| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
19 Jul 2007 21:47:04
  |
simon  |
- Document opera -- multiple vulnerabilities.
- Correct and sort a few links in the latest mozilla entry. |
1.1_1
19 Jul 2007 21:23:59
|
simon |
Document mozilla -- multiple vulnerabilities. |
1.1_1
18 Jul 2007 06:43:05
|
delphij |
Document linuxflashplugin critical vulnerabilities.
Reported by: jamie at bishopston net |
1.1_1
09 Jul 2007 14:03:19
|
miwi |
- Fix the versions number of typespeed from 4.1.0 to 0.4.1
PR: 114441
Submitted by: Tor Halvard Furulund <squat@squat.no> |
1.1_1
07 Jul 2007 08:27:53
|
sat |
- Fix the latest wireshark entries by correcting a typo and adding
more package names |
1.1_1
06 Jul 2007 10:34:25
|
miwi |
- Document wireshark - Multiple problems
Reviewed by: simon@ |
1.1_1
03 Jul 2007 19:50:57
|
gabor |
- Document typespeed arbitrary code execution
Reviewed by: remko |
1.1_1
29 Jun 2007 22:18:24
|
miwi |
- Fix a typo vcl -> vlc
Noticed by: lx@ |
1.1_1
29 Jun 2007 09:42:05
|
miwi |
- Document vlc - format string vulnerability and integer overflow |
1.1_1
29 Jun 2007 09:24:06
|
miwi |
- Document flac123 - stack overflow in comment parsing
Reviewed by: simon@ |
1.1_1
29 Jun 2007 06:06:58
|
remko |
Document gd -- multiple vulnerabilities
PR: ports/114115
Submitted by: Nick Barkas <snb at threerings dot net> (minor modifications by
me). |
1.1_1
28 Jun 2007 07:38:03
|
delphij |
Document that CVE-2007-3257 was fixed with evolution-data-server
1.10.2_1. |
1.1_1
27 Jun 2007 20:52:24
|
sat |
- Fix modified date in mod_perl entry |
1.1_1
27 Jun 2007 20:44:12
|
erwin |
Mark www/mod_perl2 fixed in version 2.0.3_2,3 |
1.1_1
25 Jun 2007 10:57:52
|
delphij |
Document evolution-data-server remote arbitrary code execution
vulnerability.
Fix at: Evolution SVN changeset 7817 (#447414) |
1.1_1
24 Jun 2007 11:34:13
|
erwin |
The XMLRPC SQL Injection issue with wordpress was addressed in the
latest release. |
1.1_1
21 Jun 2007 17:28:38
|
gabor |
Document xpcd buffer overflow vulnerability.
Revieved by: remko |
1.1_1
19 Jun 2007 19:47:51
|
remko |
Document clamav -- multiple vulnerabilities. |
1.1_1
18 Jun 2007 07:56:53
|
delphij |
Document SpamAssassin vulnerability CVE-2007-2873, a local
DoS issue. |
1.1_1
12 Jun 2007 18:27:39
|
miwi |
- Document cups -- Incomplete SSL Negotiation Denial of Service.
Reviewed by: simon@ |
1.1_1
09 Jun 2007 19:47:04
|
miwi |
- Fix other duplicate entry.
Reviewed by: simon |
1.1_1
09 Jun 2007 17:46:22
|
miwi |
- Document c-ares -- DNS Cache Poisoning Vulnerability
Reviewed by: simon@ |
1.1_1
09 Jun 2007 17:44:05
|
miwi |
- Fix duplicate entry de-wordpress -> zh-wordpress. |
1.1_1
09 Jun 2007 16:13:32
|
gabor |
Add zh-wordpress as affected by the last two wordpress entries. |
1.1_1
09 Jun 2007 15:07:23
|
gabor |
wordpress -- XMLRPC SQL Injection
wordpress -- unmoderated comments disclosure
Reviewed by: simon |
1.1_1
09 Jun 2007 14:07:48
|
miwi |
- Document webmin -- cross site scripting
Reviewed by: simon@ |
1.1_1
07 Jun 2007 18:34:15
|
simon |
- The fixed mplayer version number is 0.99.10_10, mark it as such. [1]
- Add older mplayer package names.
- Break long lines.
Noticed by: Henrik Brix Andersen <henrik@brixandersen.dk> |
1.1_1
07 Jun 2007 08:44:24
|
miwi |
- Fix mplayer portversion. |
1.1_1
07 Jun 2007 08:42:02
|
miwi |
- Document mplayer -- cddb stack overflow.
