| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Sunday, 26 Apr 2015
|
06:34 delphij 
Document PHP multiple vulnerabilities.
Submitted by: Bernard Spil <spil.oss gmail com>
  |
|
Friday, 24 Apr 2015
|
16:52 kwm
There are actualy two chinese wordpress ports, which have both different
suffixes. List them both.
|
15:42 kwm
Add wordpress vulnabilities.
|
|
Wednesday, 22 Apr 2015
|
07:40 novel
Add an entry for security/libtasn1 vulnerability.
Security: CVE-2015-2806
|
|
Tuesday, 21 Apr 2015
|
02:41 jbeich
Document new Firefox vulnerability. CVE-2015-2706
|
|
Saturday, 18 Apr 2015
|
10:17 jbeich
Document sqlite3 multiple vulnerabilites
PR: 199483
|
09:27 jbeich
Document chrony multiple vulnerabilites.
PR: 199508
|
|
Friday, 17 Apr 2015
|
22:11 jbeich
Document new Dulwich vulnerability. CVE-2015-0838
PR: 199162
Submitted by: Marco Broder (maintainer)
|
10:09 xmj
Register Flash vulnerabilities.
Affected: www/linux-*-flashplugin11.
|
08:04 jbeich
Document Wesnoth vulnerability. CVE-2015-0844
PR: 199414
|
|
Tuesday, 14 Apr 2015
|
08:33 rakuco
Add entry for CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860.
Multiple vulnerabilities in Qt image format handling (the 3 CVEs are part of
the same security advisory).
|
00:50 swills
Document issues in ruby
|
|
Thursday, 9 Apr 2015
|
19:35 mandree
Add mailman < 2.1.20 vulnerability.
Port update to arrive shortly.
|
|
Wednesday, 8 Apr 2015
|
21:46 madpilot
Document new asterisk ports vulnerability.
|
|
Tuesday, 7 Apr 2015
|
23:48 delphij
Document NTP multiple vulnerabilities.
|
|
Friday, 3 Apr 2015
|
23:42 jbeich
Document mozilla vulnerabilities in Firefox 37.0
|
16:34 riggs
Document multiple vulnerabilities in multimedia/libav prior to version 11.3
PR: 198873
Submitted by: venture37@geeklan.co.uk
MFH: 2015Q2
|
|
Wednesday, 1 Apr 2015
|
20:03 delphij
Document multiple vulnerabilities of PHP.
Submitted by: Bernard Spil <bernard bachfreund nl>
|
|
Tuesday, 31 Mar 2015
|
20:16 ohauer
- document subversion issues
http://subversion.apache.org/security/
Security: CVE-2015-0202
Security: CVE-2015-0248
Security: CVE-2015-0251
|
18:40 jbeich
Document mozilla vulnerabilities
|
16:10 amdmi3
Add vulnerability for devel/osc.
Security: CVE-2015-0778
PR: 198876
Submitted by: venture37@geeklan.co.uk
|
14:51 naddy
Document GNU cpio vulnerabilities CVE-2014-9112 and CVE-2015-1197.
|
|
Saturday, 28 Mar 2015
|
16:50 makc
Document libzip vulnerability CVE-2015-2331
|
|
Friday, 27 Mar 2015
|
05:33 lwhsu
Document django vulnerability CVE-2015-2316 and CVE-2015-2317
|
|
Wednesday, 25 Mar 2015
|
13:13 dvl
Revert my previous commit.
|
13:03 dvl
Convert non-ASCII quotes to ASCII characters
Approved by: mat (mentor)
|
|
Tuesday, 24 Mar 2015
|
23:20 jgh
- fixing package name
$ make -C /usr/ports/devel/mingw64-binutils/ -V PKGNAME
x86_64-pc-mingw32-binutils-2.23.2_1
|
22:15 zi
- Fix vuxml build: bad package names in f6a014cd-d268-11e4-8339-001e679db764
- Fix blockquote style to match rest
|
21:32 brooks
The ancient version of binutils in the cross-binutils port suffers for
several vulnerabilities.
This also effects devel/mingw64-binutils.
PR: 198816
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
|
16:11 vanilla
Document nodejs (libuv) CVE-2015-0278.
