker XSS vulnerabilities |
1.1_1
21 Jul 2007 15:09:40
|
simon |
Fix last commit: the name tag was empty.
Reported by: FreshPorts via Dan Langille
Pointyhat to: delphij |
As an Amazon Associate I earn from qualifying purchases.