Reviewed by: simon@ |
1.1_1
06 Jun 2007 09:29:58
|
gabor |
- Note that plone is also affected by 34414a1e-e377-11db-b8ab-000c76189c4c
prior to version 2.5.3
Reviewed by: simon |
1.1_1
05 Jun 2007 16:17:06
|
gabor |
- gzip 1.3.12 has been patched and is not affected by
11a84092-8f9f-11db-ab33-000e0c2e438a any more
Reviewed by: simon |
1.1_1
05 Jun 2007 09:38:17
|
erwin |
Document an information disclosure vulnerability in mod_jk < 1.2.23.
Reviewed by: simon |
1.1_1
04 Jun 2007 20:56:27
|
erwin |
Add an entry for an email header injection vulnerability in
www/typo3 from February.
Reviewed by: remko
Persuaded by: cperciva and simon by setting up the
ports-security team |
1.1_1
04 Jun 2007 12:42:17
|
miwi |
- Document phppgadmin - Cross Site Scripting Vulnerability.
Reviewed by: mnag@
Reported by: dinoex@ |
1.1_1
01 Jun 2007 19:36:13
|
trasz |
- Add entry for findutils -- GNU locate heap buffer overrun.
Revieved by: simon (secteam)
Approved by: miwi (mentor) |
1.1_1
31 May 2007 08:05:11
|
delphij |
Mark file < 4.21 as vulnerable to the heap overflow. |
1.1_1
25 May 2007 00:37:58
|
marcus |
Add an entry for the recent Freetype heap overflow vulnerability.
Submitted by: Nick Barkas <snb@threerings.net> |
1.1_1
23 May 2007 16:29:27
|
remko |
Document FreeBSD-SA-07:04.file (heap overflow in file(1))
Approved by: portmgr (secteam implicit) |
1.1_1
21 May 2007 20:08:22
|
miwi |
- Document squirrelmail -- Cross site scripting in HTML filter
Approved by: portmgr (marcus) |
1.1_1
16 May 2007 21:10:04
|
simon |
Document png -- DoS crash vulnerability. |
1.1_1
16 May 2007 20:22:36
|
simon |
Document samba -- multiple vulnerabilities.
Brought to you from Heathrow Airport and BSDCan 2007 Devsummit. |
1.1_1
10 May 2007 17:34:45
|
simon |
Backout last change.
Blackboard:
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
x1000
Pointy hat to: simon |
1.1_1
10 May 2007 17:31:49
|
simon |
Update PHP entry to include the vulnerable version so the entry is
correct for when PHP is updated in ports (yes it's being worked on),
or for people who upgrade "manually".
With hat: secteam
Requested by: several |
1.1_1
07 May 2007 09:12:42
|
remko |
Document a lot of PHP vulnerabilities, mark all php4 and php5 (+cli,cgi)
ports as vulnerable till the ports had been upgraded. |
1.1_1
07 May 2007 08:49:25
|
remko |
Bump modification date for the latest mod_perl entry, this was forgotten
by erwin, but there were "massive" changes that warrant a date bump. |
1.1_1
02 May 2007 16:56:22
|
remko |
Standarize the latest entry (qemu) a bit more and add a forgotten 'a'
in the p5-Imager text. |
1.1_1
01 May 2007 22:49:39
|
nox |
Document multiple qemu vulnerabilities
Obtained from: debian-security-announce@lists.debian.org mailing list
Security: multiple qemu vulnerabilities |
1.1_1
30 Apr 2007 17:51:54
|
lbr |
Update to 0.57 - fixes possible overflow vulnerability regarding malformed
BMPs, see vuln.xml for details.
Security: VuXML ID: 632c98be-aad2-4af2-849f-41a6862afd6a |
1.1_1
28 Apr 2007 18:34:30
|
remko |
Document FreeBSD -- IPv6 Routing Header 0 is dangerous |
1.1_1
25 Apr 2007 19:05:44
|
erwin |
Rework the mod_perl entry to note that Mandriva originally released
an advisory. Also add mod_perl2 to the vulnerable versions. |
1.1_1
25 Apr 2007 17:11:17
|
erwin |
Minor wordsmithing in the last mod_perl entry.
