| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
27 Oct 2004 12:25:06
  |
nectar  |
Create a VuXML entry for Horde XSS help window vulnerability to replace
the portaudit-db entry. |
1.1_1
26 Oct 2004 11:12:57
|
nectar |
Document a denial-of-service issue in bogofilter.
This entry is slightly modified from one that was
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
26 Oct 2004 05:41:47
|
nork |
Fix integer overflow vulnerabilities.
Patch made by: Chris Evans, Dirk Muller, Sebastian Krahmer,
Derek Noonburg and Marcus Meissner
Submitted by: nectar |
1.1_1
25 Oct 2004 20:22:38
|
nectar |
Document xpdf 2 and xpdf 3 vulnerabilities. |
1.1_1
25 Oct 2004 19:27:02
|
nectar |
Document several security issues in gaim, fixed in various versions from
0.82 through 1.0.2. While I'm here, notice that there have been ru-,
ko-, and ja- flavors of gaim, as well as a fairly short-lived range of
version numbers based on dates (snapshots). |
1.1_1
25 Oct 2004 17:21:16
|
nectar |
Note that the Red Hat based linux_base ports contain
vulnerable libXpm.so files.
Noticed by: maho |
1.1_1
24 Oct 2004 19:39:27
|
josef |
Document SSL_Cypherbypass vulnerability in mod_ssl
and buffer overflow vulnerability in gaim. |
1.1_1
23 Oct 2004 16:08:43
|
simon |
- Document more buffer overflows in mpg123.
- Fix package name in two older mpg123 entries.
Approved by: nectar |
1.1_1
22 Oct 2004 12:21:53
|
nectar |
I suck. (Correct a typo that would have been readily detected if
I would have run `make validate' before committing.) |
1.1_1
22 Oct 2004 12:13:40
|
nectar |
Add CVE name for cabextract issue. |
1.1_1
21 Oct 2004 22:23:56
|
simon |
Fix a copy/paste typo in last commit. |
1.1_1
21 Oct 2004 22:17:21
|
simon |
Document DoS in Apache 2 SSL handling.
Approved by: nectar |
1.1_1
21 Oct 2004 20:04:21
|
nectar |
Note that xpm has been fixed.
Also, it appears that Motif itself is affected, so add related packages. |
1.1_1
21 Oct 2004 12:34:33
|
nectar |
Update entry regarding INN 2.4.x buffer overflow:
- The email archive referenced is no longer available. Use
marc.theaimsgroup.com archive instead.
- Note that only 2.4.x versions are affected (earlier ones
are not).
Reported by: leeym |
1.1_1
20 Oct 2004 21:21:53
|
simon |
Document remote command execution vulnerability in phpMyAdmin.
Approved by: nectar |
1.1_1
20 Oct 2004 18:38:08
|
simon |
Document insecure directory handling in cabextract.
Approved by: nectar |
1.1_1
19 Oct 2004 22:08:34
|
simon |
Set correct entry date for the a2ps issue.
Noticed by: nectar
Pointy hat to: simon |
1.1_1
19 Oct 2004 21:41:22
|
simon |
Document insecure command line argument handling in a2ps.
Approved by: nectar |
1.1_1
19 Oct 2004 16:40:34
|
nectar |
Document a vulnerability in ifmail. (There does not exist
an appropriate public reference yet--- this entry should be
updated when the port is updated.)
Reported by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1
19 Oct 2004 15:41:37
|
nectar |
Document a vulnerability in imwheel. |
1.1_1
19 Oct 2004 14:11:44
|
nectar |
Add CVE names for FreeRADIUS vulnerabilities. |
1.1_1
18 Oct 2004 20:21:39
|
josef |
Document NTLM authentication vulnerability in squid
Approved by: nectar |
1.1_1
18 Oct 2004 17:56:31
|
simon |
Document a SQL command injection in Cacti.
The status of the PHP configuration option magic_quotes_gpc was
confirmed by: ale
Approved by: nectar |
1.1_1
17 Oct 2004 16:38:25
|
simon |
Document a format string vulnerability in the apache13 mod_ssl proxy
support.
Approved by: nectar |
1.1_1
16 Oct 2004 20:31:23
|
simon |
- Change a few uses of <url> into <mlist>.
