| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
08 Jul 2005 20:04:14
  |
simon  |
Document nwclient -- multiple vulnerabilities (old issues).
PR: ports/82101
Submitted by: niels
Noticed by: Derik van Zuetphen <dz@426.ch> |
1.1_1
06 Jul 2005 22:46:03
|
simon |
Add CAN reference to recent phpbb vulnerability. |
1.1_1
06 Jul 2005 22:25:12
|
simon |
Document acroread -- insecure temporary file creation. |
1.1_1
06 Jul 2005 22:14:55
|
simon |
Document two calmav vulnerabilities. |
1.1_1
06 Jul 2005 21:34:32
|
simon |
- Add FreeBSD-SA-05:16.zlib.
- Fix ranges for recent security advisories, a bunch of <le> really
should have been <lt>. |
1.1_1
06 Jul 2005 20:45:34
|
simon |
Document acroread -- buffer overflow vulnerability. |
1.1_1
05 Jul 2005 21:13:39
|
simon |
Document net-snmp -- remote DoS vulnerability. |
1.1_1
05 Jul 2005 20:33:11
|
simon |
Document cacti -- multiple vulnerabilities.
Prodded by: Babak Farrokhi <babak@farrokhi.net> |
1.1_1
05 Jul 2005 19:01:16
|
simon |
- Add another reference to bzip2 -- denial of service and permission
race vulnerabilities.
- Document two cases of wordpress -- multiple vulnerabilities. |
1.1_1
03 Jul 2005 08:40:52
|
hrs |
Document the following issues:
- phpbb -- remote PHP code execution vulnerability
- pear-XML_RPC -- arbitrary remote code execution |
1.1_1
03 Jul 2005 08:12:20
|
simon |
Add certvu reference to kernel -- TCP connection stall denial of service
vulnerability. |
1.1_1
29 Jun 2005 23:00:52
|
simon |
Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and
FreeBSD-SA-05:15.tcp. |
1.1_1
24 Jun 2005 20:38:41
|
simon |
Document ethereal -- multiple protocol dissectors vulnerabilities. |
1.1_1
24 Jun 2005 10:22:19
|
hrs |
Document tor -- information disclosure. |
1.1_1
24 Jun 2005 09:09:23
|
hrs |
Document linux-realplayer -- RealText parsing heap overflow. |
1.1_1
23 Jun 2005 06:55:35
|
hrs |
Document ruby -- arbitrary command execution on XMLRPC server. |
1.1_1
21 Jun 2005 09:58:39
|
sem |
- net/cacti - potential SQL injection and cross site scripting attacks |
1.1_1
20 Jun 2005 22:34:16
|
simon |
Document three opera issues. |
1.1_1
20 Jun 2005 20:18:18
|
simon |
Document sudo -- local race condition vulnerability. |
1.1_1
20 Jun 2005 19:17:10
|
simon |
Add another reference to the latest tcpdump issue. |
1.1_1
20 Jun 2005 19:09:23
|
simon |
- Add entry for trac -- file upload/download vulnerability.
- Improve the last couple of entries a bit:
- Whilespace cleanup.
- Use standard topic format (port name first, then description
starting with lower case).
- Make sure SpamAssasin entry also match other 3.0.3 port revisions. |
1.1_1
20 Jun 2005 07:30:57
|
sem |
- razor-agents DoS vulnerabilities
PR: ports/82414
Submitted by: dawnshade <h-k@mail.ru> |
1.1_1
19 Jun 2005 04:57:35
|
hrs |
Fix year in <discovery> and <entry>.
Noticed by: nectar
Pointy hat to: hrs |
1.1_1
18 Jun 2005 17:27:50
|
hrs |
Document SpamAssassin -- Denial of service vulnerability. |
1.1_1
18 Jun 2005 17:15:37
|
hrs |
Document squirrelmail -- Several cross site scripting vulnerabilities. |
1.1_1
18 Jun 2005 16:54:40
|
hrs |
Document acroread -- XML External Entity vulnerability. |
1.1_1
18 Jun 2005 14:49:15
|
simon |
Use standard topic format for gzip vulnerability. |
1.1_1
18 Jun 2005 14:32:18
|
simon |
Document FreeBSD-SA-05:11.gzip. |
1.1_1
17 Jun 2005 23:19:34
|
simon |
Document SA-05:10.tcpdump. |
1.1_1
17 Jun 2005 19:12:46
|
simon |
Document two vulnerabilities in Gaim. |
1.1_1
17 Jun 2005 18:37:41
|
nectar |
Document an older, more serious gallery vulnerability. |
1.1_1
17 Jun 2005 18:30:12
|
nectar |
Document XSS vulnerabilities in gallery. |
1.1_1
17 Jun 2005 18:11:27
|
nectar |
Document KDE kstars vulnerability. |
1.1_1
17 Jun 2005 17:00:17
|
nectar |
Document fd_set overruns reported by 3APA3A. |
1.1_1
09 Jun 2005 08:44:04
|
simon |
Document leafnode -- denial of service vulnerability.