PR: 198861
Submitted by: venture37@geeklan.co.uk
|
12:17 xmj
Document vulnerable linux-c6-openssl versions in vuxml entry from 2015-03-19
Approved by: swills (mentor)
|
06:22 lwhsu
Document Jenkins Security Advisory 2015-03-23
|
|
Sunday, 22 Mar 2015
|
04:45 jbeich
Document mozilla issues disclosed at HP Zero Day Initiative's Pwn2Own
|
|
Thursday, 19 Mar 2015
|
22:54 delphij
Mention LibreSSL too. Use <ul>'s per suggestion from vsevolod [1].
PR: 198718 [1]
|
21:21 delphij
Document OpenSSL multiple vulnerabilities.
|
|
Wednesday, 18 Mar 2015
|
09:07 kwm
Record new libXfont security issues.
|
|
Monday, 16 Mar 2015
|
17:01 xmj
Add latest security vulnerabilities in linux-*-flashplugin11:
CVE-2015-0332
CVE-2015-0333
CVE-2015-0334
CVE-2015-0335
CVE-2015-0336
CVE-2015-0337
CVE-2015-0338
CVE-2015-0339
CVE-2015-0340
CVE-2015-0341
CVE-2015-0342
Differential Revision: https://reviews.freebsd.org/D2061
Approved by: swills (mentor)
|
|
Friday, 13 Mar 2015
|
04:08 brd
Add vulnerability for mail/sympa.
Approved by: bapt
Security: CVE-2015-1306
|
|
Sunday, 8 Mar 2015
|
11:55 matthew
Document latest security vulnerabilities in rt42 and rt40:
CVE-2014-9472
CVE-2015-1165
CVE-2015-1464
|
11:41 matthew
Document the latest phpMyAdmin vulnerability: CVE-2015-2206
|
|
Saturday, 7 Mar 2015
|
17:17 romain
Document mono TLS bugs.
Reported by: delphij
|
|
Thursday, 5 Mar 2015
|
22:10 mandree
Document recently fixed PuTTY < 0.64 vuln. CVE-2015-2157.
|
|
Wednesday, 4 Mar 2015
|
23:18 rene
Document new vulnerabilities in www/chromium < 41.0.2272.76
Submitted by: Carlos Jacobo Puga Medina
Obtained from: http://googlechromereleases.blogspot.nl/
|
23:05 rakuco
Add entry for CVE-2015-0295 in qt4-gui and qt5-gui.
|
|
Sunday, 1 Mar 2015
|
03:42 swills
Add entry for security issue in jenkins
Reviewed by: zi
|
|
Friday, 27 Feb 2015
|
08:28 jbeich
Fix typo: s/MSFA/MFSA/. The source to follow later.
https://bugzilla.mozilla.org/show_bug.cgi?id=1137604
|
07:14 jbeich
Document mozilla vulnerabilities
|
|
Thursday, 26 Feb 2015
|
19:58 brd
Document vulnerablities in php for CVE-2015-0235 and CVE-2015-0273.
Approved by: zi (mentor)
|
01:12 cy
Document bugs fixed in krb5 1.11.6.
* Handle certain invalid RFC 1964 GSS tokens correctly to avoid
invalid memory reference vulnerabilities. [CVE-2014-4341
CVE-2014-4342]
* Fix memory management vulnerabilities in GSSAPI SPNEGO.
[CVE-2014-4343 CVE-2014-4344]
* Fix buffer overflow vulnerability in LDAP KDB back end.
[CVE-2014-4345]
* Fix multiple vulnerabilities in the LDAP KDC back end.