OK'ed by: nectar
Additional comment to the Tor entry from v. 1.302, it was:
Submitted by: rik <freebsd-security@rikrose.net> (original version) |
1.1_1
15 Oct 2004 21:21:08
|
simon |
- Document remote DoS and loss of anonymity in Tor.
- Update a Samba entry with new information about vulnerable versions.
Approved by: nectar |
1.1_1
14 Oct 2004 17:52:41
|
nectar |
lesstif has been upgraded to a version that is not affected by the
libXpm vulnerability. |
1.1_1
14 Oct 2004 17:06:55
|
simon |
Recommit my changes from 1.298 which was accidently removed in 1.299.
Pointy hat to: josef (who also noticed the problem) |
1.1_1
14 Oct 2004 16:55:27
|
josef |
Document two seperate security vulnerabilities in
icecast1 and icecast2.
Approved by: nectar |
1.1_1
14 Oct 2004 16:46:39
|
simon |
Change the Xerces-C++ entry to match the xerces-c2 port.
Noticed by: nectar |
1.1_1
13 Oct 2004 22:00:21
|
josef |
Document vulnerability in freeradius.
Approved by: nectar |
1.1_1
13 Oct 2004 21:50:58
|
simon |
- Document DoS in Xerces-C++.
- Fix typo in a mozilla entry.
Approved by: nectar |
1.1_1
13 Oct 2004 21:12:02
|
nectar |
It turns out that lesstif has libXpm sneakily embedded. There are at
least three files with this comment at the top:
* This file contains most of the source files of Xpm, concatenated and with
* the public names changed (to have an _LtXpm prefix). |
1.1_1
13 Oct 2004 21:01:12
|
simon |
Document XSS in wordpress.
Approved by: nectar |
1.1_1
13 Oct 2004 20:39:48
|
nectar |
Document integer overflows in libtiff. |
1.1_1
13 Oct 2004 17:18:02
|
simon |
- Document a CUPS local information disclosure.
- Note the impact of the sharutils buffer overflows.
Approved by: nectar |
1.1_1
13 Oct 2004 16:55:35
|
josef |
Document a vulnerability in Zinf (freeamp).
Approved by: nectar |
1.1_1
13 Oct 2004 16:06:34
|
nectar |
Document libtiff RLE decoder issues. |
1.1_1
13 Oct 2004 10:27:33
|
simon |
The sharutils buffer overflows has been fixed in sharutils 4.2.1_2. |
1.1_1
12 Oct 2004 23:46:41
|
simon |
Document a vulnerability in sharutils.
Approved by: nectar |
1.1_1
12 Oct 2004 21:58:58
|
josef |
Document 2 DoS attacks possible against
older versions of mail-notifier.
Based on the security advisories
mentioned in the reference links.
Approved by: nectar |
1.1_1
12 Oct 2004 15:39:33
|
nectar |
ale@ reports that the only ports affected are php[45], php[45]-cgi,
and mod_php[45]. |
1.1_1
12 Oct 2004 15:09:53
|
nectar |
Note squid SNMP DoS. Based on an entry that was
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1
12 Oct 2004 02:08:57
|
nectar |
The documented xv vulnerabilities were fixed by dinoex@
Approved by: portmgr |
1.1_1
12 Oct 2004 01:07:22
|
nectar |
Note that the image decoding vulnerabilities in gdk-pixbuf have been
fixed.
Reported by: marcus
Approved by: portmgr |
1.1_1
12 Oct 2004 00:58:31
|
nectar |
Document older cyrus-sasl bug affecting DIGEST-MD5.
Submitted by: simon
Approved by: portmgr |
1.1_1
12 Oct 2004 00:57:22
|
nectar |
Update the description of and list of packages affected by the PHP file
upload processing bug.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
08 Oct 2004 16:50:15
|
nectar |
Document unsafe use of environmental variable SASL_PATH in cyrus-sasl.
Approved by: portmgr |
1.1_1
05 Oct 2004 19:28:26
|
trhodes |
Add some more apache ports.
Fix two errors found by nectar.
Approved by: portmgr |
1.1_1
05 Oct 2004 17:41:55
|
trhodes |
Add imp3 issue, add apache13-ssl issue, correct a tag.
