| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Wednesday, 7 Apr 2021
|
11:24 Philip Paeps (philip) 
security/vuxml: add FreeBSD SA to CVE-2021-3449/50
Note that FreeBSD 12.2 prior to FreeBSD 12.2-RELEASE-p5 was vulnerable
to CVE-2021-3449 and CVE-2021-3450. Reference FreeBSD-SA-21:07.openssl.
    5fc1c8e |
11:24 Philip Paeps (philip)
security/vuxml: add FreeBSD SA-21:08.vm
f564431 |
11:24 Philip Paeps (philip)
security/vuxml: add FreeBSD SA-21:09.accept_filter
ea0a047 |
|
Tuesday, 6 Apr 2021
|
14:31 Mathieu Arnold (mat)
all: Remove all other $FreeBSD keywords.
135fdee |
13:53 Koichiro Iwao (meta)
security/vuxml: Document XML round-trip vulnerability of REXML in Ruby
Document XML round-trip vulnerability of REXML in Ruby.
PR: 254793
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Security: CVE-2021-28965
cbbdab4 |
08:46 Rene Ladan (rene)
Document new vulnerabilities in www/chromium < 89.0.4389.114
Obtained from:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
a841610 |
08:01 Matthias Fechner (mfechner)
Document gitlab-ce vulnerabilities.
b1a2d52 |
|
Sunday, 28 Mar 2021
|
21:37 mandree
security/linux-c7-nettle: mark vulnerable, too
See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254355#c14
PR: 254355
Reported by: Graham Perrin <grahamperrin@gmail.com>
  |
03:20 timur
Add entry about recent Samba4* vulnerabilities:
CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by
sending easily crafted DNs as part of a bind request. More serious heap
corruption is likely also possible.
CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP
server may crash the LDAP server.
Security: CVE-2020-27840
CVE-2021-20277
|
|
Saturday, 27 Mar 2021
|
11:12 mandree
vuln.xml: mention nettle < 3.7.2 ECDSA verify bugs
Security: 80f9dbd3-8eec-11eb-b9e8-3525f51429a0
|
|
Friday, 26 Mar 2021
|
08:09 brnrd
security/vuxml: Document High OpenSSL vulnerabilities
* While here, fix incorrect year in ec04f3d0-8cd9-11eb-bb9f-206a8a720317
|
|
Wednesday, 24 Mar 2021
|
20:02 cy
security/vuxml: Document spamassassin CVE-2020-1946
PR: 254526
Security: https://s.apache.org/ng9u9
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
|
03:15 adamw
security/vuxml: Add entry for gitea < 1.13.6
PR: 254515
Submitted by: maintainer
|
|
Sunday, 21 Mar 2021
|
18:30 adamw
security/vuxml: Add entry for gitea < 1.13.5
PR: 254468
Submitted by: maintainer
|
|
Thursday, 18 Mar 2021
|
20:52 bdrewery
OpenSSH CVE-2021-28041 fixed in 8.4.p1_4,1.
Also add flavored package names.
|
19:30 bdrewery
Document OpenSSH CVE-2021-28041
PR: 254258
Submitted by: Yasuhiro Kimura
|
14:05 mfechner
Document gitlab vulnerability.
|
00:27 mandree
fixup PORTEPOCH for dnsmasq-devel
which used to be at 3 already earlier. Adjust vuxml entry accordingly.
Security: CVE-2021-3448
Security: 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46
|
00:23 mandree
fixup version range for dnsmasq[-devel] to 2.85.r1,1 not 2.85r1,1
Security: 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46
Security: CVE-2021-3448
|
00:09 mandree
vuxml: Add dnsmasq < 2.85 cache poisoning vulnerability.
This affects only certain dnsmasq configurations,
and use of dnsmasq with NetworkManager.