[CVE-2014-5354 CVE-2014-5353]
* Fix multiple kadmind vulnerabilities, some of which are based in the
gssrpc library. [CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
CVE-2014-9423]
Security: CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344
CVE-2014-4345, CVE-2014-5354, CVE-2014-5353, CVE-2014-5352
CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
|
|
Tuesday, 24 Feb 2015
|
00:54 delphij
Document Samba remote code execution vulnerability.
|
00:20 mandree
Record two e2fsprogs vulnerabilities.CVE-2015-0247
<URL:http://vuxml.freebsd.org/0f488b7b-bbb9-11e4-903c-080027ef73ec.html>
Topic: e2fsprogs -- potential buffer overflow in closefs()
Affects:
e2fsprogs < 1.42.12_2
References:
url:http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
cvename:CVE-2015-1572
<URL:http://vuxml.freebsd.org/2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html>
Security: CVE-2015-0247
Security: CVE-2015-1572
Security: 0f488b7b-bbb9-11e4-903c-080027ef73ec
Security: 2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html
|
|
Monday, 23 Feb 2015
|
22:13 delphij
Document BIND DoS issue with trust anchor management.
|
|
Saturday, 21 Feb 2015
|
16:12 cy
Kerberos Version 5, Release 1.12.3 is released affecting
security/krb5-112. This fixes multiple vulnerabilities, some previously
committed by point patches and others newly fixed in this release.
* Fix multiple vulnerabilities in the LDAP KDC back end.
[CVE-2014-5354] [CVE-2014-5353]
* Fix multiple kadmind vulnerabilities, some of which are based in the
gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
CVE-2014-9422 CVE-2014-9423]
Security: CVE-2014-5354, CVE-2014-5353
Security: CVE-2014-5352, CVE-2014-5352, CVE-2014-9421
Security: CVE-2014-9422, CVE-2014-9423
|
|
Tuesday, 17 Feb 2015
|
22:03 delphij
Document unzip heap based buffer overflow in iconv patch.
PR: ports/197772
|
17:19 madpilot
Add modified date to entries I touched recently.
Noticed by: kwm (thanks)
|
16:14 madpilot
Add CVE number to asterisk advisory.
|
|
Friday, 13 Feb 2015
|
20:23 cy
Backported patches for CVE-2014-5353 and CVE-2014-5354 received from MIT
for krb5-111 and krb5-112.
Obtained from: Greg Hudson <ghudson@mit.edu>
Security: CVE-2014-5353, CVE-2014-5354
|
01:59 zi
- Additional fixes from the krb5 commit
|
01:55 zi
- Correct errors in previous commit to resolve build
|
01:45 cy
Document new krb5 vulnerabilities.
Security: CVE-2014-5353, CVE-2014-5354
|
|
Thursday, 12 Feb 2015
|
21:00 kwm
The xorg-server entry in commit 378888, also mention portepoch for the other
version we want to check.
|
19:56 kwm
Document xorg-server CVE-2015-0255.
Information leak in the XkbSetGeometry request of X servers
|
|
Monday, 9 Feb 2015
|
08:23 girgen
In r378499, PostgreSQL package names where not version-suffixed. Fixed this.
Submitted by: kuriyama@
|
|
Friday, 6 Feb 2015
|
23:27 rene
Fix CVE name for www/chromium entry
Submitted by: bz via bot
|
22:48 delphij
Document two recent OpenLDAP DoS issues.
|
22:21 rene
Document new vulnerabilities in www/chromium < 40.0.2214.111
Submitted by: Carlos Jacobo Puga Medina
Obtained from: http://googlechromereleases.blogspot.nl/
|
|
Thursday, 5 Feb 2015
|
22:54 girgen
Update PostgreSQL-9.x to latests versions.
This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.
Security: CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
CVE-2015-0244,CVE-2014-8161
|
08:57 tijl
Remove 734bcd49-aae6-11e4-a0c1-c485083ca99c because Adobe Flash Player 11.x
isn't affected. See February 2 revision of
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
|
|
Wednesday, 4 Feb 2015
|
20:38 cy
Add the following KRB5 CVEs.
CVE-2014-5352: gss_process_context_token() incorrectly frees context
CVE-2014-9421: kadmind doubly frees partial deserialization results
CVE-2014-9422: kadmind incorrectly validates server principal name
CVE-2014-9423: libgssrpc server applications leak uninitialized bytes
Security: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
|
|
Tuesday, 3 Feb 2015
|
22:35 delphij
Document unzip out of boundary access issues in test_compr_eb.
PR: ports/197300
|
|
Monday, 2 Feb 2015
|
19:09 xmj
Add linux-f10-devtools (any version) and linux-c6-devtools (prior to 6.6_3) to
the CVE-2015-0235 entry from 2015-01-28.