Submitted by: simon |
1.1_1
25 Apr 2007 17:04:36
|
erwin |
Add entry for mod_perl -- remote DOS in PATH_INFO parsing
PR: 111844
Submitted by: "Philip M. Gollucci" <pgollucci@p6m7g8.com> |
1.1_1
23 Apr 2007 14:12:10
|
tobez |
p5-Crypt-OpenPGP 1.03_1 should not be vulnerable to CVE-2005-0366. |
1.1_1
19 Apr 2007 11:55:37
|
sat |
- Mark latest firefox and seamonkey snapshots as safe |
1.1_1
19 Apr 2007 10:37:24
|
miwi |
- Add entry for claws-mail - APOP vulnerability |
1.1_1
14 Apr 2007 15:11:47
|
mnag |
lighttpd -- DOS when access files with mtime 0
lighttpd -- Remote DOS in CRLF parsing |
1.1_1
13 Apr 2007 15:46:38
|
stas |
- Add freeradius-mysql to the list of affected packages of the recent
freeradius entry.
Submitted by: David Wood <david@wood2.org.uk> |
1.1_1
13 Apr 2007 11:50:42
|
flz |
Mark Google Earth >= 4.0.2414 as safe. |
1.1_1
13 Apr 2007 08:19:59
|
stas |
- Document recent remote dos vulnerability in freeradius. |
1.1_1
10 Apr 2007 21:10:43
|
simon |
Add an extra reference to the old "gnupg -- OpenPGP symmetric
encryption vulnerability" entry which explains the problem in a more
easy to read way.
Submitted by: tobez (sort of) |
1.1_1
09 Apr 2007 20:05:51
|
barner |
Document fetchmail's "insecure APOP authentication" issue (fixed in 6.3.8). |
1.1_1
08 Apr 2007 19:58:36
|
remko |
Stylify the latest zope entry:
o Use consistent title description
o Use tabs when 8 spaces are hit
o Sort the references list (the alphabet goes from a to z)
o Bump modification date (note: please check the entry date
so that it matches the correct data of insertion).
Also stylify the latest mcweject entry. |
1.1_1
08 Apr 2007 19:45:58
|
stefan |
Add entry for exploitable buffer overflow in mcweject.
PR: 111365
Submitted by: Jeff Forsythe<tornandfilthy2006@yahoo.com> |
1.1_1
08 Apr 2007 14:36:53
|
stefan |
Add entry for webcalendar "noSet" variable overwrite vulnerability.
PR: 110585
Submitted by: Greg Larkin <glarkin@sourcehosting.net> |
1.1_1
08 Apr 2007 11:16:40
|
stefan |
Add entry for Zope2 cross-site scripting vulnerability.
Inspired by: Yasushi Hayashi<yasi@yasi.to> (in PR 111119) |
1.1_1
31 Mar 2007 16:30:04
|
sem |
Remove f951cf4a-a1fe-11db-98f9-0004aca3703d entry. It's duplicate to
41da2ba4-a24e-11db-bd24-000f3dcc6a5d. |
1.1_1
22 Mar 2007 02:27:18
|
sat |
- Fix versions and dates in latest squid entry
Pointy hat to: miwi |
1.1_1
21 Mar 2007 17:07:34
|
remko |
Standarise the latest Squid entry. |
1.1_1
21 Mar 2007 13:04:08
|
miwi |
- Add entry for squid TRACE method handling denial of service |
1.1_1
16 Mar 2007 16:57:51
|
simon |
Fix range for sql-ledger entry which I missed in my original review. |
1.1_1
16 Mar 2007 11:48:32
|
lth |
Document sql-ledger vulnerability
PR: ports/110350
Submitted by: Antoine Beaupre <anarcat@koumbit.org> |
1.1_1
16 Mar 2007 07:35:42
|
remko |
Document cacti -- remote injection exploit
PR: ports/107838
Submitted by: Dan Langille <dan at langille dot org> |
1.1_1
16 Mar 2007 07:31:36
|
remko |
Correct two tdiary entries:
o correct the affected version numbers
o package name of www/tdiary-devel is "tdiary-devel", not "tdiary"
o add ja-tdiary and ja-tdiary-devel to affected packages
PR: ports/109086
Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org> |
1.1_1
16 Mar 2007 07:28:17
|
remko |
Document two long forgotten Samba vulnerabilities.
