13:41 feld 

Document FreeBSD-SA-17:06.openssh

 

13:40 feld 

Document FreeBSD-SA-17:05.heimdal

 

05:54 jbeich 

security/vuxml: seamonkey 2.49.1 build2 uses gecko from firefox 52.4

 

19:19 mandree 

fix typo in dnsmasq < 2.78 entries

Security: b77b5646-a778-11e7-ac58-b499baebfeaf

 

15:15 brnrd 

security/vuxml: Fix title on latest entry

 

14:06 brnrd 

security/vuxml: Document dnsmasq vulnerabilities

 

16:28 zi 

- Condense additional entries where description >4500 characters

Approved by:	ports-secteam (with hat)

 

15:51 zi 

- Condense entries whose description is >5000 characters

Approved by:	ports-secteam (with hat)

 

15:28 zi 

- Purge another batch of superceded www/chromium entries to give us additional
headroom under the 5M vuln.xml file size limit

Approved by:	ports-secteam (with hat)

 

15:23 swills 

Document phpmyfaq issues

 

15:17 swills 

Document wordpress issues

 

15:17 zi 

- Fix invalid date entries
- Purge 6887828f-0229-11e0-b84d-00262d5ed8ee as it has been superceded by other
entries and it is massive. (We have hit 5M on vuln.xml)

 

13:20 swills 

Fix date format

While here, correct some grammar

PR:		222683
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

 

22:47 jbeich 

security/vuxml: mark firefox < 56 as vulnerable

 

20:53 swills 

Document sam2p issue

 

14:53 swills 

docuent libraw issue

 

21:16 mandree 

Extend OpenVPN security issue to slave ports.

Security:	CVE-2017-12166
Security:	3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8

 

21:13 mandree 

Document OpenVPN <2.4.4 CVE-2017-12166 legacy vuln.

Security:	CVE-2017-12166
Security:	3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8

 

16:50 rakuco 

Fix version range for libzip's CVE-2017-14107 (r450692).

I am going to land a fix for libzip 1.1.3 (the version currently in the ports
tree) instead of updating the port to 1.3.0. 1.3.0 has a different SOVERSION
number, which also requires updating dependent ports and makes MFH'ing the fix
more difficult.

PR:		222638

 

15:38 swills 

Document ImageMagick issue

 

15:33 sunpoet 

Update rubygem-geminabox vulnerability

 

15:20 swills 

Document libofx issue

 

14:36 swills 

Correct version of libbson issue

 

21:32 swills 

Document sugarcrm issue

 

18:31 swills 

Document libzip issue

 

18:14 swills 

Document libbson issue

 

17:44 swills 

Document multiple vulnerabilities in tcpdump

 

14:48 swills 

Document libraw issue

 

14:46 swills 

Document libraw issue

 

14:39 swills 

Document issue in gd

 

14:37 swills 

Document issue in php and gd

 

13:20 swills 

Document ledger vulnerabilities

 

12:19 swills 

Document aacplusenc issue

 

12:12 swills 

Document ansible issue

 

14:48 swills 

Add second CVE To geminabox entry, update versions affected

 

11:05 brnrd 

security/vuxml: Document WeeChat 1.9 vulnerability

 

19:08 sunpoet 

Document Perl vulnerability

 

21:45 cpm 

Document new vulnerabilities in www/chromium < 61.0.3163.100

Obtained
from:	https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html

 

20:12 madpilot 

Add new asterisk ports vulnerability.

 

18:17 jbeich 

security/vuxml: adjust for seamonkey 2.49.1

 

16:59 sunpoet 

Document Ruby vulnerability

 

15:49 sunpoet 

Document rubygem-geminabox vulnerability

 

12:23 brd 

Add new entry for Apache "OptionsBleed"

Reviewed by:	zi

 

10:12 tz 

Document GitLab vulnerabilities

Security: CVE-2017-5029
Security: CVE-2016-4738
Security:
https://vuxml.FreeBSD.org/freebsd/6a177c87-9933-11e7-93f7-d43d7e971a1b.html

 

13:22 ashish 

- Add emacs-devel to the list of affected packages by emacs vulnerability
- Move it to the top, didn't realize this before. Sorry

 

19:48 jkim 

Document latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb17-28.html

 

14:53 ashish 

- Correct package name in Emacs vulnerability
- Also add emacs-nox11 to the list

 

13:25 ashish 

- Document emacs vulnerability

 

16:54 ume 

Document cyrus-imapd vulnerability

Security:	CVE-2017-14230

 

20:13 sunpoet 

Fix indent

 

20:08 sunpoet 

Document Django vulnerability

 

18:25 truckman 

Correct vulnerability range for atril and atril-lite.

PR:		221867
Submitted by:	rkoberman@gmail.com
Security:	CVE-2017-1000083

 

12:01 cpm 

Document new vulnerabilities in www/chromium < 61.0.3163.79

Obtained
from:	https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html

 

16:52 feld 

Cancel CVE-2017-6419 for security/clamav

This only affected clamav-devel / the unreleased code for 0.99.3.

