| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Sunday, 24 Feb 2013
|
17:51 swills 
- Document rubygem-ruby_parser issue
  |
14:23 pclin
- Document Django 2013-02-21 vulnerabilty
Approved by: araujo (mentor)
|
|
Friday, 22 Feb 2013
|
23:49 rene
Document vulnerabilities in www/chromium < 25.0.1364.97
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates
|
20:28 cy
Document security/krb5 1.11 and prior null pointer dereference in the
KDC PKINIT code [CVE-2013-1415].
Security: CVE-2013-1415
|
08:07 remko (src,doc committer)
Convert the ! back into a 1.
Noticed by: crees
|
|
Thursday, 21 Feb 2013
|
21:38 remko (src,doc committer)
Add the latest two FreeBSD Security Advisories.
|
07:11 flo
Document drupal7 Denial of service
|
|
Wednesday, 20 Feb 2013
|
13:58 rm
- add an entry for net/nss-pam-ldapd stack-based buffer overflow
According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11,
but since we never had this version in the ports tree, mark everything
< 0.8.12 as vulnerable.
PR: 176293
Submitted by: pluknet
|
07:16 flo
Fix up the latest gecko update by:
- reapplying the workaround for svn:eol-style and svn:keywords
- fixing version matching in vuln.xml, 17.0.3 is NOT vulnerable
|
06:16 ohauer
- update bugzilla ports to latest version
Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.10 contains several
useful bug fixes and 3.6.13 contains only security fixes.
Security: CVE-2013-0785
CVE-2013-0786
|
|
Tuesday, 19 Feb 2013
|
23:53 flo
- update firefox to 19.0
- update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3
- update linux-seamonkey to 2.16
- update nspr to 4.9.5
- update nss to 3.14.3
- add DuckDuckGo search plugin to firefox [1]
- mark kompozer deprecated
- clang fixes for www/libxul19 [2]
Security: http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html
Submitted by: DuckDuckGo [1], dim [2]
In collaboration with: Jan Beich <jbeich@tormail.org>
|
00:19 zi
- Fix version range for recent ruby vulnerabilities
(d3e96508-056b-4259-88ad-50dc8d1978a6 and c79eb109-a754-45d7-b552-a42099eb2265)
due to missing port epoch in package range
Submitted by: Matthias Andree <mandree@FreeBSD.org>
|
|
Sunday, 17 Feb 2013
|
19:58 eadler
Combine ranges into one entry to prevent false positives
|
16:47 swills
- Document rubygem-rack issue
|
16:33 swills
- Document activemodel issue
|
10:28 lwhsu
Document Jenkins Security Advisory 2013-02-16
|
|
Saturday, 16 Feb 2013
|
17:03 rm
- add entry for dns/poweradmin
PR: 175704
Submitted by: Edmondas Girkantas <eg@fbsd.lt> (maintainer of dns/poweradmin)
|
14:41 swills
- Document ruby json issue
|
04:29 swills
- Document vulnerability in rdoc
|
|
Friday, 8 Feb 2013
|
19:18 eadler
Update flash to the latest version
PR: ports/175159
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
|
08:44 miwi
- Fix whitespaces
|
|
Thursday, 7 Feb 2013
|
02:10 eadler
Fix vuxml build
|
|
Wednesday, 6 Feb 2013
|
20:06 dinoex
- report openssl vulnerabilities
|
|
Friday, 1 Feb 2013
|
22:42 flo
- update databases/mariadb-server to 5.3.12 [1]
- update databases/mariadb55-server 5.5.29 [2]
PR: ports/175764 [1]
PR: ports/175767 [2]
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer) [1]
Submitted by: Alexandr Kovalenko <never@nevermind.kiev.ua> (maintainer) [2]
Security: 8c773d7f-6cbb-11e2-b242-c8600054b392
|
08:50 dinoex
- report opera 12.12 vulnerabilities
|
|
Wednesday, 30 Jan 2013
|
18:34 pawel
Document devel/upnp vulnerabilities
|
|
Tuesday, 29 Jan 2013
|
20:02 delphij
Document wordpress multiple vulnerabilities.