Security: CVE-2021-3448
|
|
Wednesday, 17 Mar 2021
|
13:04 swills
Document minio issue
|
|
Tuesday, 16 Mar 2021
|
15:42 brnrd
security/vuxml: Document LibreSSL potential use-after-free
|
08:50 rene
Document new vulnerabilities in www/chromium < 89.0.4389.90
Obtained
from: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
|
|
Monday, 15 Mar 2021
|
20:16 crees
Document CVE-2015-4645 in sysutils/squashfs-tools
Security: CVE-2015-4645
|
|
Thursday, 11 Mar 2021
|
14:01 fernape
security/vuxml: Fix www/gitea entry.
s/1.13.24/1.13.4
PR: 254130
Reported by: clubok@gmx.net
|
|
Wednesday, 10 Mar 2021
|
23:37 dmgk
security/vuxml: Document lang/go vulnerabilities
|
18:45 nc
Document vulnerabilities in www/gitea < 1.13.4
PR: 254130
Submitted by: stb AT lassitu DOT de (maintainer)
|
14:03 lwhsu
Document vulnerabilities in databases/mantis <2.24.4
PR: 252612
Submitted by: Zoltan ALEXANDERSON BESSE <zab@zltech.eu>
|
|
Tuesday, 9 Mar 2021
|
06:26 bhughes
security/vuxml: document Node.js February 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Sponsored by: Miles AS
|
|
Friday, 5 Mar 2021
|
21:18 mfechner
Document gitlab vulnerabilities.
|
|
Thursday, 4 Mar 2021
|
19:48 madpilot
Report new asterisk vulnerability.
|
09:51 rene
Document new vulnerabilities in www/chromium < 89.0.4389.72
Obtained
from: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
|
|
Wednesday, 3 Mar 2021
|
18:18 sunpoet
Document jasper vulnerability
|
06:41 ohauer
- add CVE entries for saltstack
|
|
Tuesday, 2 Mar 2021
|
15:17 osa
Fix the redis5 affected versions.
|
|
Saturday, 27 Feb 2021
|
01:49 swills
Document vault issue
|
|
Thursday, 25 Feb 2021
|
02:33 philip
security/vuxml: add FreeBSD SA-21:04.jail_remove
|
02:33 philip
security/vuxml: add FreeBSD SA-21:06.xen
|
02:33 philip
security/vuxml: add FreeBSD SA-21:05.jail_chdir
|
02:33 philip
security/vuxml: add FreeBSD SA-21:03.pam_login_access
|
|
Tuesday, 23 Feb 2021
|
13:57 osa
Document integer overflow on 32-bit systems (CVE-2021-21309):
o) databases/redis5
o) databases/redis
o) databases/redis-devel
|
01:04 leres
security/vuxml: Mark zeek < 3.0.13 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.13
Fix ASCII Input reader's treatment of input files containing
null-bytes. An input file containing null-bytes could lead to a
buffer-over-read, crash Zeek, and be exploited to cause Denial of
Service.
|
|
Saturday, 20 Feb 2021
|
16:38 adridg
Add vuxml entry for textproc/raptor2 CVE
PR: 251102
|
02:36 lwhsu
Connect vuln-2020.xml (2/2)
|
02:20 lwhsu
Document Jenkins Security Advisory 2021-02-19
Sponsored by: The FreeBSD Foundation
|
|
Thursday, 18 Feb 2021
|
20:41 madpilot
Report new asterisk vulnerabilities.
|
18:18 brnrd
security/openssl-devel: Mark vulnerable CVE-2021-23841
MFH: 2021Q1
Security: 96a21236-707b-11eb-96d8-d4c9ef517024
|
|
Wednesday, 17 Feb 2021
|
18:30 sunpoet
Document rails vulnerability
|
12:47 rene
Document new vulnerabilities in www/chromium < 88.0.4324.182
Obtained
from: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
|
|
Tuesday, 16 Feb 2021
|
17:35 brnrd
security/vuxml: Document OpenSSL 1.1.1i vulnerabilities
|
|
Friday, 12 Feb 2021
|
20:44 mandree
openexr/ilmbase < v2.5.5 security vulnerabilities
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5
Security: 98044aba-6d72-11eb-aed7-1b1b8a70cc8b
|
13:28 mfechner
Document gitlab vulnerabilities.
|
04:47 nc
Add security/vuxml entry for CVE-2021-21291 affecting www/oauth2-proxy < 7.0.0.
