| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
18 Nov 2004 19:06:17
  |
josef  |
Add localized versions of gd port to the VuXML entry. |
1.1_1
18 Nov 2004 15:47:48
|
simon |
Document SA-04:16.fetch. |
1.1_1
17 Nov 2004 19:05:46
|
josef |
Document the buffer overrun vulnerability in samba3
CAN-2004-882 |
1.1_1
17 Nov 2004 17:11:32
|
josef |
Correct range for xpdf vulnerability, as cups-base got a fixing
update. |
1.1_1
16 Nov 2004 23:16:44
|
josef |
The last commit to japanese/samba also fixed the security issue
in samba (CAN-2004-0815)
As discussed with: NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer) |
1.1_1
16 Nov 2004 22:53:06
|
simon |
Add CVE name to twiki entry.
Noticed by: josef |
1.1_1
16 Nov 2004 20:02:09
|
josef |
Add teTeX-base to affected packages in xpdf's vuxml entry. |
1.1_1
15 Nov 2004 10:18:50
|
simon |
Document arbitrary shell command execution in twiki. |
1.1_1
14 Nov 2004 23:05:37
|
simon |
Document a format string vulnerability in proxytunnel. |
1.1_1
13 Nov 2004 09:05:02
|
simon |
Fix entry date for the ruby entry from the last commit. |
1.1_1
13 Nov 2004 08:54:20
|
simon |
- Document at DoS in the Ruby CGI module.
- Document a privilege escalation in sudo. |
1.1_1
12 Nov 2004 15:23:39
|
nectar |
Add CVE name for gnats issue. |
1.1_1
12 Nov 2004 15:01:57
|
nectar |
Note (likely) remotely exploitable vulnerability in samba 3.
Submitted by: Shane Kinney <mod6@freebsdhackers.net> |
1.1_1
12 Nov 2004 11:15:02
|
josef |
Document vulnerability in GNATS. |
1.1_1
11 Nov 2004 23:53:33
|
simon |
Document a XSS in squirrelmail. |
1.1_1
11 Nov 2004 23:01:51
|
josef |
Fix entry date. |
1.1_1
11 Nov 2004 22:46:39
|
josef |
Document BNC vulnerability. |
1.1_1
11 Nov 2004 17:29:54
|
nectar |
Note old hafiye bug.
Submitted by: Shane Kinney <mod6@freebsdhackers.net> |
1.1_1
11 Nov 2004 15:46:05
|
naddy |
Fix a format string vulnerability in ez-ipupdate.
Approved by: se@
Obtained from: Ulf Harnhammar <Ulf.Harnhammar.9485@student.uu.se> |
1.1_1
11 Nov 2004 14:17:16
|
simon |
Document a buffer overflow in ImageMagick's EXIF parser. |
1.1_1
11 Nov 2004 13:34:17
|
simon |
Correct recent Apache 2 entry to not match Apache 1.X.
Noticed by: Dan Langille <dan@langille.org> |
1.1_1
10 Nov 2004 22:48:58
|
josef |
Document vulnerability in Apache 2 (CAN-2004-0942). |
1.1_1
10 Nov 2004 20:25:02
|
marcus |
Update the libxml vulnerability to indicate the fixed version. |
1.1_1
09 Nov 2004 23:30:01
|
simon |
Document a format string vulnerability in socat. |
1.1_1
09 Nov 2004 22:07:15
|
simon |
Document remote buffers overflow in libxml and libxml2. |
1.1_1
09 Nov 2004 17:00:58
|
nectar |
The bugs discovered by Chris Evans have been fixed
in linux-gdk-pixbuf.
Reported by: thierry |
1.1_1
08 Nov 2004 10:26:50
|
josef |
Fix pkgnames for mod_include vulnerability.
