| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
08 Jan 2005 17:39:48
  |
simon  |
Fix typo in latest tiff entry.
Noticed by: bmah |
1.1_1
08 Jan 2005 17:13:09
|
nectar |
Change the behavior of `make newentry' so that it invokes ${EDITOR}
after adding the template, since this is certainly the next required
action. [1]
Fix the error checking: a pipeline was masking some errors, and `set
errexit' was not effective in some other places.
Suggested by: delphij [1] |
1.1_1
08 Jan 2005 15:43:23
|
nectar |
Add a target, `newentry', that will insert a VuXML <vuln> template
(including generated VID) to the top of the `vuln.xml' file. This will
save a little time when adding new entries.
Inspired by: a patch from simon |
1.1_1
08 Jan 2005 00:20:24
|
simon |
- Document that two older tiff vulnerabilities also affects
linux-tiff. [1]
- Add an extra reference to each of the two entries while I'm here
anyway.
- In one of the tiff title elements do s/---/--/ for consistency.
Discussed with: nectar [1]
Approved by: portmgr (implicit, VuXML) |
1.1_1
07 Jan 2005 15:34:42
|
nectar |
The tnftp port has been updated.
Approved by: portmgr (implicit, VuXML) |
1.1_1
07 Jan 2005 13:59:16
|
nectar |
Fix up last commit (tnftp entry):
- Malformed XML
- mismatched tags (<packages></package>)
- invalid entity reference &content-type= (ampersand should have
been replaced with &)
- Replace <range> so that it matches all possible versions for now,
until a fixed version is available in the ports tree
- <entry> date was in the past
Approved by: portmgr (implicit, VuXML)
Pointy hat to: ahze (hint: make validate) |
1.1_1
07 Jan 2005 07:09:45
|
ahze |
Document vulnerabilites in tnftp
PR: ports/75782
Submitted by: Tom McLaughlin
Approved by: portmgr (krion) |
1.1_1
06 Jan 2005 22:41:49
|
simon |
Document several vulnerabilites in tiff.
Approved by: portmgr (implicit, VuXML) |
1.1_1
06 Jan 2005 17:05:22
|
nectar |
Fill in forgotten `cite' attribute value.
Noticed by: simon
Approved by: portmgr (implicit, VuXML) |
1.1_1
06 Jan 2005 16:54:30
|
nectar |
Document a local vulnerability in VIM's modeline handling.
Approved by: portmgr (implicit, VuXML) |
1.1_1
06 Jan 2005 14:46:08
|
nectar |
Add a CERT VU reference for the latest Acrobat Reader vulnerability.
Add old package names (acroread4, acroread5) for an older Acrobat Reader
vulnerability.
Approved by: portmgr (implicit, VuXML) |
1.1_1
06 Jan 2005 00:26:08
|
simon |
Document buffer overflow vulnerabilities in pcal.
Approved by: portmgr (implicit, VuXML) |
1.1_1
05 Jan 2005 20:41:07
|
simon |
Add (now deleted) exim-ldap package to latest exim entry.
Approved by: portmgr (implicit, VuXML) |
1.1_1
05 Jan 2005 02:12:15
|
sem |
s/le/lt/ on my last commit. it's "<", not "<=".
Approved by: portmgr (implicitly) |
1.1_1
05 Jan 2005 02:03:18
|
sem |
exim -- two relatively minor security issues
Approved by: portmgr (implicitly, VuXML) |
1.1_1
04 Jan 2005 20:28:27
|
simon |
For the "kdelibs3 -- konqueror FTP command injection vulnerability"
entry: replace references to Debian and KDE bugtracking systems with a
KDE advisory which basically contains the same information but is more
readable.
Approved by: portmgr (implicit, VuXML) |
1.1_1
03 Jan 2005 21:48:04
|
josef |
Document security issues in golddig, greed, mpg123.
Submitted by: niels
Approved by: portmgr(implicit, VuXML) |
1.1_1
02 Jan 2005 23:54:32
|
simon |
Mark open-motif-2.2.3_1 as fixed with regard to the "xpm -- image
decoding vulnerabilities" entry.