|
|
Friday, 25 Jan 2013
|
09:37 cs
Fix last entry: version 2.3.4 is also affected
|
02:08 wxs
Fix whitespace in previous commit.
|
01:26 cs
XSS vulnerability in py-django-cms
|
|
Wednesday, 23 Jan 2013
|
12:52 rene
Document vulnerabilities in www/chromium < 24.0.1312.56
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
|
|
Sunday, 20 Jan 2013
|
20:58 flo
- update www/drupal6 to 6.28
- update www/drupal7 to 7.19
Security: http://www.vuxml.org/freebsd/1827f213-633e-11e2-8d93-c8600054b392.html
Approved by: portmgr (beat)
|
|
Wednesday, 16 Jan 2013
|
19:16 rea
VuXML: add newly-allocated CVE for SQUID-2012:1
New CVE was allocated for the underfixed DoS and added possible
infinite loop in Squid 3.2 and 3.1.
|
19:13 rea
VuXML: document buffer overflow in ettercap (CVE-2013-0722)
Reviewed by: simon@
|
19:11 rea
VuXML: document recent security manager bypass in Java 7.x
Reviewed by: glewis@, simon@
|
07:39 delphij
Properly limit the match for PHP 5.3.x and 5.2.x versions.
Noticed by: remko
|
|
Tuesday, 15 Jan 2013
|
22:06 delphij
Apply version ranges of php53 and php52 to php5 as well.
|
|
Friday, 11 Jan 2013
|
14:11 zi
- Fix discovery date on nagios vulnerability (CVE-2012-6096)
|
09:53 rea
www/squid3x: upgrade to 3.1.23 and 3.2.6
Squid 3.1.23 is effectively Squid 3.1.22_2 with the final fix for
CVE-2012-5643 applied.
Squid 3.2.6 also received that abovementioned fix, but in comparison
with 3.2.5 from ports it has another change that fixes handling the
"tcp_outgoing_tos" directive for BSD-like systems, including FreeBSD,
http://bugs.squid-cache.org/show_bug.cgi?id=3731
VuXML entry for SQUID:2012-1 (aka CVE-2012-5643) was also updated to
reflect the proper version specifications from the updated advisory,
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Approved by: Thomas-Martin Seck <tmseck@web.de>
Security: http://portaudit.freebsd.org/c37de843-488e-11e2-a5c9-0019996bc1f7.html
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid31/3.1.23
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid32/3.2.6
|
01:16 zi
- Document vulnerability in net-mgmt/nagios (CVE-2012-6096)
|
00:32 rene
Document vulnerabilities in www/chromium < 24.0.1312.52
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
|
|
Wednesday, 9 Jan 2013
|
23:28 flo
- update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2
- update firefox-esr, thunderbird-esr and libxul to 10.0.12
- update linux-seamonkey to 2.15
Security: http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html
|
15:03 sem
Fix <topic> style: common dash style, remove softvare versions
|
03:53 swills
- Update rubygem-rails to 3.2.11
- Update ports require by rubygem-rails
- Add vuxml entry for rails security issues
Security: ca5d3272-59e3-11e2-853b-00262d5ed8ee
Security: b4051b52-58fa-11e2-853b-00262d5ed8ee
|
|
Tuesday, 8 Jan 2013
|
05:18 lwhsu
Document Jenkins 2013-01-04 Security Advisory
|
|
Sunday, 6 Jan 2013
|
20:37 rea
VuXML: extend entry for MoinMoin vulnerabilities fixed in 1.9.6
Use more verbose descriptions from CVE entries and trim citation
from CHANGES to the relevant parts.
|
18:14 lwhsu
Document Django 2012-12-10 vulnerabilty
|
13:24 rea
VuXML: fix r309982
Use proper tags for CVE identifiers. I should run 'make validate'
_every_ time before committing.
