14:39 brnrd 

security/vuxml: Add entry for www/nghttp2 < 1.7.1

  - Out of memory error in nghttpd, nghttp, and libnghttp2_asio
    applications

Reviewed by:	feld (secteam, mentor)
Approved by:	feld (secteam, mentor)
Depends on:	D5218
Differential Revision:	D5271

 

02:59 junovitch 

Document cross-site scripting vulnerabilities in Horde Groupware

Security:	CVE-2015-8807
Security:	CVE-2016-2228
Security:	https://vuxml.FreeBSD.org/freebsd/3aa8b781-d2c4-11e5-b2bd-002590263bf5.html

 

01:55 junovitch 

Fix dnscrypt-proxy reference URL (ihttps -> https)

 

22:35 girgen 

Document security problems in PostgreSQL

Security:	CVE-2016-0773, CVE-2016-0766

 

22:28 junovitch 

Reflect QEMU DoS vulnerabilities now fixed in qemu-sbruno/qemu-user-static

PR:		205813
Security:	CVE-2015-8345
Security:	CVE-2015-8567
Security:	CVE-2015-8568
Security:	CVE-2015-8613
Security:	CVE-2015-8619
Security:	CVE-2015-8701
Security:	https://vuxml.FreeBSD.org/freebsd/1384f2fd-b1be-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/62ab8707-b1bc-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/9ad8993e-b1ba-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/b3f9f8ef-b1bb-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/b56fe6bb-b1b1-11e5-9728-002590263bf5.html

 

13:08 kwm 

Document feb 8, 2016 flash vulnerabilities.

Security:	CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,
		CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,
		CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,
		CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,
		CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,
		CVE-2016-0984, CVE-2016-0985

 

00:10 feld 

Document dns/dnscrypt-proxy vulnerability

PR:		206938

 

00:07 feld 

Fix vuxml to pass `make validate`
An errant newline from the last entry caused "Error 1"

 

23:11 rene 

Document new vulnerabilities in www/chromium < 48.0.2564.109

Obtained
from:	http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html

 

20:30 feld 

Update graphics/graphite2 vulnerability details

I found a more comprehensive blog entry by Talos

 

20:23 feld 

Document graphics/graphite2 vulnerability

Security:	CVE-2016-1521

 

17:07 feld 

Fix duplicate "reports" in last entry

 

17:01 feld 

Document net-mgmt/xymon-server vulnerabilities

MFH:		2016Q1
Security:	CVE-2016-2054
Security:	CVE-2016-2055
Security:	CVE-2016-2056
Security:	CVE-2016-2057
Security:	CVE-2016-2058

 

10:55 miwi 

- Document php -- pcre vulnerability

 

10:39 rakuco 

Document multiple vulnerabilities in graphics/py-imaging and graphics/py-pillow.

Security:	CVE-2016-0740
Security:	CVE-2016-0775

 

11:23 riggs 

Document remote denial of service in ffmpeg before 2.8.6 and
mencoder / mplayer before 1.2.r20151219_3

 

20:04 junovitch 

Update version of net/samba36 package to reflect it is still unpatched

PR:		206808
Reported by:	Marcin Gryszkalis <mg@fork.pl>
Security:	CVE-2015-5252
Security:	CVE-2015-5296
Security:	CVE-2015-5299
Security:	https://vuxml.FreeBSD.org/freebsd/ef434839-a6a4-11e5-8275-000c292e4fd8.html

 

16:32 kwm 

Document shotwell failure to validate TLS certificates.

PR:		206807

 

11:03 kwm 

Document webkit CVE-2014-1748.

If people look at the announcement, CVE-2014-3192 is already fixed. This
CVE was against chromium, and the same code in 2.4.9 is in webkit trunk
so I assume it already fixed.

CVE-2013-6663 is for webkit < 2.4.0, and the rest of the CVE's are for
apple products without any attached patches.

PR:		205683
Obtained from:	http://webkitgtk.org/security/WSA-2015-0002.html

 

10:35 koobs 

security/vuxml: Add CVE-2016-1494 for security/py-rsa

PR:		206746
Reported by:	 Sevan Janiyan <venture37 geeklan co.uk>

 

09:25 madpilot 

Document new asterisk ports vulnerabilities.

 

17:16 feld 

Document py-salt vulnerability

Security:	CVE-2016-1866

 

22:44 sunpoet 

- Document Ruby on Rails multiple vulnerabilities

 

11:05 kwm 

Document that the linux curl ports are still vulnerable.