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
03 Jun 2005 19:45:36
|
nectar |
Document a directory traversal issue in older GForge versions. |
1.1_1
03 Jun 2005 19:29:42
|
nectar |
Document an authentication bypass vulnerability in imap-uw. |
1.1_1
03 Jun 2005 19:18:39
|
nectar |
Document squid denial-of-service vulnerabilities. |
1.1_1
03 Jun 2005 19:08:21
|
nectar |
Document a remote denial-of-service vulnerability in racoon. |
1.1_1
03 Jun 2005 18:24:44
|
nectar |
Document integer overflows in xli. |
1.1_1
03 Jun 2005 18:19:23
|
nectar |
Document arbitrary command execution vulnerabilities in xli and
xloadimage. |
1.1_1
03 Jun 2005 18:01:04
|
nectar |
Add new CVE names for yamt entry. |
1.1_1
03 Jun 2005 17:56:42
|
nectar |
Correct and improve recent xli entry:
* It actually affected xloadimage and xli
* A slightly better topic than just "buffer overflows"
* More refererences
* Fix the version number for xli... it is still vulnerable as of this
writing |
1.1_1
03 Jun 2005 16:26:14
|
nectar |
Correct recently added yamt entry:
* This is not CAN-2004-1302, which was documented much earlier
* Try to explain the issue
* Add the only public reference to the issue I can find |
1.1_1
03 Jun 2005 04:48:47
|
trhodes |
Buffer overflow in xli. |
1.1_1
03 Jun 2005 02:15:20
|
trhodes |
Fix breakage I caused. |
1.1_1
03 Jun 2005 02:09:22
|
trhodes |
Note buffer overflows and directory transversal issues in audio/ymat. |
1.1_1
01 Jun 2005 17:16:28
|
nectar |
Update entry for FreeStyle Wiki:
* <topic> style: ASCII em-dash "--" for separator
* replace quoted text with more informative excerpt from a Secunia
advisory
* add CVE name |
1.1_1
01 Jun 2005 17:07:58
|
nectar |
Document vulnerabilities in XView library. |
1.1_1
01 Jun 2005 16:52:45
|
nectar |
document a vulnerability in xtrlock |
1.1_1
01 Jun 2005 16:27:15
|
nectar |
Document vulnerabilities reported in the Red Hat 7.1 libraries. |
1.1_1
01 Jun 2005 16:09:53
|
nectar |
Document squirrelmail vulnerabilities. |
1.1_1
01 Jun 2005 15:53:40
|
nectar |
correct version number for mailman password generation issue |
1.1_1
01 Jun 2005 15:51:41
|
nectar |
Document vulnerability in set-user-ID sympa application. |
1.1_1
01 Jun 2005 15:36:40
|
nectar |
Another older mailman vulnerability, somewhat minor |
1.1_1
01 Jun 2005 15:27:01
|
nectar |
Add year-old mailman vulnerability, that seems to not have been
previously documented here. |
1.1_1
01 Jun 2005 14:48:38
|
nectar |
document Apache Jakarta Tomcat 5.x XSS issue |
1.1_1
29 May 2005 15:01:14
|
simon |
Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflow
vulnerability".
Reminded by: NAKAJI Hiroyuki <nakaji@jp.freebsd.org> |
1.1_1
29 May 2005 03:06:35
|
kuriyama |
- Update to 3.5.8 (including XSS problem fix).
Submitted by: Toshiya SAITOH <toshiya@saitoh.nu>
PR: ports/81520 |
1.1_1
22 May 2005 13:27:45
|
remko |
Remove a forgotten :.
Spotted by: simon |
1.1_1
22 May 2005 13:18:12
|
remko |
Document the following issues:
o freeradius -- sql injection and denial of service vulnerability
o ppxp -- local root exploit
o oops -- format string vulnerability
Approved by: simon |
1.1_1
19 May 2005 19:56:44
|
simon |
Fix entry dates for latest squid entries. |
1.1_1
19 May 2005 19:48:15
|
remko |
Reword the cdrdao entry, this includes comments from Simon which i overlooked.
Forgotten by: remko
Spotted by: simon |
1.1_1
19 May 2005 14:17:01
|
pav |
- Update Squid to 2.5.STABLE10
PR: ports/81213
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer) |
1.1_1
19 May 2005 04:17:32
|
remko |
Document cdrdao -- unspecified privilege escalation vulnerability.
Approved by: simon |
1.1_1
14 May 2005 03:43:46
|
simon |
Document two gaim issues. |
1.1_1
13 May 2005 16:24:43
|
nectar |
Add FreeBSD-SA-05:09.htt. |
1.1_1
13 May 2005 15:34:49
|
nectar |
$EDITOR should not be quoted. It might be "emacsclient -a vi" or
something. |
1.1_1
13 May 2005 15:33:48
|
nectar |
MAINTAINER -> security@FreeBSD.org |
1.1_1
13 May 2005 15:32:12
|
nectar |
Update some leafnode references.