PR: misc/75726
Submitted by: Hilko Meyer <hilko.meyer@gmx.de>
Approved by: portmgr (implicit, VuXML) |
1.1_1
02 Jan 2005 12:37:22
|
simon |
- Note that the port update to up-imapproxy 1.2.2 included a patch to
fix the security vulnerability.
- Mark pop3proxy as vulnerable to the up-imapproxy vulnerability,
since pop3proxy is derived from up-imapproxy.
Reported by: mbr
Approved by: portmgr (implicit, VuXML) |
1.1_1
02 Jan 2005 10:53:19
|
simon |
Document vulnerabilities in up-imapproxy.
Approved by: portmgr (implicit, VuXML) |
1.1_1
02 Jan 2005 00:59:26
|
simon |
Add two bugtraq ids to the latest a2ps entry.
Approved by: portmgr (implicit, VuXML) |
1.1_1
01 Jan 2005 15:55:54
|
simon |
Document FTP command injection vulnerability in kdelibs3.
Approved by: portmgr (implicit, VuXML) |
1.1_1
30 Dec 2004 20:20:46
|
simon |
Improve topic for latest phpbb vulnerability to highlight the main
problem (arbitrary command execution).
Prodded by: remko |
1.1_1
30 Dec 2004 17:55:08
|
simon |
Document insecure temporary file creation in a2ps. |
1.1_1
30 Dec 2004 14:11:23
|
simon |
Add more references to two older entries. |
1.1_1
29 Dec 2004 17:48:40
|
josef |
Add m odified date to my last commit.
Spotted by: simon |
1.1_1
29 Dec 2004 17:34:50
|
josef |
libxine is also affected by the mplayer vulnerabilities.
Add cvenames. |
1.1_1
29 Dec 2004 16:26:04
|
josef |
Document vulnerability in libxine. |
1.1_1
26 Dec 2004 20:51:24
|
josef |
Document vulnerability in jabberd1 |
1.1_1
24 Dec 2004 23:49:27
|
josef |
s/kpdf/kdegraphics |
1.1_1
24 Dec 2004 13:48:48
|
josef |
Add ports to xpdf report that come with own xpdf in distfile.
For kdegraphics:
Reported by: lofi |
1.1_1
23 Dec 2004 11:03:29
|
simon |
Remove duplicate word in the latest squid entry.
Noticed by: josef |
1.1_1
23 Dec 2004 00:58:04
|
simon |
Document potentially confusing results results on empty ACL
declarations in squid.
PR: ports/75403 (part of)
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1
23 Dec 2004 00:39:09
|
simon |
Document multiple vulnerabilities in ethereal. |
1.1_1
23 Dec 2004 00:04:21
|
simon |
Document a buffer overflow vulnerability in xpdf. |
1.1_1
22 Dec 2004 12:17:09
|
delphij |
Document phpBB vulnerability that exists on phpBB < 2.0.11
Submitted by: Kang LIU <liukang bjut edu cn> |
1.1_1
21 Dec 2004 22:37:52
|
simon |
Document a vulnerability in acroread. |
1.1_1
21 Dec 2004 22:10:52
|
simon |
Document a vulnerability in ecartis. |
1.1_1
21 Dec 2004 19:38:19
|
simon |
Document multiple vulnerabilities in mplayer. |
1.1_1
21 Dec 2004 02:09:09
|
simon |
Document a heap buffer overflow vulnerability in MIT Kerberos 5. |
1.1_1
21 Dec 2004 00:34:10
|
simon |
Document an integer overflow vulnerability in samba. |
1.1_1
20 Dec 2004 09:55:16
|
niels |
Corrected typo (blockquote in wrong place).
Approved by: nectar (implicit) |
1.1_1
19 Dec 2004 12:49:20
|
simon |
- Update the corrected version number for recent phpMyAdmin entry to match
the actual ports version number for phpMyAdmin 2.6.1-rc1.
- Bump modification date for the updated entries. |
1.1_1
18 Dec 2004 18:53:27
|
simon |
Updates for the latest PHP entry:
- Correctly match the www/mod_php4 port (it was missing PORTEPOCH).
- Add a few more references.