Pointyhat to: rea
|
13:10 rea
VuXML for MoinMoin issues: add CVE references
|
|
Saturday, 5 Jan 2013
|
12:54 crees
Freetype 2.4.8 vulnerabilities were already documented.
While here, correct pkgname
Noticed by: kwm
|
11:29 crees
Mark moinmoin vulnerable
Security: http://www.debian.org/security/2012/dsa-2593
document freetype vulnerabilities
Security: CVE-2012-(1126-1144)
|
|
Friday, 4 Jan 2013
|
07:30 erwin
Bump copyright to 2013.
|
|
Thursday, 3 Jan 2013
|
19:46 flo
Add correct version numbers to the recent asterisk entry
Pointy hat to: flo
|
19:41 flo
- update net/asterisk to 1.8.19.1
- update net/asterisk10 to 10.11.1
- update net/asterisk11 to 10.1.2
- add vuln.xml entry
Security: f7c87a8a-55d5-11e2-a255-c8600054b392
|
|
Wednesday, 2 Jan 2013
|
12:28 crees
Note charybdis and ircd-ratbox vulnerabilities
PR: ports/174878
Security: http://www.ratbox.org/ASA-2012-12-31.txt
|
|
Sunday, 30 Dec 2012
|
23:13 anders
Separate entries for Puppet 2.6 and 2.7.
|
20:10 cs
Add OTRS vulnerabilities
|
|
Saturday, 29 Dec 2012
|
19:53 rea
VuXML entries for Tomcat: split into three distinct ones
They affect different Tomcat versions from 7.x branch, so don't let
users of VuXML be fooled on the affected software for each vulnerability.
Feature safe: yes
|
|
Friday, 28 Dec 2012
|
18:17 rea
VuXML: add entry for DoS in Squid's cachemgr.cgi
Feature safe: yes
Submitted by: Thomas-Martin Seck <tmseck@web.de>
|
|
Tuesday, 18 Dec 2012
|
16:34 bdrewery
Remove invalid entry
|
16:28 dinoex
- add entry for opera 12.11
|
|
Friday, 14 Dec 2012
|
09:09 delphij
Fix typo.
Noticed by: mandree
|
03:51 jgh
- add url block in references for 1657a3e6-4585-11e2-a396-10bf48230856
|
00:41 delphij
Update linux-f10-flashpulgin11 to 11.2r202.258 to address multiple
vulnerabilities that could cause a crash and potentially allow an
attacker to take control of the affected system.
Submitted by: Tsurutani Naoki <turutani scphys kyoto-u ac jp>
|
|
Wednesday, 12 Dec 2012
|
11:33 rene
Document vulnerabilities in www/chromium < 23.0.1271.97
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
|
|
Wednesday, 5 Dec 2012
|
23:52 zi
- Fix recent vulnerability entry for www/tomcat[67]
Reported by: Victor Balada Diaz <victor@bsdes.net>
Feature safe: yes
|
18:47 zi
- Document recent vulnerabilities in www/tomcat6 and www/tomcat7
Requested by: Victor Balada Diaz <victor@bsdes.net>
Feature safe: yes
|
07:46 erwin
Update to the latest patch level from ISC:
BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
vulnerable to a software defect that allows a crafted query to
crash the server with a REQUIRE assertion failure. Remote
exploitation of this defect can be achieved without extensive
effort, resulting in a denial-of-service (DoS) vector against
affected servers.
Security: 2892a8e2-3d68-11e2-8e01-0800273fe665
CVE-2012-5688
Feature safe: yes
|
|
Monday, 3 Dec 2012
|
22:49 mandree
Add URL for recent bogofilter heap vuln', CVE-2012-5468, aka. vuln vid=
f524d8e0-3d83-11e2-807a-080027ef73ec
Feature safe: yes
|
20:16 mandree
Update bogofilter to new upstream release 1.2.3.
