non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
Friday, 10 Jan 2025
|
05:23 Yasuhiro Kimura (yasu)
security/vuxml: Document two valnerabilities in redis and valkey
While here, update copyright year
aefdc1e |
Wednesday, 8 Jan 2025
|
19:07 Matthias Fechner (mfechner)
security/vuxml: document gitlab vulnerabilities
6b9aff1 |
Tuesday, 2 Jan 2024
|
06:11 Philip Paeps (philip)
security/vuxml: add 2024 entity
4c4ab6b |
Monday, 9 Jan 2023
|
10:11 Li-Wen Hsu (lwhsu) Author: Michael Glaus
security/vuxml: Add 2023 to the main XML file
PR: 268837
de581e5 |
Tuesday, 15 Nov 2022
|
19:27 Rene Ladan (rene)
security/vuxml: re-organize port
- move vuln-YYYY.xml files into vuln/ as just YYYY.xml
- this prevents problems with the new check_files hook when 2023 arrives.
87748de |
Wednesday, 5 Jan 2022
|
13:14 Rene Ladan (rene)
security/vuxml: document www/chromium < 97.0.4692.71
While here add definitions for 2022, as this is the first vuxml commit
of the year. This cannot be done in its own commit because `make
validate` complains in that case (even with a 0-byte vuln-2022.xml).
Obtained
from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
355c650 |
Thursday, 24 Jun 2021
|
10:03 Li-Wen Hsu (lwhsu)
security/vuxml: Update the doc link and the comment of where to add new entry
Approved by: ports-secteam (implicitly)
9f71f97 |
Wednesday, 23 Jun 2021
|
14:34 Li-Wen Hsu (lwhsu)
security/vuxml: Create 2021 entity
Let's create a new entity in the beginning of each year and append to it,
instead of massive copying in the end of each year.
6954792 |
10:00 Li-Wen Hsu (lwhsu)
security/vuxml: Fix version range of www/py-aiohttp
This also marks 3.7.4.p0 as fixed.
PR: 256219
f3e4dbc |
Tuesday, 22 Jun 2021
|
16:14 Juraj Lutter (otis)
security/vuxml: Document mail/dovecot vulnerabilities
235ae87 |
16:14 Juraj Lutter (otis)
security/vuxml: Document mail/dovecot-pigeonhole vulnerability
a7e91b4 |
Monday, 21 Jun 2021
|
20:34 Brad Davis (brd)
security/vuxml: Fix range for www/nginx CVE-2021-23017
Reviewed by: garga
Sponsored by: Rubicon Communications, LLC ("Netgate")
c2a2f2b |
16:20 Danilo G. Baio (dbaio)
security/vuxml: Fix 'make validate'
While here, remove hyperlinks to simplify, they can be accessed through
the report's url.
9dc61dc |
Sunday, 20 Jun 2021
|
01:31 Adam Weinberger (adamw)
security/vuxml: Add entry for gitea < 1.14.3
PR: 256720
f7a5ae5 |
Friday, 18 Jun 2021
|
11:01 Rene Ladan (rene)
security/vuxml: Add www/chromium < 91.0.4472.114
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
fd3ddca |
Tuesday, 15 Jun 2021
|
15:48 Kevin Bowling (kbowling)
security/vuxml: Document CVE-2021-29376 for irc/ircII
PR: 255492
Reported by: Andrew Gierth <andrew@tao11.riddles.org.uk>
bfa2545 |
Monday, 14 Jun 2021
|
07:15 Bernard Spil (brnrd)
security/vuxml: Document Apache httpd vulns
029ca9d |
Friday, 11 Jun 2021
|
10:50 Dmitry Marakasov (amdmi3)
security/vuxml: document CVE-2021-33564 for rubygem-dragonfly
8c237a2 |
Thursday, 10 Jun 2021
|
14:37 Rodrigo Osorio (rodrigo)
security/vuxml: Document CVE-2020-35701 for net-mgmt/cacti
c7737d4 |
11:37 Rene Ladan (rene)
security/vuxml: add Chromium < 91.0.4472.101
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
e3a211b |
Tuesday, 8 Jun 2021
|
19:30 Ashish SHUKLA (ashish)
security/vuxml: Document CVE-2021-33896 in net-im/dino port
4d17731 |
Sunday, 6 Jun 2021
|
20:48 Matthew Seaman (matthew)
security/vuxml: Document CVE-2021-3515 for databases/pglogical
A shell injection flaw was found in pglogical in versions before 2.3.4
and before 3.6.26. An attacker with CREATEDB privileges on a
PostgreSQL server can craft a database name that allows execution of
shell commands as the postgresql user when calling
pglogical.create_subscription().