 

16:43 feld 

Document clamav vulnerability

PR:		221608
Security:	CVE-2017-6419

 

19:36 feld 

Document gdk-pixbuf2 vulnerabilities

Security:	CVE-2017-2862 CVE-2017-2870

 

07:32 madpilot 

Document vulnerabilities in asterisk ports.

 

15:46 cpm 

Document libgcrypt side-channel attack vulnerability

Security:	CVE-2017-0379

 

15:08 cpm 

Update pspp version range to 1.0.1

 

18:19 jrm 

security/vuxml: Add entry for multiple rubygems vulnerabilities reported
2017-08-29 at
https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Approved by:	swills

 

12:59 tobik 

Document vulnerabilities of www/kanboard

PR:		221826

 

01:01 swills 

Document issues in poppler

PR:		220608

 

12:54 tz 

Document vulnerabilities of mail/phpmailer

 

22:55 woodsb02 

Document salt security vulnerability

Obtained
from:	https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html

 

20:31 cpm 

Document dnsdist vulnerabilities

Obtained from:	https://dnsdist.org/security-advisories/index.html

 

18:22 swills 

Document security vulnerability in evince and atril

PR:		220713
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

 

17:22 swills 

Document SquirrelMail vulnerability

 

07:40 cpm 

Document vulnerabilities in math/pspp < 1.0.0

Obtained
from:	https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html

 

07:54 kwm 

Update the latest libsoup entry with the fixed version.

 

04:13 acm 

- Add entry about drupal8 vulnerabilities

 

10:45 brnrd 

security/vuxml: Document devel/libsoup vulnerability

 

15:15 dbaio 

security/vuxml: Document Zabbix vulnerability

Security:	CVE-2017-2824

 

19:18 dbaio 

security/vuxml: Document vulnerability in sysutils/py-supervisor

PR:		221539
Submitted by:	Franz Glasner <f.glasner@feldmann-mg.com>
Security:	CVE-2017-11610

 

09:01 tz 

Fix typo in affected versions of GitLab vulnerabilities

 

22:42 feld 

Document freeradius vulnerabilities

 

18:58 sunpoet 

Document Mercurial vulnerability

 

22:05 brnrd 

security/vuxml: Update recent MySQL entry

 - Changelog reveals MariaDB 10.0.31 and 10.1.25 vulnerable

 

16:34 adamw 

Match both dovecot and dovecot2.

Submitted by:	mat

 

16:09 adamw 

Chase dovecot2's rename to dovecot.

Reported by:	remko

 

13:59 lev 

 Add CVE-2017-9800 for subversion ports.

Security:	http://subversion.apache.org/security/CVE-2017-9800-advisory.txt

 

08:05 tz 

Document GitLab vulnerabilities

Security: CVE-2017-12426
Security:
https://vuxml.FreeBSD.org/freebsd/abcc5ad3-7e6a-11e7-93f7-d43d7e971a1b.html

 

00:03 dbaio 

security/vuxml: Consolidate duplicate Apache Commons FileUpload entries

This also remove a wrong entry that marks tomcat 6 as vulnerable

Approved by:	ports-secteam (zi)
Differential Revision:	https://reviews.freebsd.org/D11941

 

14:11 girgen 

Add CVE:s fixed in latest PostgreSQL release

 

05:54 jkim 

Document latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb17-23.html

 

07:18 brnrd 

security/vuxml: Document today's cURL vulnerabilities

 

00:27 dbaio 

security/vuxml: Document axis2 vulnerability

Security:	CVE-2016-1000031

 

17:25 jbeich 

security/vuxml: mark firefox < 55 as vulnerable

 

16:48 feld 

Update sqlite3 vuxml entry

The lower bound was incorrect. It has existed much longer than 3.17.0.

 

13:29 feld 

Document sqlite3 vulnerability

Security:	CVE-2017-10989

 

03:37 feld 

Fix Strongswan entries

PR:		220874

 

18:43 feld 

Document varnish vulnerability

Security:	https://varnish-cache.org/security/VSV00001.html

 

00:28 cpm 

Document new vulnerabilities in www/chromium < 60.0.3112.78

Obtained
from:	https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html

 

14:45 dbaio 

security/vuxml: Document vulnerability in cacti v1.1.13

Security:	CVE-2017-11691

 

09:55 mm 

security/vuxml: fix indent in last entry

 

09:53 mm 

security/vuxml: Add proftpd chroot secape vulnerability

Security:	CVE-2017-7418

 

15:06 mm 

security/vuxml: Add jabberd vulnerability

PR:		221014
Security:	CVE-2017-10807

 

18:17 kwm 

Document webkit2-gtk3 CVE's

 

12:27 swills 

Document gsoap vulnerability

 

18:19 brnrd 

security/vuxml: Add Percona to recent MySQL vulns

Security:	cda2f3c2-6c8b-11e7-867f-b499baebfeaf

 

14:19 brnrd 

security/vuxml: Correct MySQL versions

Security:	cda2f3c2-6c8b-11e7-867f-b499baebfeaf