Approved by: swills (mentor)
|
15:25 feld
Add net-mgmt/xymon-server CVE-2015-1430
|
14:53 xmj
www/linux-*-flashplugin11: Add CVE-2015-0313
Spotted by: kwm
Approved by: swills (mentor)
|
|
Saturday, 31 Jan 2015
|
16:09 olgeni
Add CVE-2015-0862 for net/rabbitmq.
|
15:07 ohauer
- document apache24 issues
|
|
Thursday, 29 Jan 2015
|
11:20 madpilot
Document asterisk security issues.
While here, add CVE number to a previous asterisk entry.
|
|
Wednesday, 28 Jan 2015
|
08:39 xmj
Add CVE-2015-0235.
- Affects linux_base-*
Approved by: so@ (des)
|
|
Monday, 26 Jan 2015
|
21:20 tijl
Document critical Adobe Flash Player vulnerability (CVE-2015-0311)
|
20:24 ohauer
- document bugzilla security issues
|
|
Saturday, 24 Jan 2015
|
17:58 lwhsu
- Fix description of 9c7b6c20-a324-11e4-879c-00e0814cab4e
|
|
Friday, 23 Jan 2015
|
17:47 lwhsu
Document Django 2014-01-13 vulnerabilty
|
|
Thursday, 22 Jan 2015
|
17:43 mi
Add a note about the just-fixed vulnerability of applications using net/libutp.
PR: 196351
Differential Revision: D1575
Submitted by: Jan Beich
Approved by: bapt
|
17:09 xmj
Amend linux-c6-openssl version in OpenSSL entry from 2015-01-08.
Approved by: swills (mentor)
|
17:02 vsevolod
Add CVE-2015-0206 description for LibreSSL port.
|
12:54 tijl
Document Adobe Flash Player vulnerabilities
|
|
Wednesday, 21 Jan 2015
|
22:09 rene
Document new vulnerabilities in www/chromium < 40.0.2214.91
Also affects FFmpeg, ICU, DOM but the links on the webpage all result in a 403.
Obtained from: http://googlechromereleases.blogspot.nl
|
|
Monday, 19 Jan 2015
|
20:52 jase
security/vuxml:
- Document security/polarssl and security/polarssl13 crafted certificates
vulnerability (CVE-2015-1182)
|
|
Friday, 16 Jan 2015
|
08:18 ehaupt
Document multiple archivers/unzip vulnerabilities (CVE-2014-8139,
CVE-2014-8140, CVE-2014-8141).
PR: 196777 (based on)
Submitted by: rsimmons0@gmail.com
|
04:05 timur
Add description of CVE-2014-8143 in net/samba4 and net/samba41
|
|
Wednesday, 14 Jan 2015
|
21:54 rakuco
Add entry for CVE-2013-7252 in x11/kde4-runtime.
|
07:10 beat
Document mozilla vulnerabilities
|
|
Sunday, 11 Jan 2015
|
19:39 mm
Add vuln.xml entry for libevent CVE-2014-6272
PR: ports/199640
|
|
Friday, 9 Jan 2015
|
18:56 sunpoet
- Fix more typo
|
18:51 sunpoet
- Fix typo
|
18:41 sunpoet
- Document cURL URL request injection vulnerability (CVE-2014-8150)
|
13:35 kwm
Document webkit-gtk[23] vulnabilities.
|
00:00 delphij
Document OpenSSL multiple vulnerabilities.
|
|
Tuesday, 6 Jan 2015
|
21:11 mandree
Add three upstream patches to busybox 1.22.1, bumping PORTREVISION to 2.
One fixes the CVE-2014-4608 buffer overrun in LZO2,
one fixes the nc app, one fixes the zcat and related apps when accessing
files without extension.
List busybox < 1.22.1_2 as vulnerable, and add CVE Name to the vulndb.
Security: CVE-2014-4608
Security: d1f5e12a-fd5a-11e3-a108-080027ef73ec
|
|
Sunday, 4 Jan 2015
|
22:54 rea
VuXML: document multiple vulnerabilities in WordPress
CVE-2014-9033 to CVE-2014-9039.
|
22:25 rea
VuXML: document heap overflow in 32-bit builds of libpng
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.