ef3b8b2 |
08:48 Kurt Jaeger (pi) Author: Simon Wright
security/vuxml: add www/drupal7 CVE
daffeee |
Friday, 4 Jun 2021
|
18:29 Tobias C. Berner (tcberner)
security/vuxml: document vulnerability in sysutils/polkit
Cedric Buissart reports:
The function `polkit_system_bus_name_get_creds_sync` is used to get the
uid and pid of the process requesting the action. It does this by
sending the unique bus name of the requesting process, which is
typically something like ":1.96", to `dbus-daemon`. These unique names
are assigned and managed by `dbus-daemon` and cannot be forged, so this
is a good way to check the privileges of the requesting process.
The vulnerability happens when the requesting process disconnects from
`dbus-daemon` just before the call to
`polkit_system_bus_name_get_creds_sync` starts. In this scenario, the
unique bus name is no longer valid, so `dbus-daemon` sends back an error
reply. This error case is handled in
`polkit_system_bus_name_get_creds_sync` by setting the value of the
`error` parameter, but it still returns `TRUE`, rather than `FALSE`.
This behavior means that all callers of
`polkit_system_bus_name_get_creds_sync` need to carefully check whether
an error was set. If the calling function forgets to check for errors
then it will think that the uid of the requesting process is 0 (because
the `AsyncGetBusNameCredsData` struct is zero initialized). In other
words, it will think that the action was requested by a root process,
and will therefore allow it.
PR: 256405
Security: CVE-2021-3560 polkit
0958ffc |
09:59 Thomas Zander (riggs)
security/vuxml: Document CVE-2021-33054 for www/sogo*.
PR: 256374
Reported by: rob2g2 <spam123@bitbert.com>
44ca757 |
09:38 Fernando ApesteguĂa (fernape)
security/vuxml: Add CVE-2020-8492 for lang/tauthon
PR: 256387
Reported by: olivier.freebsd@free.fr
a64c3e0 |
09:32 Thomas Zander (riggs)
security/vuxml: Document CVE-2021-28091 for security/lasso.
PR: 256373
Reported by: spam123@bitbert.com
df775d9 |
Thursday, 3 Jun 2021
|
23:17 Dmitri Goutnik (dmgk)
security/vuxml: Document lang/go vulnerabilities
597614c |
11:26 Dmitry Marakasov (amdmi3)
security/vuxml: document aiohttp CVE-2021-21330
35af594 |
Wednesday, 2 Jun 2021
|
23:53 Craig Leres (leres)
security/vuxml: Mark zeek < 4.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.2
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability.
29ff379 |
18:41 Dmitry Marakasov (amdmi3)
security/vuxml: add entry for PyYAML CVE-2020-14343
PR: 256220
2acbd03 |
13:48 Ryan Steinmetz (zi)
security/vuxml: Document isc-dhcp44-* vulnerability
PR: 256377
687785a |
13:48 Ryan Steinmetz (zi)
security/vuxml: Fix overly large entry that violates 'make validate'
72a5d3c |
Tuesday, 1 Jun 2021
|
22:37 Matthias Fechner (mfechner)
security/vuxml: Document gitlab vulnerabilities.