Thanks to Dan Langille for helping me to track these down. |
1.1_1
08 Nov 2004 00:07:23
|
simon |
Document a virus detection evasion in p5-Archive-Zip. |
1.1_1
06 Nov 2004 12:31:29
|
josef |
Document mod_include vulnerability in apache and related ports. |
1.1_1
06 Nov 2004 00:38:28
|
simon |
Document an insecure temporary file creation in postgresql-contrib. |
1.1_1
05 Nov 2004 21:57:00
|
simon |
Bump modified date in the entry for the last commit. |
1.1_1
05 Nov 2004 21:54:05
|
simon |
Update latest mpg123 entry to note that the port is fixed in the most
recent port version. |
1.1_1
05 Nov 2004 14:48:02
|
simon |
There was a gd 1.X port with portepoch 2 for a while, so let the gd
entry also match that. |
1.1_1
05 Nov 2004 13:59:20
|
simon |
Document an integer overflow in the GD Graphics Library. |
1.1_1
04 Nov 2004 08:56:41
|
simon |
Correct entry date for the putty entry.
OK'ed by: josef |
1.1_1
04 Nov 2004 00:05:23
|
josef |
Document vulnerability in putty
Reviewed by: simon |
1.1_1
03 Nov 2004 22:49:13
|
simon |
Add an entry for a wzdftpd remote DoS. |
1.1_1
03 Nov 2004 22:36:09
|
simon |
Updates to the bogofilter entry:
- Improve information about which versions are vulnerable. [1]
- Add a few more references.
Submitted by: Matthias Andree <matthias.andree@gmx.de> [1] |
1.1_1
01 Nov 2004 21:24:39
|
mezz |
Update linux-openmotif to 2.2.4 to fix the security.
http://vuxml.freebsd.org/ef253f8b-0727-11d9-b45d-000c41e2cdad.html |
1.1_1
27 Oct 2004 21:11:09
|
josef |
Document rssh format string vulnerability.
Approved by: nectar |
1.1_1
27 Oct 2004 12:25:06
|
nectar |
Create a VuXML entry for Horde XSS help window vulnerability to replace
the portaudit-db entry. |
1.1_1
26 Oct 2004 11:12:57
|
nectar |
Document a denial-of-service issue in bogofilter.
This entry is slightly modified from one that was
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
26 Oct 2004 05:41:47
|
nork |
Fix integer overflow vulnerabilities.
Patch made by: Chris Evans, Dirk Muller, Sebastian Krahmer,
Derek Noonburg and Marcus Meissner
Submitted by: nectar |
1.1_1
25 Oct 2004 20:22:38
|
nectar |
Document xpdf 2 and xpdf 3 vulnerabilities. |
1.1_1
25 Oct 2004 19:27:02
|
nectar |
Document several security issues in gaim, fixed in various versions from
0.82 through 1.0.2. While I'm here, notice that there have been ru-,
ko-, and ja- flavors of gaim, as well as a fairly short-lived range of
version numbers based on dates (snapshots). |
1.1_1
25 Oct 2004 17:21:16
|
nectar |
Note that the Red Hat based linux_base ports contain
vulnerable libXpm.so files.
Noticed by: maho |
1.1_1
24 Oct 2004 19:39:27
|
josef |
Document SSL_Cypherbypass vulnerability in mod_ssl
and buffer overflow vulnerability in gaim. |
1.1_1
23 Oct 2004 16:08:43
|
simon |
- Document more buffer overflows in mpg123.
- Fix package name in two older mpg123 entries.
Approved by: nectar |
1.1_1
22 Oct 2004 12:21:53
|
nectar |
I suck. (Correct a typo that would have been readily detected if
I would have run `make validate' before committing.) |
1.1_1
22 Oct 2004 12:13:40
|
nectar |
Add CVE name for cabextract issue. |
1.1_1
21 Oct 2004 22:23:56
|
simon |
Fix a copy/paste typo in last commit. |
1.1_1
21 Oct 2004 22:17:21
|
simon |
Document DoS in Apache 2 SSL handling.
Approved by: nectar |
1.1_1
21 Oct 2004 20:04:21
|
nectar |
Note that xpm has been fixed.