- Bump modified date. |
1.1_1
17 Dec 2004 14:56:28
|
simon |
Correct recent php entry, 4.3.10 and 5.0.3 are fixed. |
1.1_1
17 Dec 2004 10:56:20
|
sem |
Fix VID for the last commit. |
1.1_1
17 Dec 2004 09:32:44
|
sem |
Multiple vulnerabilities in PHP. From Secunia report. |
1.1_1
16 Dec 2004 10:51:18
|
niels |
Added 5 MySQL vulnerabilities
Approved by: nectar (mentor) |
1.1_1
15 Dec 2004 22:21:35
|
simon |
Document two vulnerabilities in phpMyAdmin. |
1.1_1
14 Dec 2004 17:55:52
|
simon |
Document multiple vulnerabilities in wget. |
1.1_1
12 Dec 2004 22:15:01
|
simon |
- Add bugtraqid references to several entries.
- Fix typo in msgid for a samba entry.
- Bump modification date for updated entries. |
1.1_1
12 Dec 2004 21:14:14
|
josef |
Document security issue in Konqueror. |
1.1_1
11 Dec 2004 16:22:38
|
simon |
Document a NULL pointer dereference vulnerability in mod_access_referer.
Submitted by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1
08 Dec 2004 23:16:53
|
sem |
Integrate the following vendor patches as published on
http://www.squid-cache.org/Versions/v2/2.5/bugs/:
- a malformed hostname can cause squid to return random data as error messages,
possibly leaking internal information from former requests (squid bug #1143).
(This is classified as a minor security issue by the squid developers, so
maintainer cc'ed security-team@. See VuXML entry.)
- the "httpd_accel_port 0" directive does not work on its own (squid bug #1121)
- fix crashes occuring when using cachemgr's "vm_objects" operation (squid
bug #1149)
PR: ports/74859
Submitted by: maintainer |
1.1_1
07 Dec 2004 23:38:32
|
simon |
Document information leakage in viewcvs. |
1.1_1
07 Dec 2004 13:35:43
|
simon |
Document a symlink attack vulnerability in cscope. |
1.1_1
05 Dec 2004 06:53:54
|
glewis |
. Put the topic in the same format all other recent topics have been in for
the Java plugin vulnerability.
. Note that the diablo-jdk and diablo-jre packages are vulnerable to the
plugin issue. [1]
Prodded by: simon [1] |
1.1_1
04 Dec 2004 21:12:13
|
simon |
Add cvename to bnc vulnerability. |
1.1_1
04 Dec 2004 20:47:45
|
simon |
Document a remote code execution vulnerability in bnc. |
1.1_1
04 Dec 2004 18:21:14
|
simon |
Fix grammar nit in ImageMagick entry.
Submitted by: Daniel Seuffert <DS@praxisvermittlung24.de> |
1.1_1
04 Dec 2004 18:09:43
|
simon |
For the Java plugin vulnerability, also match the linux-jdk package
(old name for linux-jdk-sun). |
1.1_1
03 Dec 2004 17:24:38
|
glewis |
. Note that although linux-sun-jdk13 had one plugin vulnerability fixed
in 1.3.1.13, it contained another problem. This is fixed in 1.3.1.14. |
1.1_1
03 Dec 2004 08:22:51
|
rushani |
Document vulnerability that allows arbitrary command execution in rssh
and scponly.
Approved & reviewed by: josef (security team) |
1.1_1
02 Dec 2004 21:04:06
|
naddy |
Document buffer overflows in rockdodger. |
1.1_1
01 Dec 2004 20:08:05
|
simon |
Add CVE to zip vulnerability. |
1.1_1
01 Dec 2004 19:38:39
|
simon |
Document a long path buffer overflow in zip. |
1.1_1
01 Dec 2004 15:30:46
|
simon |
Document signal delivery vulnerability in sudoscript. |
1.1_1
30 Nov 2004 21:54:54
|
josef |
Document vulnerability in net/jabberd. |
1.1_1
29 Nov 2004 21:05:00
|
josef |
Document vulnerability in net/opendchub.