Approved by: portmgr |
1.1_1
05 Oct 2004 14:54:27
|
nectar |
Note that older packages of bmon were dangerously installed set-user-ID.
Approved by: portmgr |
1.1_1
05 Oct 2004 14:33:02
|
nectar |
Document GnuTLS denial-of-service (already mentioned in portaudit's
database).
Approved by: portmgr |
1.1_1
05 Oct 2004 14:06:55
|
nectar |
Record another PHP vulnerability.
Approved by: portmgr |
1.1_1
05 Oct 2004 13:52:38
|
nectar |
Record another PHP security issue.
Approved by: portmgr |
1.1_1
05 Oct 2004 12:52:58
|
nectar |
Note that xv should not be used.
Approved by: portmgr |
1.1_1
04 Oct 2004 19:59:35
|
nectar |
Note a symlink vulnerability in getmail.
Submitted by: Shane Kinney <mod6@freebsdhackers.net>
Approved by: portmgr |
1.1_1
04 Oct 2004 17:30:00
|
nectar |
Fill in empty topic from previous commit.
Noticed by: Shane Kinney <mod6@freebsdhackers.net>
Approved by: portmgr |
1.1_1
04 Oct 2004 17:09:55
|
nectar |
Record FreeBSD-SA-04:15.syscons.
Approved by: portmgr |
1.1_1
04 Oct 2004 14:01:46
|
nectar |
Add missing PORTEPOCH for samba.
Noticed by: dinoex
Approved by: portmgr |
1.1_1
03 Oct 2004 22:49:55
|
nectar |
Note racoon certificate verification bug.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
03 Oct 2004 15:51:49
|
nectar |
Note distcc IP address ACL bug.
Submitted by: Jon Passi <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
03 Oct 2004 15:38:27
|
nectar |
Remove a duplicate entry.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
01 Oct 2004 01:40:54
|
nectar |
Correct the version number for latest Mozilla entry.
(cut-n-paste damage)
Approved by: portmgr |
1.1_1
01 Oct 2004 01:37:52
|
nectar |
Document the last few of the relatively recent Mozilla vulnerabilities.
Approved by: portmgr |
1.1_1
30 Sep 2004 23:32:10
|
nectar |
Correct mangled CVE name: s/8983/0903/
Approved by: portmgr |
1.1_1
30 Sep 2004 23:29:23
|
nectar |
Add another two older vulnerabilities affecting Mozilla & co.
Continue to try hard to cover past package names:
- I missed el-linux-mozillafirebird previously.
- Move all the `obsolete' package names into one place
for clarity.
Approved by: portmgr |
1.1_1
30 Sep 2004 22:30:26
|
nectar |
Don't forget `ja-samba' also.
Approved by: portmgr |
1.1_1
30 Sep 2004 22:26:02
|
nectar |
Note samba file disclosure vulnerability.
Approved by: portmgr |
1.1_1
29 Sep 2004 16:48:15
|
trhodes |
Fix apache version number entry, bump modified date for apache as well.
Approved by: portmgr |
1.1_1
28 Sep 2004 18:02:03
|
nectar |
Make an initial attempt at covering all Mozilla/Firefox/Thunderbird
package names that we've had. Similar changes need to be made to many
other entries, but let's use this one as a test subject first.
Approved by: portmgr |
1.1_1
28 Sep 2004 15:06:19
|
nectar |
Correct spelling of phpnuke package name.
Reported by: Dan Langille
Approved by: portmgr |
1.1_1
28 Sep 2004 14:31:41
|
nectar |
Note BMP decoder flaws in Mozilla/Firefox/Thunderbird.
Approved by: portmgr |
1.1_1
28 Sep 2004 14:28:04
|
nectar |
Note stack buffer overflow in Mozilla mail.
Approved by: portmgr |
1.1_1
28 Sep 2004 14:22:35
|
nectar |
Document Mozilla/Firefox/Thunderbird heap buffer overflows.
Approved by: portmgr |
1.1_1
28 Sep 2004 13:36:53
|
nectar |
Correct the package name for phpMyAdmin.
Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by: portmgr |
1.1_1
27 Sep 2004 15:15:21
|
nectar |
Add CERT Vulnerability Note references to xpm entry.