ddf691d |
16:59 Jung-uk Kim (jkim)
security/vuxml: Correct CVE entry for the x11/libX11 vulnerability
6e4e874 |
15:35 Sergey A. Osokin (osa)
security/vuxml: document vulnerability in databases/redis
Security: CVE-2021-32625
ae21649 |
15:13 Jung-uk Kim (jkim)
security/vuxml: Document vulnerability in x11/libX11
PR: 256034
Security: CVE-2021-31535
51990d4 |
03:02 Guangyuan Yang (ygy) Author: David O'Rourke
security/vuxml: Document vulnerability in net-mgmt/prometheus2
PR: 255976
Security: CVE-2021-29622
Approved by: lwhsu (mentor)
6890a3c |
Monday, 31 May 2021
|
20:55 Adriaan de Groot (adridg)
security/vuxml: Document graphics/wayland <= 1.19.0
0bd31cd |
Thursday, 27 May 2021
|
05:17 Philip Paeps (philip)
security/vuxml: add FreeBSD SA-21:11.smap
23f6f30 |
05:17 Philip Paeps (philip)
security/vuxml: add FreeBSD SA-21:12.libradius
bbd2f19 |
Wednesday, 26 May 2021
|
10:17 Rene Ladan (rene)
vuln.xml: Document chromium < 91.0.4472.77
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
05bea26 |
00:33 Danilo G. Baio (dbaio)
security/vuxml: Document net/libzmq4 issues
PR: 255102
Reported by: Thomas Petig <thomas@petig.eu>
Security: CVE-2019-13132
Security: CVE-2020-15166
b48ef26 |
Tuesday, 25 May 2021
|
15:40 Sergey A. Osokin (osa)
security/vuxml: document vulnerability in www/nginx and www/nginx-devel
Security: CVE-2021-23017
1109a4b |
Monday, 24 May 2021
|
15:57 Palle Girgensohn (girgen)
databases/pg_partman: arbitrary code execution
Security: CVE-2021-33204
4132a67 |
15:02 Tobias C. Berner (tcberner)
security/vuxml: document vulnerability in texptroc/expat2
Security: CVE-2013-0340
PR: 256121
4ff5444 |
Sunday, 23 May 2021
|
14:44 Tobias C. Berner (tcberner) Author: Yasuhiro Kimura
security/vuxml: document vulnerability in texptroc/libxml2
PR: 256093
Security: CVE-2021-3541
d4a4187 |
Saturday, 15 May 2021
|
09:12 Palle Girgensohn (girgen)
databases/postgresql??-server: multiple security issues
4106061 |
Thursday, 13 May 2021
|
19:44 Neel Chauhan (nc) Author: Thomas Morper
security/vuxml: Add entry for net-im/prosody
PR: 255845, 255849
b1a6389 |
14:43 Thierry Thomas (thierry)
security/vuxml: declare vulnerabilities for ImageMagick7
PR: 255802
0e7c332 |
14:43 Thierry Thomas (thierry)
security/vuxml: declare vulnerabilities for ImageMagick6
PR: 255818
e34fc76 |
Wednesday, 12 May 2021
|
10:09 Thierry Thomas (thierry)
security/vuxml: add vunerabilities fixed in 8.2.0
PR: 255361
b1fa93c |
Tuesday, 11 May 2021
|
18:11 Rene Ladan (rene)
Document vulnerabilities in Chromium < 90.0.4430.212
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
8a46088 |
15:19 Neel Chauhan (nc) Author: Sascha Biberhofer
security/vuxml: Add entry for net-im/py-matrix-synapse
d110fd2 |
Monday, 10 May 2021
|
12:35 Hajimu UMEMOTO (ume)
security/vuxml: cyrus-imapd -- Remote authenticated users could bypass intended
access restrictions on c\ertain server annotations.
