23:24 delphij 

Document file multiple vulnerabilities.

 

21:24 rea 

Fix whitespace in entry for ntp (4033d826-87dd-11e4-9079-3c970e169bc2)

 

21:22 rea 

Document CVE-2014-9116 in mutt

 

00:21 delphij 

Document ntp multiple vulnerabilities.

 

18:05 brd 

Document git vulerability

Approved by:	swills
Security:	CVE-2014-9390

 

22:06 cs 

OTRS security announcement

 

11:44 kwm 

Register portepoch in the xorg-server entry.

Submitted by:	Adam McDougall <mcdouga9@egr.msu.edu>
Pointyhat to:	kwm@

 

10:46 tijl 

Fix version information on several subversion vulnerabilities

 

22:18 ohauer 

- document Subversion remote DoS

 

09:45 danfe 

The GLX indirect rendering support supplied on NVIDIA products is subject to
the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098)
as well as internally identified vulnerabilities (CVE-2014-8298).

 

20:56 delphij 

Document BIND vulnerability.

 

09:41 madpilot 

Document vulnerability in asterisk11.

 

21:31 kwm 

Document xserver security advisories.

 

03:05 sem 

- Remove a redundant dot

 

02:43 sem 

Document unbound vulnerability

 

12:25 kwm 

Document freetype 2 vulnability.

 

07:15 matthew 

The latest in a long line of phpMyAdmin security advisories: DoS and
XSS vulnerabilities.

Security:	c9c46fbf-7b83-11e4-a96e-6805ca0b3d42

 

11:20 beat 

Document mozilla vulnerabilities

PR:		195559
Submitted by:	Jan Beich

 

01:38 delphij 

Document OpenVPN Denial of Service vulnerability.

 

21:42 naddy 

Document CVE-2014-8962 and CVE-2014-9028 in audio/flac.

 

10:35 madpilot 

Add CVE names for recent asterisk vulnerabilities.

 

11:07 madpilot 

Document multiple vulnerabilities in asterisk ports.

 

08:13 matthew 

Document the latest round of phpMyAdmin vulnerabilities.

Security:	a5d4a82a-7153-11e4-88c7-6805ca0b3d42

 

21:30 rakuco 

Add note about CVE-2014-8600 in kde4-runtime and kwebkitpart.

 

08:42 madpilot 

Document yii vulnerability CVE-2014-4672.

 

18:32 rene 

Document new vulnerabilities in www/chromium < 39.0.2171.65

Obtained
from:	http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html

 

21:27 rakuco 

Fix version check for the entry added in r372686.

4.11.14 is not in ports yet, the fix was backported to 4.11.13 so we are
safe with 4.11.13_1.

 

21:00 rakuco 

Add entry for CVE-2014-8651 in x11/kde4-workspace.

 

18:35 kwm 

document dbus CVE-2014-7824

 

22:07 rea 

ftp/wget: document CVE-2014-4877, path traversal in recursive FTP mode

 

22:18 makc 

VuXML: fix spelling for the latest entry

Noticed by:	ports-secteam (rea)

 

14:49 makc 

VuXML: document CVE-2014-8483 for irc/konversation-kde4

Approved by:	ports-secteam (zi)

 

15:38 rea 

VuXML: document remote Perl code execution in TWiki

Crafted GET parameter "debugenableplugins" can be used to trigger
code execution,
  http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236

 

11:09 rea 

VuXML: document vulnerability in Jenkins

CVE-2014-3665, remote code execution on master servers that can
be initiated by (untrusted) slaves,
 
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30

 

21:51 rakuco 

Add entry for libssh's CVE-2014-0017.

 

01:58 zi 

- Document recent vulnerabilities in libpurple/pidgin

 

08:54 matthew 

Document cross site scripting vulnerabilities in phpMyAdmin

Security:	25b78f04-59c8-11e4-b711-6805ca0b3d42

 

13:58 madpilot 

Document asterisk susceptibility to the POODLE vulnerability,
described in CVE-2014-3566.