While I'm here, fix formatting for mod_dav_svn CVE-2020-17525 vuxml entry,
MFH: 2021Q1
|
|
Wednesday, 10 Feb 2021
|
17:45 gjb
Fix build.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
17:09 lev
Document https://subversion.apache.org/security/CVE-2020-17525-advisory.txt.
|
|
Sunday, 7 Feb 2021
|
02:54 adamw
security/vuxml: Add entry for gitea < 1.13.2
PR: 253295
Submitted by: maintainer
|
|
Saturday, 6 Feb 2021
|
00:05 rene
Document new vulnerability in www/chromium < 88.0.4324.150
Obtained
from: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
|
|
Wednesday, 3 Feb 2021
|
20:06 rene
Document new vulnerabilities in www/chromium < 88.0.4324.146
Obtained
from: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html
|
|
Tuesday, 2 Feb 2021
|
07:50 mfechner
Document gitlab-ce vulnerabilities.
|
|
Sunday, 31 Jan 2021
|
21:55 swills
Document minio issue
|
|
Friday, 29 Jan 2021
|
06:47 philip
security/vuxml: add FreeBSD SA-21:02.xenoom
|
06:47 philip
security/vuxml: add FreeBSD SA-21:01.fsdisclosure
|
|
Thursday, 28 Jan 2021
|
12:51 lcook
security/vuxml: Document graphics/pngcheck vulnerability
PR: 253019
Approved by: fernape (mentor)
Differential Revision: https://reviews.freebsd.org/D28308
|
|
Tuesday, 26 Jan 2021
|
20:28 cy
Document sudo CVE-2021-3156.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
PR: 253034
Reported by: "Todd C. Miller" <Todd.Miller@sudo.ws> via mailing list
emaste
Obtained from: sudo
|
17:56 sunpoet
Document py-pysaml2 vulnerability
|
13:21 lwhsu
Document Jenkins Security Advisory 2021-01-26
Sponsored by: The FreeBSD Foundation
|
|
Monday, 25 Jan 2021
|
17:16 bapt
Rework the entity declaration
when expanded they will look better (as when the file was not split)
While here cleanup some indentation
|
|
Saturday, 23 Jan 2021
|
18:19 otis
security/vuxml: Document mail/mutt vulnerability
Document mail/mutt vulnerability CVE-2021-3181
PR: 252931
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com>
Reported by: Derek Schrock <dereks@lifeofadishwasher.com>
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D28308
|
17:46 gjb
Fix build.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
14:46 brnrd
security/vuxml: Add new MySQL vulnerabilities
|
|
Friday, 22 Jan 2021
|
20:37 rene
Document new vulnerabilities in www/chromium < 88.0.4324.96
Obtained
from: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
|
09:33 jhale
Document CVE-2020-15983 for games/chocolate-doom and games/crispy-doom
|
00:22 mfechner
Made clear how to test now entries against the newly formatted file.
|
00:13 gjb
Fix build.
Yes, please do FIXME.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
00:09 mfechner
Added security vulnerability for rubygem-nokogiri.
|
|
Thursday, 21 Jan 2021
|
13:19 bapt
Split vuln.xml file [2/2]
The vuln.xml file has grown a lot since 2003. To avoid having to unlock
the svn size limitation, the file is now split into 1 file per year up
to the current year + previous one. The split is made based on the date
when the entry has been added.
In order to achieve the split without breaking any consumer we use a standard
XML mechanism via the definition of entities.
While here add a new target make vuln-flat.xml which will expand the entities
in order to be able to regenerate a one uniq file if needed. This useful to for
example allow to test with pkg audit directly given the XML parser used in pkg
does not support custom entities.