Based on submission by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1
28 Nov 2004 17:03:16
|
simon |
Add Bugtraq ID for SA-04:16.fetch entry. |
1.1_1
26 Nov 2004 20:41:06
|
simon |
Document two vulnerabilities in unarj. |
1.1_1
25 Nov 2004 19:29:27
|
glewis |
. Mark linux-ibm-jdk as also vulnerable to the Java plugin vulnerability. |
1.1_1
25 Nov 2004 18:43:18
|
glewis |
. Fix the range and add an additional range for the jdk vulnerability.
. Note that linux-sun-jdk and linux-blackdown-jdk are also vulnerable. |
1.1_1
25 Nov 2004 17:56:03
|
glewis |
. Fix whitespace. |
1.1_1
25 Nov 2004 16:10:29
|
glewis |
. Add an entry for the problem in the Java plugin. |
1.1_1
25 Nov 2004 15:32:16
|
simon |
Update ruby CGI DoS entry to note that the most recent version in
ports is fixed. Also remove ruby-static as vulnerable, since it does
not contain cgi.rb. |
1.1_1
25 Nov 2004 13:38:59
|
josef |
Document vulnerability in ftp/prozilla.
Submitted by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1
24 Nov 2004 15:46:48
|
ume |
correct fixed version
Pointed out by: josef |
1.1_1
24 Nov 2004 08:04:13
|
ume |
c0a269d5-3d16-11d9-8818-008088034841 and
114d70f3-3d16-11d9-8818-008088034841 are fixed in cyrus-imapd 2.1.17. |
1.1_1
23 Nov 2004 13:52:32
|
simon |
Document that the twiki vulnerability is fixed in twiki-20040902. |
1.1_1
23 Nov 2004 06:29:38
|
ume |
add Cyrus IMAP Server multiple remote vulnerabilities.
Obtained from: http://security.e-matters.de/advisories/152004.html |
1.1_1
20 Nov 2004 22:21:09
|
simon |
Add CVE reference for the SA-04:16.fetch entry. |
1.1_1
20 Nov 2004 00:39:56
|
josef |
Document vulnerability in phpmyadmin. |
1.1_1
18 Nov 2004 19:06:17
|
josef |
Add localized versions of gd port to the VuXML entry. |
1.1_1
18 Nov 2004 15:47:48
|
simon |
Document SA-04:16.fetch. |
1.1_1
17 Nov 2004 19:05:46
|
josef |
Document the buffer overrun vulnerability in samba3
CAN-2004-882 |
1.1_1
17 Nov 2004 17:11:32
|
josef |
Correct range for xpdf vulnerability, as cups-base got a fixing
update. |
1.1_1
16 Nov 2004 23:16:44
|
josef |
The last commit to japanese/samba also fixed the security issue
in samba (CAN-2004-0815)
As discussed with: NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer) |
1.1_1
16 Nov 2004 22:53:06
|
simon |
Add CVE name to twiki entry.
Noticed by: josef |
1.1_1
16 Nov 2004 20:02:09
|
josef |
Add teTeX-base to affected packages in xpdf's vuxml entry. |
1.1_1
15 Nov 2004 10:18:50
|
simon |
Document arbitrary shell command execution in twiki. |
1.1_1
14 Nov 2004 23:05:37
|
simon |
Document a format string vulnerability in proxytunnel. |
1.1_1
13 Nov 2004 09:05:02
|
simon |
Fix entry date for the ruby entry from the last commit. |
1.1_1
13 Nov 2004 08:54:20
|
simon |
- Document at DoS in the Ruby CGI module.
- Document a privilege escalation in sudo. |
1.1_1
12 Nov 2004 15:23:39
|
nectar |
Add CVE name for gnats issue. |
1.1_1
12 Nov 2004 15:01:57
|
nectar |
Note (likely) remotely exploitable vulnerability in samba 3.
Submitted by: Shane Kinney <mod6@freebsdhackers.net> |
1.1_1
12 Nov 2004 11:15:02
|
josef |
Document vulnerability in GNATS. |
1.1_1
11 Nov 2004 23:53:33
|
simon |
Document a XSS in squirrelmail. |
1.1_1
11 Nov 2004 23:01:51
|
josef |
Fix entry date. |
1.1_1
11 Nov 2004 22:46:39
|
josef |
Document BNC vulnerability. |
As an Amazon Associate I earn from qualifying purchases.