Security update to fix a heap corruption bug with invalid base64 input,
reported and fixed by Julius Plenz, FU Berlin, Germany.
Feature safe: yes
Security: CVE-2012-5468
Security: f524d8e0-3d83-11e2-807a-080027ef73ec
|
|
Friday, 30 Nov 2012
|
09:13 rene
Document vulnerabilities in www/chromium < 23.0.1271.95
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes
|
|
Thursday, 29 Nov 2012
|
20:33 ohauer
www/yahoo-ui
- fix CVE-2012-5881
security/vuxml
- adjust version (we have only 2.8.2 in the tree)
Feature safe: yes
Approved by: glarkin (maintainer) explicit
|
|
Wednesday, 28 Nov 2012
|
14:37 wxs
Fix date in yahoo-ui entry.
Noticed by: dvl@
Feature safe: yes
|
|
Tuesday, 27 Nov 2012
|
20:09 ohauer
- document www/yahoo-ui security issue and mark port forbidden [1]
pet portlint (maintainer is already notified)
- adjust CVE entries for bugzilla (CVE-2012-5475 was rejected) [2]
Feature safe: yes
Security: CVE-2012-5881 [1][2]
CVE-2012-5882 [1][2]
CVE-2012-5883 [2]
Approved by: glarkin (implicit) [1]
|
10:02 rene
Describe new vulnerabilities in www/chromium < 23.0.1271.91
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes
|
|
Sunday, 25 Nov 2012
|
15:42 flo
- Update backports patch to 20121114
- Bump PORTREVISION
Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function
Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len
- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer
during checks for %0D sequences (aka carriage return characters), which allows
remote attackers to bypass an HTTP response-splitting protection mechanism via a
crafted URL, this vulnerability exists because of an incorrect fix for
CVE-2011-1398.
- Timezone database updated to version 2012.9 (2012i)
PR: ports/173685
Submitted by: Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
Approved by: maintainer
Feature safe: yes
|
04:02 wxs
Add entries for the following advisories:
FreeBSD-SA-12:08.linux
FreeBSD-SA-12:07.hostapd
FreeBSD-SA-12:06.bind
Feature safe: yes
|
|
Thursday, 22 Nov 2012
|
20:27 dinoex
- opera -- execution of arbitrary code
Feature safe: yes
|
|
Wednesday, 21 Nov 2012
|
14:35 mm
Document new vulnerability in www/lighttpd 1.4.31
Feature safe: yes
|
|
Tuesday, 20 Nov 2012
|
23:01 flo
- Update firefox and thunderbird to 17.0
- Update seamonkey to 2.14
- Update ESR ports and libxul to 10.0.11
- support more h264 codecs when using GSTREAMER with YouTube
- Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024 [1]
- Buildsystem is not python 3 aware, use python up to 2.7 [2]
PR: ports/173679 [1]
Submitted by: swills [1], demon [2]
In collaboration with: Jan Beich <jbeich@tormail.org>
Security: d23119df-335d-11e2-b64c-c8600054b392
Approved by: portmgr (beat)
Feature safe: yes
|
|
Sunday, 18 Nov 2012
|
12:51 jase
- Fix copy and paste error in latest weechat entry
(81826d12-317a-11e2-9186-406186f3d89d)
Feature safe: yes
|
12:46 jase
- Document new vulnerability in irc/weechat and irc/weechat-devel
Feature safe: yes
|
|
Wednesday, 14 Nov 2012
|
19:29 ohauer
- bugzilla security updates to version(s)
3.6.11, 4.0.8, 4.2.4
Summary
=======
The following security issues have been discovered in Bugzilla:
* Confidential product and component names can be disclosed to
unauthorized users if they are used to control the visibility of
a custom field.
* When calling the 'User.get' WebService method with a 'groups'
argument, it is possible to check if the given group names exist
or not.