ca28595 |
Saturday, 8 May 2021
|
16:03 Christian Weisgerber (naddy)
security/vuxml: Document FLAC out-of-bounds read
11845a3 |
09:33 Matthias Andree (mandree)
security/vuxml: add CVE #s for OpenEXR 2.5.4 fixes
4878286 |
Friday, 7 May 2021
|
09:52 Po-Chuan Hsieh (sunpoet)
security/vuxml: Document rails vulnerability
066d3db |
Thursday, 6 May 2021
|
20:12 Dmitri Goutnik (dmgk)
security/vuxml: Document lang/go vulnerability
bf7bd67 |
Wednesday, 5 May 2021
|
08:39 Mateusz Piotrowski (0mp)
security/vuxml: Document Ansible vulnerability
56db844 |
07:05 Wen Heping (wen)
security/vuxml : Document django's multiple vulnerabilities
f468496e |
03:39 Wen Heping (wen)
Document Python's multiple vulnerabilities
1388ee6 |
Tuesday, 4 May 2021
|
14:26 Bernard Spil (brnrd)
security/vuxml: Update latest MySQL vuln entry
* Adds CVE numbers
* Mark MariaDB partially affected
ebf2986 |
Monday, 3 May 2021
|
21:44 Sergey A. Osokin (osa)
security/vuxml: document recent vulnerabilities with redis ports.
PR: 255580
f774368 |
13:59 Koichiro Iwao (meta)
security/vuxml: Document command injection vulnerability in RDoc
PR: 255552
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Security: CVE-2021-31799
4689236 |
Sunday, 2 May 2021
|
12:59 Kurt Jaeger (pi) Author: Geoffroy Desvernay
security/vuxml: add mail/sympa CVE
PR: 252464
5271fab |
Saturday, 1 May 2021
|
01:25 Timur I. Bakeyev (timur)
Add an entry about Samba vulnerability CVE-2021-20254:
Negative idmap cache entries can cause incorrect group entries in the Samba file
server process token.
PR:
Submitted by:
Reported by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
MFH:
Relnotes:
Security: CVE-2021-20254
Sponsored by:
Differential Revision:
265e9a6 |
Thursday, 29 Apr 2021
|
23:00 Don Lewis (truckman)
security/vuxml: Update fixed version of openoffice-devel.
CVE-2021-30245 is fixed in version 1619649022 of
editors/openoffice-devel.
4eea2e5 |
Wednesday, 28 Apr 2021
|
21:57 Matthias Fechner (mfechner)
Document gitlab-ce vulnerabilities.
199adc3 |
21:57 Matthias Fechner (mfechner)
Document vulnerabilities for www/rubygem-carrierwave.
41ffee8 |
16:56 Neel Chauhan (nc)
mail/sympa: add vuxml entry
PR: 255455
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer)
10ad22f |
Tuesday, 27 Apr 2021
|
17:11 Rene Ladan (rene)
Document new vulns, www/chromium < 90.0.4430.93
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
1eeb9f4 |
Monday, 26 Apr 2021
|
13:30 Palle Girgensohn (girgen)
security/shibboleth.sp: add more information to security advisory
7e0f5d9 |
08:36 Palle Girgensohn (girgen)
security/shibboleth-sp: add entry for upcoming vulnerability
The details are not yet disclosed.
f0d60c4 |
Wednesday, 21 Apr 2021
|
21:40 Craig Leres (leres)
security/vuxml: Mark zeek < 4.0.1 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.1
Fix null-pointer dereference when encountering an invalid enum name
in a config/input file that tries to read it into a set[enum]. For
those that have such an input feed whose contents may come from
external/remote sources, this is a potential DoS vulnerability.
53d0f5e |
17:48 Matthias Andree (mandree)
security/vuxml: add devel/openvpn < 2.5.2 entry
Security: CVE-2020-15078
Security: efb965be-a2c0-11eb-8956-1951a8617e30
d1184f2 |
08:11 Rene Ladan (rene)
Document new vulnerabilities in www/chromium < 90.0.4430.85
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
d70c998 |
Tuesday, 20 Apr 2021
|
19:28 Bryan Drewery (bdrewery)
Another openssh version fix for CVE-2021-28041.