Submitted by:	xmj@

 

22:05 feld 

Document net/socat vulnerability

 

07:37 jbeich 

Document recent Mozilla vulnerabilities

PR:		206637
Submitted by:	Christoph Moench-Tegeder <cmt@burggraben.net>

 

02:42 junovitch 

Document multiple vulnerabilities in gdcm

PR:		206590
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2015-8396
Security:	CVE-2015-8397
Security:	https://vuxml.FreeBSD.org/freebsd/e00d8b94-c88a-11e5-b5fe-002590263bf5.html

 

10:00 miwi 

- Fix x11/linux-c6-xorg-libs entry as fixed
- Also fix modify date

Reported by: Terry Kennedy <TERRY@glaver.org>

 

18:42 miwi 

- Mark linux-c6* entys as fixed

 

16:53 brnrd 

ftp/curl: Fix vuxml version check

Reviewed by:	Erandir, miwi (ports-secteam)
Approved by:	miwi (ports-secteam)

 

05:37 feld 

vuxml: fix version range for nginx which has a PORTEPOCH

 

05:29 feld 

Document www/nginx vulnerabilities

Security:	CVE-2016-0742
Security:	CVE-2016-0746
Security:	CVE-2016-0747

 

16:53 feld 

Document www/typo3 and www/typo3-lts vulnerabilities

PR:		206723

 

16:44 feld 

vuxml: Fix owncloud discovery date

 

16:43 feld 

Document www/nghttp2 vulnerability

PR:		206727
Security:	CVE-2015-8659

 

16:36 feld 

vuxml: Fix openssl entry so `make validate` doesn't throw errors

 

16:35 feld 

Document www/owncloud vulnerabilities

PR:		206724
Security:	CVE-2016-1498
Security:	CVE-2016-1499
Security:	CVE-2016-1500

 

15:38 feld 

vuxml: radicale entry needs python prefixes for packagename

PR:		206717

 

15:33 feld 

Document www/radicale vulnerabilities

Security:	CVE-2015-8747
Security:	CVE-2015-8748

 

22:45 matthew 

Add 9 security advisories for phpMyAdmin:

 [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
 [Security] Unsafe generation of CSRF token, see PMASA-2016-2
 [Security] Multiple XSS vulnerabilities, see PMASA-2016-3
 [Security] Insecure password generation in JavaScript, see PMASA-2016-4
 [Security] Unsafe comparison of CSRF token, see PMASA-2016-5
 [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
 [Security] XSS vulnerability in normalization page, see PMASA-2016-7
 [Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8
 [Security] XSS vulnerability in SQL editor, see PMASA-2016-9

 

21:00 lx 

vuxml for prosody CVE-2016-0756.

PR:		206707
Submitted by: Anton Shestakov

 

15:20 dinoex 

- report OpenSSL 1.0.2e vulnerability
MFH:		2016Q1

 

16:01 brnrd 

security/vuxml: Document cURL vulnerability

Reviewed by:	feld (ports-secteam, mentor), koobs (mentor)
Approved by:	feld (ports-secteam, mentor)
Security:	CVE-2016-0755
Security:	https://vuxml.FreeBSD.org/freebsd/8b27f1bc-c509-11e5-a95f-b499baebfeaf.html
Differential Revision:	D5091

 

04:18 junovitch 

Document Wordpress cross site scripting vulnerability

Security:	CVE-2016-1564
Security:	https://vuxml.FreeBSD.org/freebsd/fb754341-c3e2-11e5-b5fe-002590263bf5.html

 

03:13 junovitch 

Document recent privoxy security vulnerabilities

While here, catch up on the prior release's advisories for completeness

PR:		206504
Security:	CVE-2016-1982
Security:	CVE-2016-1983
Security:	https://vuxml.FreeBSD.org/freebsd/a763a0e7-c3d9-11e5-b5fe-002590263bf5.html

 

01:36 junovitch 

Document potential privilege escalation via symlink misconfiguration in sudo

PR:		206592
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2015-5602
Security:	https://vuxml.FreeBSD.org/freebsd/2e8cdd36-c3cc-11e5-b5fe-002590263bf5.html

 

19:21 feld 

Document graphics/imlib2 vulnerabilities

PR:		206372
Security:	CVE-2014-9762
Security:	CVE-2014-9763
Security:	CVE-2014-9764

 

17:20 feld 

Recent BIND vulnerabilities are supposed to be in separate entries

 

21:49 rene 

Document new vulnerabilities in www/chromium < 48.0.2564.82

PR:		206474
Submitted by:	Christoph Moench-Tegeder
Obtained
from:	http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html

 

09:30 delphij 

Document NTP multiple vulnerabilities.