Also, it appears that Motif itself is affected, so add related packages. |
1.1_1
21 Oct 2004 12:34:33
|
nectar |
Update entry regarding INN 2.4.x buffer overflow:
- The email archive referenced is no longer available. Use
marc.theaimsgroup.com archive instead.
- Note that only 2.4.x versions are affected (earlier ones
are not).
Reported by: leeym |
1.1_1
20 Oct 2004 21:21:53
|
simon |
Document remote command execution vulnerability in phpMyAdmin.
Approved by: nectar |
1.1_1
20 Oct 2004 18:38:08
|
simon |
Document insecure directory handling in cabextract.
Approved by: nectar |
1.1_1
19 Oct 2004 22:08:34
|
simon |
Set correct entry date for the a2ps issue.
Noticed by: nectar
Pointy hat to: simon |
1.1_1
19 Oct 2004 21:41:22
|
simon |
Document insecure command line argument handling in a2ps.
Approved by: nectar |
1.1_1
19 Oct 2004 16:40:34
|
nectar |
Document a vulnerability in ifmail. (There does not exist
an appropriate public reference yet--- this entry should be
updated when the port is updated.)
Reported by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1
19 Oct 2004 15:41:37
|
nectar |
Document a vulnerability in imwheel. |
1.1_1
19 Oct 2004 14:11:44
|
nectar |
Add CVE names for FreeRADIUS vulnerabilities. |
1.1_1
18 Oct 2004 20:21:39
|
josef |
Document NTLM authentication vulnerability in squid
Approved by: nectar |
1.1_1
18 Oct 2004 17:56:31
|
simon |
Document a SQL command injection in Cacti.
The status of the PHP configuration option magic_quotes_gpc was
confirmed by: ale
Approved by: nectar |
1.1_1
17 Oct 2004 16:38:25
|
simon |
Document a format string vulnerability in the apache13 mod_ssl proxy
support.
Approved by: nectar |
1.1_1
16 Oct 2004 20:31:23
|
simon |
- Change a few uses of <url> into <mlist>.
OK'ed by: nectar
Additional comment to the Tor entry from v. 1.302, it was:
Submitted by: rik <freebsd-security@rikrose.net> (original version) |
1.1_1
15 Oct 2004 21:21:08
|
simon |
- Document remote DoS and loss of anonymity in Tor.
- Update a Samba entry with new information about vulnerable versions.
Approved by: nectar |
1.1_1
14 Oct 2004 17:52:41
|
nectar |
lesstif has been upgraded to a version that is not affected by the
libXpm vulnerability. |
1.1_1
14 Oct 2004 17:06:55
|
simon |
Recommit my changes from 1.298 which was accidently removed in 1.299.
Pointy hat to: josef (who also noticed the problem) |
1.1_1
14 Oct 2004 16:55:27
|
josef |
Document two seperate security vulnerabilities in
icecast1 and icecast2.
Approved by: nectar |
1.1_1
14 Oct 2004 16:46:39
|
simon |
Change the Xerces-C++ entry to match the xerces-c2 port.
Noticed by: nectar |
1.1_1
13 Oct 2004 22:00:21
|
josef |
Document vulnerability in freeradius.
Approved by: nectar |
1.1_1
13 Oct 2004 21:50:58
|
simon |
- Document DoS in Xerces-C++.
- Fix typo in a mozilla entry.
Approved by: nectar |
1.1_1
13 Oct 2004 21:12:02
|
nectar |
It turns out that lesstif has libXpm sneakily embedded. There are at
least three files with this comment at the top:
* This file contains most of the source files of Xpm, concatenated and with
* the public names changed (to have an _LtXpm prefix). |
1.1_1
13 Oct 2004 21:01:12
|
simon |
Document XSS in wordpress.
Approved by: nectar |
1.1_1
13 Oct 2004 20:39:48
|
nectar |
Document integer overflows in libtiff. |
1.1_1
13 Oct 2004 17:18:02
|
simon |
- Document a CUPS local information disclosure.