Add new leafnode vulnerability.
PR: ports/80724
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
12 May 2005 09:59:32
|
simon |
Document two new vulnerabilities in mozilla/firefox. |
1.1_1
11 May 2005 19:00:50
|
simon |
Document mozilla -- code execution via javascript: IconURL vulnerability. |
1.1_1
09 May 2005 07:04:53
|
okazaki |
Document some vulnerabilities in groff.
- pic2graph and eqn2graph are vulnerable to symlink attack through temporary
files
- groffer uses temporary files unsafely
PR: ports/80671
Submitted by: KOMATSU Shinichiro |
1.1_1
03 May 2005 10:14:19
|
sem |
- gnu-radius exploitation was fixed in maintenance release 1.2.94
as reported in
http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
PR: ports/80558 (follow-up)
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru> |
1.1_1
02 May 2005 18:57:26
|
glewis |
. Update the version for the jar(1) vulnerability so that 1.2.2p11_4 is
no longer considered vulnerable. Adjust the modified date for the entry. |
1.1_1
01 May 2005 14:33:38
|
remko |
Document sharutils -- unshar insecure temporary file creation
Approved by: simon |
1.1_1
01 May 2005 12:25:14
|
remko |
Document rsnapshot -- local privilege escalation
Approved by: simon |
1.1_1
01 May 2005 00:30:17
|
brooks |
coppermine -- IP spoofing and XSS vulnerability |
1.1_1
29 Apr 2005 15:00:58
|
glewis |
. Correct the range of vulnerable jdk14 ports for the jar(1) vulnerability
and update the modified time for the entry. |
1.1_1
27 Apr 2005 21:35:57
|
simon |
Document ImageMagick -- ReadPNMImage() heap overflow vulnerability. |
1.1_1
27 Apr 2005 21:24:36
|
simon |
Bump modified date for last commit. |
1.1_1
27 Apr 2005 20:46:04
|
glewis |
. Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable to
the jar(1) vulnerability but is still marked vulnerable to the browser
plugin vulnerability (although the plugin is no longer built by default). |
1.1_1
25 Apr 2005 21:53:20
|
simon |
Document mplayer & libxine -- MMS and Real RTSP buffer overflow
vulnerabilities. |
1.1_1
25 Apr 2005 21:10:40
|
simon |
Document some older vulnerabilities in GAIM. |
1.1_1
23 Apr 2005 11:40:18
|
simon |
Document kdewebdev -- kommander untrusted code execution vulnerability. |
1.1_1
22 Apr 2005 21:53:43
|
remko |
Fix a typo in the kdelibs - kimgio entry. |
1.1_1
22 Apr 2005 21:52:07
|
remko |
junkbuster -- heap corruption vulnerability and configuration modification
vulnerability
Approved by: simon |
1.1_1
22 Apr 2005 08:22:59
|
simon |
Document kdelibs -- kimgio input validation errors. |
1.1_1
19 Apr 2005 22:09:46
|
simon |
Mark latest openoffice 1.1 as fixed wrt. openoffice -- DOC document
heap overflow vulnerability.
Informed by: maho |
1.1_1
19 Apr 2005 11:14:24
|
remko |
Document gld -- format string and buffer overflow vulnerabilities |
1.1_1
17 Apr 2005 15:34:43
|
naddy |
Document remote buffer overflow in ftp/axel. |
1.1_1
16 Apr 2005 22:52:07
|
simon |
Document firefox -- PLUGINSPAGE privileged javascript execution (also
from the < 1.0.3 batch). |
1.1_1
16 Apr 2005 22:35:09
|
remko |
Document jdk - jar directory traversal vulnerability.
Approved by: simon |
1.1_1
16 Apr 2005 16:12:02
|
simon |
Document several mozilla/firefox issues. |
1.1_1
15 Apr 2005 21:47:10
|
simon |
Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities"
entry.
Info provided by: sf |
1.1_1
13 Apr 2005 23:17:14
|
simon |
Document openoffice -- DOC document heap overflow vulnerability. |
1.1_1
12 Apr 2005 08:24:48
|
simon |
Fix and document insecure temporary file handling in portupgrade.
Security: CAN-2005-0610
Security:
http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html
Approved by: erwin (mentor), maintainer timeout
OK'ed by: portmgr
Reviewed by: nectar |
1.1_1
10 Apr 2005 19:41:46
|
simon |
Document three GAIM vulnerabilities. |
1.1_1
10 Apr 2005 18:47:06
|
simon |
Document an old PHP issue. |
1.1_1
10 Apr 2005 10:22:18
|
simon |
Document squid -- DoS on failed PUT/POST requests vulnerability.
Submitted by: Devon H. O'Dell <dodell@offmyserver.com> (original version) |
As an Amazon Associate I earn from qualifying purchases.