 

23:41 junovitch 

Document cgit -- multiple vulnerabilities

PR:		206417
Security:	CVE-2016-1899
Security:	CVE-2016-1900
Security:	CVE-2016-1901
Security:	https://vuxml.FreeBSD.org/freebsd/62c0dbbd-bfce-11e5-b5fe-002590263bf5.html

 

16:32 feld 

Document bind vulnerabilities

Security:	CVE-2015-8704
Security:	CVE-2015-8705

 

16:52 pawel 

Document claws-mail CVE

Security:	CVE-2015-8614

 

08:35 sunpoet 

- Fix libproxy range

 

23:50 junovitch 

Document several vulnerabilities in libarchive

PR:		200176
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2013-0211
Security:	CVE-2015-2304
Security:	https://vuxml.FreeBSD.org/freebsd/7c63775e-be31-11e5-b5fe-002590263bf5.html

 

14:04 junovitch 

Document go information disclosure vulnerability

Security:	CVE-2015-8618
Security:	https://vuxml.FreeBSD.org/freebsd/6809c6db-bdeb-11e5-b5fe-002590263bf5.html

 

06:16 riggs 

Correct vulerable package version entries for ffmpeg entry in r406293

 

18:06 feld 

Document isc-dhcpd CVE

Security:	CVE-2015-8605

 

11:33 rakuco 

Document CVE-2012-4504 in net/libproxy and its slave ports.

Security:	CVE-2012-4504

 

10:27 riggs 

Document usage of vulnerable ffmpeg prior to 2.8.5 in mplayer/mencoder

 

10:12 riggs 

Document zero day remote vulnerability in ffmpeg 2.0.0 - 2.8.4

PR:		206282

 

17:47 bdrewery 

Fix OpenSSH version ranges.

Reported by:	sunpoet

 

15:22 miwi 

- Document h2o -- directory traversal vulnerability

PR:		206193

 

19:34 bdrewery 

Document OpenSSH CVE-2016-0777 and CVE-2016-0778.

Submitted by:	brnrd

 

00:25 junovitch 

Document two vulnerabilities in Prosody

PR:		206150
Reported by:	Anton Shestakov <av6@dwimlabs.net>
Security:	CVE-2016-1232
Security:	CVE-2016-1231
Security:	https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html

 

23:57 junovitch 

Document Kibana 4.x XSS vulnerabilty

PR:		205961
PR:		205962
PR:		205963
Security:	https://vuxml.FreeBSD.org/freebsd/a7a4e96c-ba50-11e5-9728-002590263bf5.html

 

14:50 rakuco 

Add entry for CVE-2015-8607 in devel/p5-PathTools.

Security:	CVE-2015-8607

 

11:07 miwi 

- php -- multiple vulnerabilities

 

13:42 rakuco 

Add entry for CVE-2015-8557 in textproc/py-pygments.

 

18:49 feld 

Add openjdk7 to the existing java vuxml entry

PR:		204268

 

18:44 feld 

Document polkit vulnerabilities

PR:		204235
Security:	CVE-2015-4625
Security:	CVE-2015-3218
Security:	CVE-2015-3255
Security:	CVE-2015-3256

 

18:23 feld 

Document net/librsync collision vulnerability

PR:		204237
Security:	CVE-2014-8242

 

17:55 feld 

Document fixed version of graphics/exact-image

Security:	CVE-2015-3885

 

17:25 feld 

Document devel/m6811-binutils is also vuln to older CVEs

PR:		198815
Security:	CVE-2014-8501
Security:	CVE-2014-8502
Security:	CVE-2014-8503

 

06:16 delphij 

Document ntp remote denial of service vulnerability.

 

01:31 junovitch 

Document two dhcpcd vulnerabilities

PR:		206015
Security:	CVE-2016-1504
Security:	CVE-2016-1503
Security:	https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html

 

11:53 tijl 

Fix Polar SSL version in r405428

 

11:45 tijl 

Document mbedTLS/PolarSSL SLOTH vulnerability

Security:	https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released

 

07:30 delphij 

Correct version range in kea entry.

Submitted by:	Brian Martin <bmartin tenable.com>

 

00:49 junovitch 

Document Xen Security Advisories (XSAs 159, 160, 162, 165, 166)

PR:		205841
Security:	CVE-2015-8555
Security:	CVE-2015-8341
Security:	CVE-2015-8339
Security:	CVE-2015-8340
Security:	https://vuxml.FreeBSD.org/freebsd/6aa2d135-b40e-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/e839ca04-b40d-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/5d1d4473-b40d-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/bcad3faa-b40c-11e5-9728-002590263bf5.html

 

15:00 rakuco 

Document CVE-2015-8665 and CVE-2015-8683 in graphics/tiff.