* Due to incorrectly filtered field values in tabular reports, it is
possible to inject code which can lead to XSS.
* When trying to mark an attachment in a bug you cannot see as
obsolete, the description of the attachment is disclosed in the
error message.
* A vulnerability in swfstore.swf from YUI2 can lead to XSS.
Feature safe: yes
Security: CVE-2012-4199
https://bugzilla.mozilla.org/show_bug.cgi?id=731178
CVE-2012-4198
https://bugzilla.mozilla.org/show_bug.cgi?id=781850
CVE-2012-4189
https://bugzilla.mozilla.org/show_bug.cgi?id=790296
CVE-2012-4197
https://bugzilla.mozilla.org/show_bug.cgi?id=802204
CVE-2012-5475
https://bugzilla.mozilla.org/show_bug.cgi?id=808845
http://yuilibrary.com/support/20121030-vulnerability/
|
|
Tuesday, 13 Nov 2012
|
18:17 jase
- Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c)
- Document assigned CVE Identifier
- Document workaround for vulnerable versions
Feature safe: yes
|
|
Monday, 12 Nov 2012
|
21:47 rene
Document vulnerabilities in two typo3 components.
Obtained
from: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
Feature safe: yes
|
13:07 madpilot
Fix typo.
Feature safe: yes
|
13:04 madpilot
- Update to 2.7.1
- Convert to new options framework
- Document US-CERT VU#268267
- Trim Makefile headers
PR: ports/173226
Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> (maintainer)
Feature safe: yes
|
|
Saturday, 10 Nov 2012
|
15:17 swills
- Improve latest ruby entry slightly
Feature safe: yes
|
14:45 jase
- Modify recent e02c572f-2af0-11e2-bb44-003067b2972c entry
- Add constraints to vulnerable versions
- Add additional references
- Improve topic
- Correct description
Feature safe: yes
|
04:55 eadler
Apply an upstream patch that fixes a security hole
when receiving a special colored message.
The maintainer was contacted but due to the nature of
the issue apply the patch ASAP.
Approved by: secteam-ports (swills)
Security: e02c572f-2af0-11e2-bb44-003067b2972c
Feature safe: yes
|
04:00 swills
- Update lang/ruby19 to 1.9.3p327
- Document security issue in earlier versions
Security: 5e647ca3-2aea-11e2-b745-001fd0af1a4c
Feature safe: yes
|
|
Friday, 9 Nov 2012
|
23:02 jgh
- clarification that ASF reported issue for:
- 152e4c7e-2a2e-11e2-99c7-00a0d181e71d
- 4ca26574-2a2c-11e2-99c7-00a0d181e71d
Feature safe: yes
|
19:09 jgh
- document tomcat vulnerabilities
Feature safe: yes
|
04:31 eadler
Update latest version and document security issues
PR: ports/173487
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security: 4b8b748e-2a24-11e2-bb44-003067b2972c
Feature safe: yes
|
|
Wednesday, 7 Nov 2012
|
10:15 rene
Document new vulnerabilities in www/chromium < 23.0.1271.64
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes
|
|
Tuesday, 6 Nov 2012
|
20:45 crees
Document opera vulnerabilities
Feature safe: yes
|
|
Monday, 5 Nov 2012
|
17:55 eadler
Fix minor typo
Feature safe: yes
|
17:53 eadler
Update latest version and document security issues
PR: ports/172619
Submitted by: tijl
Security: 36533a59-2770-11e2-bb44-003067b2972c
Feature safe: yes
|
|
Saturday, 3 Nov 2012
|
11:59 crees
Correct plural of "vulnerability"
Feature safe: yes
|
|
Friday, 2 Nov 2012
|
18:45 ohauer
- update apache22 to version 2.22.23
- trim vuxml/Makefile header
with hat apache@
Feature safe: yes
Security: CVE-2012-2687
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.