- Note the impact of the sharutils buffer overflows.
Approved by: nectar |
1.1_1
13 Oct 2004 16:55:35
|
josef |
Document a vulnerability in Zinf (freeamp).
Approved by: nectar |
1.1_1
13 Oct 2004 16:06:34
|
nectar |
Document libtiff RLE decoder issues. |
1.1_1
13 Oct 2004 10:27:33
|
simon |
The sharutils buffer overflows has been fixed in sharutils 4.2.1_2. |
1.1_1
12 Oct 2004 23:46:41
|
simon |
Document a vulnerability in sharutils.
Approved by: nectar |
1.1_1
12 Oct 2004 21:58:58
|
josef |
Document 2 DoS attacks possible against
older versions of mail-notifier.
Based on the security advisories
mentioned in the reference links.
Approved by: nectar |
1.1_1
12 Oct 2004 15:39:33
|
nectar |
ale@ reports that the only ports affected are php[45], php[45]-cgi,
and mod_php[45]. |
1.1_1
12 Oct 2004 15:09:53
|
nectar |
Note squid SNMP DoS. Based on an entry that was
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1
12 Oct 2004 02:08:57
|
nectar |
The documented xv vulnerabilities were fixed by dinoex@
Approved by: portmgr |
1.1_1
12 Oct 2004 01:07:22
|
nectar |
Note that the image decoding vulnerabilities in gdk-pixbuf have been
fixed.
Reported by: marcus
Approved by: portmgr |
1.1_1
12 Oct 2004 00:58:31
|
nectar |
Document older cyrus-sasl bug affecting DIGEST-MD5.
Submitted by: simon
Approved by: portmgr |
1.1_1
12 Oct 2004 00:57:22
|
nectar |
Update the description of and list of packages affected by the PHP file
upload processing bug.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
08 Oct 2004 16:50:15
|
nectar |
Document unsafe use of environmental variable SASL_PATH in cyrus-sasl.
Approved by: portmgr |
1.1_1
05 Oct 2004 19:28:26
|
trhodes |
Add some more apache ports.
Fix two errors found by nectar.
Approved by: portmgr |
1.1_1
05 Oct 2004 17:41:55
|
trhodes |
Add imp3 issue, add apache13-ssl issue, correct a tag.
Approved by: portmgr |
1.1_1
05 Oct 2004 14:54:27
|
nectar |
Note that older packages of bmon were dangerously installed set-user-ID.
Approved by: portmgr |
1.1_1
05 Oct 2004 14:33:02
|
nectar |
Document GnuTLS denial-of-service (already mentioned in portaudit's
database).
Approved by: portmgr |
1.1_1
05 Oct 2004 14:06:55
|
nectar |
Record another PHP vulnerability.
Approved by: portmgr |
1.1_1
05 Oct 2004 13:52:38
|
nectar |
Record another PHP security issue.
Approved by: portmgr |
1.1_1
05 Oct 2004 12:52:58
|
nectar |
Note that xv should not be used.
Approved by: portmgr |
1.1_1
04 Oct 2004 19:59:35
|
nectar |
Note a symlink vulnerability in getmail.
Submitted by: Shane Kinney <mod6@freebsdhackers.net>
Approved by: portmgr |
1.1_1
04 Oct 2004 17:30:00
|
nectar |
Fill in empty topic from previous commit.
Noticed by: Shane Kinney <mod6@freebsdhackers.net>
Approved by: portmgr |
1.1_1
04 Oct 2004 17:09:55
|
nectar |
Record FreeBSD-SA-04:15.syscons.
Approved by: portmgr |
1.1_1
04 Oct 2004 14:01:46
|
nectar |
Add missing PORTEPOCH for samba.
Noticed by: dinoex
Approved by: portmgr |
1.1_1
03 Oct 2004 22:49:55
|
nectar |
Note racoon certificate verification bug.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
As an Amazon Associate I earn from qualifying purchases.