PR: ports/109049
Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org> |
1.1_1
14 Mar 2007 23:00:42
|
markus |
ktorrent -- multiple vulnerabilities:
- Add CVE references
- Bump modification date |
1.1_1
12 Mar 2007 08:39:18
|
remko |
Spell out multiple vulnerabilities instead of specifying the exact
amount (we always do that). Also bump the modification date for
this entry and the PHP entry that had been touched |
1.1_1
12 Mar 2007 01:16:28
|
markus |
Fix typo in PHP entry |
1.1_1
12 Mar 2007 01:11:45
|
markus |
Document ktorrent -- two vulnerabilities |
1.1_1
10 Mar 2007 02:19:13
|
kuriyama |
Add ja-trac-*. |
1.1_1
09 Mar 2007 15:52:31
|
miwi |
- fix typo |
1.1_1
09 Mar 2007 15:48:35
|
miwi |
- Add entry for mplayer -- DMO File Parsing Buffer Overflow Vulnerability
Reviewed by: simon (secteam) |
1.1_1
09 Mar 2007 14:34:21
|
miwi |
- Add entry for Trac "download wiki page as text" Cross-Site Scripting
Vulnerability.
Reviewed by: simon@ |
1.1_1
06 Mar 2007 07:18:08
|
simon |
Correct affected versions in "mod_jk -- long URL stack overflow
vulnerability" entry.
Noticed by: Nick Barkas |
1.1_1
05 Mar 2007 23:17:51
|
simon |
Document mod_jk -- long URL stack overflow vulnerability. |
1.1_1
01 Mar 2007 18:34:06
|
simon |
For recent "mozilla -- multiple vulnerabilities" entry:
- Mark Seamonkey 1.1.1 as safe. While mozilla.org does not clearly
state this, it does seem to be the case. [1]
- Add another critical vulnerability which wasn't on the web site when
the vuxml entry was initially added.
Reported by: Volodymyr Kostyrko [1] |
1.1_1
27 Feb 2007 20:10:00
|
remko |
Document bind -- Multiple Denial of Service vulnerabilities
Now all Security Advisories are merged again in VuXML. |
1.1_1
27 Feb 2007 20:00:38
|
remko |
Document FreeBSD -- Jail rc.d script privilege escalation |
1.1_1
27 Feb 2007 19:50:53
|
remko |
Document: gtar -- name mangling symlink vulnerability |
1.1_1
27 Feb 2007 19:46:18
|
remko |
Document FreeBSD -- Kernel memory disclosure in firewire(4). |
1.1_1
26 Feb 2007 21:08:24
|
remko |
Document libarchive -- Infinite loop in corrupt archives handling in
libarchive.
This is also FreeBSD SA-06:24.libarchive, FreeBSD systems are not
affected, only specific STABLE versions which are not released!! |
1.1_1
26 Feb 2007 20:24:46
|
remko |
Document FreeBSD SA 06:23 OpenSSL - Multiple problems in crypto (3). |
1.1_1
25 Feb 2007 21:27:09
|
simon |
- Bump modified date for last update in mozilla entry.
- Bump file copyright year. |
1.1_1
25 Feb 2007 21:16:28
|
ahze |
Extend the latest gecko vulnerabilities to mail/lightning. |
1.1_1
24 Feb 2007 18:50:58
|
simon |
Fix whitespace which I forgot before committing the last update. |
1.1_1
24 Feb 2007 18:30:40
|
simon |
Document mozilla -- multiple vulnerabilities.
Note that Seamonkey 1.1 is marked vulnerable under the "better safe than
sorry" principle, since it's not yet clear if Seamonkey 1.1 is
vulnerable to this batch of vulnerabilities. |
1.1_1
21 Feb 2007 22:17:22
|
simon |
Document snort -- DCE/RPC preprocessor vulnerability. |
1.1_1
17 Feb 2007 13:55:27
|
simon |
Document rar -- password prompt buffer overflow vulnerability.
Reminded by: Nate Eldredge |
1.1_1
17 Feb 2007 12:34:52
|
simon |
Mark 5.2.1_2 as the first safe version for the recent "php -- multiple
vulnerabilities" entry since there was a bug in one of the fixes in
upstream 5.2.1 which port revision 5.2.1_2 fixed. |
1.1_1
17 Feb 2007 11:51:27
|
simon |
Document php -- multiple vulnerabilities. |
1.1_1
17 Jan 2007 22:17:50
|
gabor |
joomla -- multiple remote vulnerabilities
Reviewed by: secteam (remko)
Approved by: erwin (mentor, implicit) |
As an Amazon Associate I earn from qualifying purchases.