The vuxml web site generator has been modified to ensure the vuln.xml file it
provides is the expanded version, so for consumers it is still only one single
file to download.
|
|
Wednesday, 20 Jan 2021
|
19:25 mandree
dns/dnsmasq-devel: mark stale name vulnerable, too
dnsmasq-devel isn't currently in ports, but if someone never
switched to dnsmasq, we should also flag the older dnsmasq-devel
vulnerable.
Security: 5b5cf6e5-5b51-11eb-95ac-7f9491278677
|
19:11 mandree
dns/dnsmasq < 2.83 vulnerabilities (buffer overflow, DNS cache poisoning)
Security: 5b5cf6e5-5b51-11eb-95ac-7f9491278677
Security: CVE-2020-25684
Security: CVE-2020-25685
Security: CVE-2020-25686
Security: CVE-2020-25681
Security: CVE-2020-25682
Security: CVE-2020-25683
Security: CVE-2020-25687
|
00:25 dmgk
security/vuxml: Document lang/go vulnerabilities
|
|
Tuesday, 19 Jan 2021
|
21:12 jrm
security/vuxml: Fix range of affected cloud-init versions
|
20:47 jrm
security/vuxml: Document vulnerability in cloud-init version 20.4
https://bugs.launchpad.net/cloud-init/+bug/1911680
Reported by: Mina Galic <me@igalic.co>
|
|
Monday, 18 Jan 2021
|
08:21 lwhsu
Document CVE-2020-25074 and CVE-2020-15275 for www/moinmoin
|
|
Sunday, 17 Jan 2021
|
22:23 0mp
Document ghostscript9-agpl-base vulnerability committed in r544907
PR: 248580
Requested by: joneum (ports-secteam)
Reported by: VVD <vvd@unislabs.com>
MFH: 2021Q1
Security: CVE-2020-15900
|
|
Thursday, 14 Jan 2021
|
20:37 bhughes
security/vuxml: document Node.js January 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
Sponsored by: Miles AS
|
12:03 mfechner
Document gitlab vulnerability.
|
07:30 riggs
Document integer overflow in wavpack (CVE-2020-35738).
|
|
Wednesday, 13 Jan 2021
|
17:32 lwhsu
Document Jenkins Security Advisory 2021-01-13
Sponsored by: The FreeBSD Foundation
|
|
Tuesday, 12 Jan 2021
|
21:20 flo
Document phpmyfaq vulnerability
|
04:27 cy
Document sudo CVE-2021-23239.
|
|
Sunday, 10 Jan 2021
|
08:26 sunpoet
Document cairosvg vulnerability
|
|
Saturday, 9 Jan 2021
|
20:06 mfechner
Document gitlab vulnerabilities.
|
|
Thursday, 7 Jan 2021
|
15:09 rene
Document new vulnerabilities in www/chromium < 87.0.4280.141
Obtained
from: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
|
|
Wednesday, 6 Jan 2021
|
14:11 pi
security/vuxml: add dovecot CVE-2020-24386
PR: 252415
Submitted by: Evilham <contact@evilham.com>
Relnotes: https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
|
|
Friday, 1 Jan 2021
|
16:05 adamw
security/vuxml: Add entry for gitea < 1.13.1
PR: 252310
Submitted by: maintainer
|
04:31 jrm
Document inspircd vulnerabilitiy
PR: 252291
Reported by: Sadie Powell <sadie@witchery.services>
|
|
Monday, 28 Dec 2020
|
13:15 riggs
Document CVE-2020-0543 for Intel CPUs.
PR: 247197
Submitted by: spam123@bitbert.com
|
|
Tuesday, 22 Dec 2020
|
22:44 madpilot
Document new asterisk vulnerabilities.
|
14:16 otis
Document vulns for powerdns and postsrsd
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D27706
|
|
Saturday, 19 Dec 2020
|
13:16 riggs
Correct entries for mantis and libX11 (missing PORTEPOCH in package string).
PR: 251168
Submitted by: zab@zltech.eu
|
|
Thursday, 17 Dec 2020
|
21:09 swills
Document vault issue
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.