Reported by: leres
c55e97c |
19:26 Li-Wen Hsu (lwhsu)
Document Jenkins Security Advisory 2021-04-20
Sponsored by: The FreeBSD Foundation
87da009 |
15:37 Bryan Drewery (bdrewery)
Fix openssh version in entry for CVE-2021-28041
Reported by: leres
da89336 |
10:00 Bernard Spil (brnrd)
security/vuxml: Add MySQL vulns
7dc3c80 |
03:49 Don Lewis (truckman)
security/vuxml: Document OpenOffice vulnerability CVE-2021-30245
940cf97 |
Monday, 19 Apr 2021
|
04:11 Kevin Bowling (kbowling)
devel/maven: update to 3.8.1
This is not just a bugfix as it contains three features that cause a change of
default behavior (external HTTP insecure URLs are now blocked by default): your
builds may fail when using this new Maven release, if you use now blocked
repositories. Please check and eventually fix before upgrading.
Changes http://maven.apache.org/docs/3.8.1/release-notes.html
PR: 255161
Approved by: Jonathan Chen <jonc@chen.org.nz> (maintainer)
Security: CVE-2021-26291
CVE-2020-13956
887cfad |
Saturday, 17 Apr 2021
|
16:31 Brad Davis (brd)
Document sysutils/consul vulnerabilities
7031bbf |
Thursday, 15 Apr 2021
|
22:55 Mateusz Piotrowski (0mp)
Document accountsservice vulnerability
d227a2f |
14:46 Mateusz Piotrowski (0mp)
Document textproc/mdbook vulnerability
bc32e1b |
14:32 Matthias Fechner (mfechner)
Document gitlab vulnerabilities.
d6ac57a |
13:51 Rene Ladan (rene)
Document new vulnerabilities in www/chromium < 90.0.4430.72
4ec0339 |
Wednesday, 14 Apr 2021
|
17:47 Rene Ladan (rene)
Document new vulnerabilities in www/chromium < 89.0.4389.128
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
34921a9 |
Tuesday, 13 Apr 2021
|
15:50 Emmanuel Vadot (manu)
security/vuxml: Document xorg-server vuln
f7859bc |
Monday, 12 Apr 2021
|
18:29 Adam Weinberger (adamw)
security/vuxml: Add entry for gitea < 1.14.0
PR: 254976
Submitted by: Stefan Bethke
8497a2d |
02:04 Steve Wills (swills)
security/vuxml: Document syncthing issue
6715140 |
Saturday, 10 Apr 2021
|
07:13 Thomas Zander (riggs)
security/vuxml: Document information disclosure vulnerability in python.
PR: 254780
Reported by: yasu@utahime.org
Security: CVE-2021-3426
1d4cfc1 |
06:31 Thomas Zander (riggs)
security/vuxml: Document 2 vulnerabilities in ftp/curl
Security: CVE-2021-22876
CVE-2021-22890
PR: 254772
Reported by: yasu@utahime.org
1e89938 |
Friday, 9 Apr 2021
|
22:08 Adam Weinberger (adamw)
security/vuxml: Add entry for gitea < 1.13.7
PR: 254930
Submitted by: Stefan Bethke
b3cd195 |
Thursday, 8 Apr 2021
|
04:36 Neel Chauhan (nc)
Document multiple vulnerabilities in security/clamav
PR: 254861
Submitted by: Yasuhiro Kimura <yasu AT utahime DOT org>
48c9ebf |
00:43 Li-Wen Hsu (lwhsu)
Document Jenkins Security Advisory 2021-04-07
Sponsored by: The FreeBSD Foundation
80690bd |
Wednesday, 7 Apr 2021
|
18:58 Bradley T. Hughes (bhughes)
security/vuxml: document Node.js April 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/
9d9b2b9 |
16:10 Lewis Cook (lcook)
security/vuxml: Document upnp stack overflow vulnerability
Approved by: fernape (mentor)
Differential Revision: https://reviews.freebsd.org/D29618
01b07b7 |
11:24 Philip Paeps (philip)
security/vuxml: add FreeBSD SA-21:10.jail_mount
86fc557 |
Number of commits found: 6273 (showing only 100 on this page) |