 

12:52 kwm 

Document libxml2 denial of service

 

14:34 xmj 

Add linux-c6-openssl to OpenSSL entry from 2014-10-15.

Approved by:	swills (mentor)

 

18:19 flo 

Document critical SQL Injection Vulnerability in www/drupal7

 

10:34 beat 

- Mark libxul as vulnerable too

Submitted by:	Jan Beich

 

17:59 delphij 

Document OpenSSL multiple vulnerabilities.

 

11:46 beat 

Document mozilla vulnerabilities

PR:		194356
Submitted by:	Jan Beich

 

13:09 feld 

Add entry for foreman-proxy

Obtained from:	mmoll

 

08:32 rene 

Document new vulnerabilities in www/chromium < 38.0.2125.101

Obtained
from:	http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html
MFH:		2014Q4

 

19:09 ohauer 

- document bugzilla security issues

 

21:14 bdrewery 

Fix rsyslog entry for pkgname matching

 

19:59 matthew 

www/rt42 < 4.2.8 is vulnerable to shellshock related exploits through
its SMIME integration.

Security:	81e2b308-4a6c-11e4-b711-6805ca0b3d42

 

19:30 brd 

- Update the rsyslog entry to reflect the new versions

Reviewed by:	bdrewery

 

01:06 bdrewery 

Update Jenkins entry 549a2771-49cc-11e4-ae2c-c80aa9043978 to be readable.

 

00:54 bdrewery 

Update grammar of DoS in Jenkins entry

 

00:53 bdrewery 

Fix Jenkins entry to note that XSS is an issue, not as compiler

 

00:46 bdrewery 

Document Jenkins vulnerabilities

Security:		CVE-2014-3661
Security:		CVE-2014-3662
Security:		CVE-2014-3663
Security:		CVE-2014-3664
Security:		CVE-2014-3680
Security:		CVE-2014-3681
Security:		CVE-2014-3666
Security:		CVE-2014-3667
Security:		CVE-2013-2186
Security:		CVE-2014-1869
Security:		CVE-2014-3678
Security:		CVE-2014-3679

 

22:57 bdrewery 

Fix bash entries to also mark bash-static vulnerable

 

22:30 bdrewery 

Document CVE-2014-6277 and CVE-2014-6278 for bash.

 

22:12 bdrewery 

- Document CVE-2014-7187 fixed in bash-4.3.27_1

 

21:25 matthew 

Document the latest phpMyAdmin vulnerability.

  - while here fix the '>' breakage in the rsyslogd entry.

Security:	3e8b7f8a-49b0-11e4-b711-6805ca0b3d42

 

03:40 bdrewery 

Document CVE-2014-7186 for bash

 

20:09 brd 

- Document sysutils/rsyslog vulnerabilities CVE-2014-3634

Reviewed by:	bdrewery@

 

23:34 bdrewery 

Document shells/fish vulnerabilities

 

17:34 xmj 

Add linux-c6-nss-3.15.1 package to the NSS vulnerability report.

Approved by:	swills (mentor)

 

17:05 xmj 

Add linux_base-c6-6.5 package to the bash vulnerability report.

Approved by:	swills (mentor)

 

16:22 bdrewery 

The 2nd bash issue was reassigned to CVE-2014-7169:
  http://seclists.org/oss-sec/2014/q3/685

Reported by:	jkim

 

15:44 bdrewery 

Update bash entry for CVE-2014-3659

Security:	CVE-2014-3659
Security:	ca44b64c-4453-11e4-9ea1-c485083ca99c

 

13:29 rea 

VuXML entry 48108fb0-751c-4cbb-8f33-09239ead4b55: expanded details
Reviewed by:	des@

 

12:48 xmj 

www/linux-*-flashplugin11: Fix multiple security vulnerabilities

Adobe has discovered multiple security vulnerabilities in Flash
linux-*-flashplugin-11.2r202.400. Ugrade the two Linux ports to
version .406, which fixes these.