 

14:27 miwi 

- Cleanup empty lines

 

13:46 ehaupt 

Another fix caused by r405285. Use package name in topic instead of origin.

 

13:30 ehaupt 

Fix package name.

Notified by:	gjb

 

13:06 ehaupt 

Document CVE-2015-7696, CVE-2015-7697

PR:		165091
Submitted by:   brnrd

 

12:58 rakuco 

Document CVE-2015-8369 in net-mgmt/cacti.

 

18:13 hrs 

Document CVE-2015-8373.

 

22:34 rene 

Document a buffer overflow in www/mini_httpd < 1.23

Obtained from:	http://acme.com/updates/archive/192.html

 

15:21 junovitch 

Extend VuXML entry for QEMU DoS in AMD PC-Net II NIC support to cover Xen

PR:		205841
Security:	CVE-2015-7504
Security:	https://vuxml.FreeBSD.org/freebsd/405446f4-b1b3-11e5-9728-002590263bf5.html

 

02:25 junovitch 

Document recent QEMU denial of service vulnerabilities

PR:		205813
PR:		205814
Security:	CVE-2015-8701
Security:	CVE-2015-8666
Security:	CVE-2015-8619
Security:	CVE-2015-8613
Security:	CVE-2015-8567
Security:	CVE-2015-8568
Security:	CVE-2015-8558
Security:	CVE-2015-7549
Security:	CVE-2015-8504
Security:	CVE-2015-7504
Security:	CVE-2015-7512
Security:	CVE-2015-8345
Security:	https://vuxml.FreeBSD.org/freebsd/1384f2fd-b1be-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/152acff3-b1bd-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/62ab8707-b1bc-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/b3f9f8ef-b1bb-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/9ad8993e-b1ba-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/60cb2055-b1b8-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/3fb06284-b1b7-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/67feba97-b1b5-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/405446f4-b1b3-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/b56fe6bb-b1b1-11e5-9728-002590263bf5.html

 

13:23 junovitch 

Document several older QEMU vulnerabilities

Security:	CVE-2015-7295
Security:	CVE-2015-5278
Security:	CVE-2015-5279
Security:	CVE-2015-6855
Security:	CVE-2015-6815
Security:	CVE-2015-5239
Security:	https://vuxml.FreeBSD.org/freebsd/42cbd1e8-b152-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/6aa3322f-b150-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/bbc97005-b14e-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/10bf8eed-b14d-11e5-9728-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/8a560bcf-b14b-11e5-9728-002590263bf5.html

 

20:50 junovitch 

Document several older QEMU vulnerabilities

Security:	CVE-2015-3214
Security:	CVE-2015-5158
Security:	CVE-2015-5225
Security:	CVE-2015-5745
Security:	https://vuxml.FreeBSD.org/freebsd/2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28.html
Security:	https://vuxml.FreeBSD.org/freebsd/21e5abe3-b0c6-11e5-8d13-bc5ff45d0f28.html
Security:	https://vuxml.FreeBSD.org/freebsd/a267cd6c-b0c4-11e5-8d13-bc5ff45d0f28.html
Security:	https://vuxml.FreeBSD.org/freebsd/aea8d90e-b0c1-11e5-8d13-bc5ff45d0f28.html

 

14:57 feld 

Document lang/mono vulnerability

Security:	CVE-2009-0689

 

18:55 kwm 

Document latest flash vulnabilities.

Security:	CVE-2015-8459, CVE-2015-8460, CVE-2015-8634,
		CVE-2015-8635, CVE-2015-8636, CVE-2015-8638,
		CVE-2015-8639, CVE-2015-8640, CVE-2015-8641,
		CVE-2015-8642, CVE-2015-8643, CVE-2015-8644,
		CVE-2015-8645, CVE-2015-8646, CVE-2015-8647,
		CVE-2015-8648, CVE-2015-8649, CVE-2015-8650,
		CVE-2015-8651

 

17:02 feld 

Document assigned CVE to irc/inspircd

Security:	CVE-2015-8702

 

13:36 feld 

Document irc/inspircd DoS

No CVE assigned yet

 

18:21 jbeich 

Document recent ffmpeg vulnerabilities

 

18:18 jbeich 

Document NSS vulnerability fixed by ports r404007

PR:		205652
Reported by:	Christoph Moench-Tegeder <cmt@burggraben.net>

 

12:59 matthew 

Document the latest phpMyAdmin security advisory.

 

15:57 rakuco 

Add an entry for CVE-2015-0860 in archivers/dpkg.