Approved by: portmgr |
1.1_1
27 Sep 2004 02:57:32
|
nectar |
Note two older vulnerabilities in PHP.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
26 Sep 2004 18:17:36
|
nectar |
Note subversion information disclosure vulnerability.
Submitted by: lev
Approved by: portmgr |
1.1_1
26 Sep 2004 18:04:52
|
nectar |
Add missing PORTEPOCH in a mozilla entry.
Correct package name in an apache entry.
Reported by: Dan Langille <dan@langille.org>
Approved by: portmgr |
1.1_1
25 Sep 2004 00:59:48
|
nectar |
Forgot to add <modified> element for last commit.
Approved by: portmgr |
1.1_1
25 Sep 2004 00:58:59
|
nectar |
Add missing PORTEPOCH on one of the mozilla entries.
Noticed by: Dan Langille <dan@langille.org>
Approved by: portmgr |
1.1_1
23 Sep 2004 15:07:39
|
nectar |
Document vulnerabilities in lha.
Reviewed by: dinoex
Approved by: portmgr |
1.1_1
23 Sep 2004 14:16:16
|
nectar |
Lately it seems I like to use dashes in topics... but I should at
least be consistent with how many. s/---/--/
Approved by: portmgr |
1.1_1
23 Sep 2004 14:10:58
|
nectar |
Document mysql buffer overflow.
Reported by: ale
Approved by: portmgr |
1.1_1
22 Sep 2004 16:39:58
|
nectar |
Document Mozilla security icon spoofing vulnerability.
Approved by: portmgr |
1.1_1
22 Sep 2004 16:16:30
|
nectar |
Document Mozilla vulnerability involving NULL bytes in FTP URLs.
Also, correct s/firebird/firefox/ in a previously documented issue.
Approved by: portmgr |
1.1_1
22 Sep 2004 15:59:56
|
nectar |
Document Mozilla automatic file upload vulnerability.
Approved by: portmgr |
1.1_1
22 Sep 2004 15:44:03
|
nectar |
Document mozilla certificate import denial-of-service vulnerability.
Approved by: portmgr |
1.1_1
21 Sep 2004 22:04:54
|
nectar |
Note a file name disclosure issue in rssh.
Reported by: leeym
Approved by: portmgr |
1.1_1
20 Sep 2004 20:13:11
|
nectar |
Add entry describe GNU Radius denial-of-service vulnerability.
Approved by: portmgr |
1.1_1
20 Sep 2004 20:06:44
|
nectar |
Add sudoedit vulnerability.
Approved by: portmgr |
1.1_1
19 Sep 2004 23:36:42
|
nectar |
In latest CVS entry, remove the reference to the exploit. It does
not apply to any of these vulnerabilities, but to the previous CVS
vulnerability (CAN-2004-0396).
Approved by: portmgr |
1.1_1
19 Sep 2004 23:32:05
|
nectar |
Oh yeah, add affected FreeBSD versions for CVS issues.
Approved by: portmgr |
1.1_1
19 Sep 2004 23:23:49
|
nectar |
Update CVS entry with some details.
Approved by: portmgr |
1.1_1
19 Sep 2004 17:38:14
|
trhodes |
Add an entry for the mod_proxy buffer overflow existant in apache13.
Approved by: portmgr |
1.1_1
18 Sep 2004 15:42:01
|
nectar |
Note some fixes for XPM image decoding vulnerabilities.
Submitted by: lesi
Add references to Chris Evans's advisories while I'm at it.
Approved by: portmgr |
1.1_1
17 Sep 2004 02:12:17
|
marcus |
Update to gdk-pixbuf vulnerability to reflect the fixed version of gtk20.
Approved by: portmgr( implicit) |
1.1_1
15 Sep 2004 19:54:22
|
nectar |
Note that a patched version of webmin 1.150 is now available, thanks
to olengi@.
Submitted by: olengi
Add a paragraph introducing the Webmin blockquote while I'm here.
Approved by: portmgr |
1.1_1
15 Sep 2004 18:05:16
|
nectar |
Note gdk-pixbuf image decoding issues.
Approved by: portmgr |
1.1_1
15 Sep 2004 17:39:48
|
nectar |
clement@ has patched Apache 2.
Approved by: portmgr |
As an Amazon Associate I earn from qualifying purchases.