While there, assign www/linux-c6-flashplugin11 to emulation@
in order to match r369160.

PR:		193904
Differential Revision:	https://reviews.freebsd.org/D831
Submitted by:	Jung-uk Kim
Approved by:	koobs (mentor)
MFH:		2014Q3
Security:	ca44b64c-4453-11e4-9ea1-c485083ca99c

 

07:45 des 

fix

 

07:43 des 

Add entry for the NSS signature forgery bug.

PR:		193906
MFH:		2014Q3
Security:	CVE-2014-1568

 

07:34 rene 

Document new vulnerability in www/chromium < 37.0.2062.124

Obtained from:	http://googlechromereleases.blogspot.nl/
MFH:		2014Q3

 

21:22 rakuco 

Add entry for net/krfb (CVE-2014-6055).

 

18:07 delphij 

Document bash remote code execution vulnerability.

 

19:53 madpilot 

Document new asterisk11 vulnerability.

MFH:		2014Q3

 

13:20 madpilot 

Document new squid vulnerability.

PR:		193737
Submitted by:	timp87 at gmail.com
MFH:		2014Q3

 

11:04 kwm 

Document new dbus vulnabilities.

MFH:		2014Q3

 

17:35 osa 

Document nginx security advisory (CVE-2014-3616).

 

21:18 matthew 

Document the latest phpMyAdmin vulnerability

Security:	cc627e6c-3b89-11e4-b629-6805ca0b3d42

 

14:09 brd 

Document CVE-2014-5284 affecting security/ossec-hids-* < 2.8.1.

Reviewed by:	zi@

 

21:27 rene 

Document new vulnerabilities in www/chromium < 37.0.2062.120

Obtained from:	http://googlechromereleases.blogspot.nl/
MFH:		2014Q3

 

14:45 tijl 

Document trafficserver vulnerability

MFH:		2014Q3

 

20:16 ohauer 

- update vid f927e06c-1109-11e4-b090-20cf30e32f6d
  (httpd-2.2.29 was released today)

MFH:		2014Q3

 

16:36 rene 

Document new vulnerabilities in www/chromium < 37.0.2062.94

Obtained from:	http://googlechromereleases.blogspot.nl
MFH:		2014Q3

 

19:46 zi 

- Document buffer overrun in sysutils/file

 

17:13 lwhsu 

Add missing <package> tag

 

17:09 lwhsu 

Document Django 2014-08-20 vulnerabilty

Reviewed by:	koobs

 

21:11 flo 

Record PHP 5.3 vulnerabilities

 

19:48 matthew 

Document the latest phpMyAdmin security advisories.

XSS in view operations page

and

Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts
and table relations pages

Security:	fbb01289-2645-11e4-bc44-6805ca0b3d42

 

06:43 rene 

Document new vulnerabilities in www/chromium < 36.0.1985.143

Submitted by:	Carlos Jacobo Puga Media <cpm@fbsd.es>
Obtained from:	http://googlechromereleases.blogspot.nl/
MFH:		2014Q3

 

20:19 ohauer 

- fix package name s/subversion18/subversion/

Thanks to jkim@ for the notice!

 

19:06 zi 

- INSERT URL HERE

 

18:52 ohauer 

- document serf CVE-2014-3504

MFH:		2014Q3

 

18:42 ohauer 

- document subversion CVE-2014-3522, CVE-2014-3528

MFH:		2014Q3

 

03:07 osa 

Fix typo.

Found by:	rene

 

18:26 osa 

Document nginx vulnerability.

 

23:12 delphij 

Document OpenSSL multiple vulnerabilities.

 

21:44 rakuco 

Document CVE-2014-4607 in net/krfb.

MFH:		2014Q3

 

15:17 zi 

- Document net/samba4* vulnerability: CVE-2014-3560

 

02:34 jhale 

- Document vulnerability in security/gpgme (CVE-2014-3564)

 

15:23 rakuco 

Document x11/kdelibs4 vulnerability

 

20:54 cs 

tor -- traffic confirmation attack