23:41 delphij 

Document dokuwiki CSRF vulnerability.

20:20 flo 

Document multiple asterisk vulnerabilities

15:26 eadler 

Inform users of security vulns in wordpress

PR:             ports/167157

18:30 eadler 

Unbreak vuxml by removing stray 'p'

Submitted by:   vuxml buildbot

18:02 danfe 

Fix formatting in the first 10% of VuXML database file.

15:22 danfe 

Fix whitespace: run through unexpand(1), spelling, wrap overly long lines.

23:43 eadler 

Inform users about the recent openssl vuln

Reviewed by:    dinoex

17:37 ohauer 

- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry

Approved by:    skv (implicit)
Security:       https://bugzilla.mozilla.org/show_bug.cgi?id=728639
                https://bugzilla.mozilla.org/show_bug.cgi?id=745397
                CVE-2012-0465
                CVE-2012-0466

03:12 jgh 

- document typo3 vulnerability

PR:     ports/167029

15:34 eadler 

Add information about the recent nginx security vulnerability

PR:             ports/166990
Submitted by:   rodrigo osorio <rodrigo@bebik.net>

16:45 flo 

Document phpmyfaq -- Remote PHP Code Execution Vulnerability

15:48 swills 

- Slight cleanups for my puppet entry

01:44 swills 

- Document security issue with Puppet
- Update puppet for security issue

Security:       607d2108-a0e4-423a-bf78-846f2a8f01b0

21:16 delphij 

Document samba root code execution vulnerability.

05:32 ohauer 

- document bugzilla Cross-Site Request Forgery

23:15 eadler 

Document recent flash player vulnerabilities

Reviewed by:    nox

22:27 zi 

- Document vulnerability in graphics/png (CVE-2011-3048)
- Fix wording/spelling in 462e2d6c-8017-11e1-a571-bcaec565249c

Feature safe:   yes

07:47 remko 

As requested by eadler, revert the commit about the move of the
<!-- EOF --> tag. I cannot reproduce the error anymore, so it
might have been the reviewal entry or something else was locally
wrong.

I did a make validate before committing this to make sure it's
OK at this point, if someone encounters the same problem, please
let us know!

Feature safe:   yes

18:44 kwm 

Document freetype 2 multiple vulnabilities.

Feature safe:   yes

16:07 nox 

- Fix vulnerability CVE-2011-1429.
- Add a patch to the mutt pager that handles non-breaking space
  characters (0xA0) in an UTF8 environment correctly.
- Bump PORTREVISION.

PR:             ports/166659
Submitted by:   Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
Security:      
http://www.freebsd.org/ports/portaudit/49314321-7fd4-11e1-9582-001b2134ef46.html
Feature safe:   yes

20:59 rene 

Mention vulnerabilities in www/chromium < 18.0.1025.151

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3066-3077]
Feature safe:   yes

17:55 remko 

Someone forgot to do a make validate after adding the <!--EOF
line. It breaks the make validate.

Feature safe:   yes

23:57 marcus 

Add a record for CVE-2012-1178.

Reported by:    Peter Jeremy <peterjeremy@acm.org>
Feature safe:   yes

01:23 eadler 

Fix formatting so that "make tidy" passes

Feature safe:   yes

23:50 matthew 

Another phpmyadmin security update.

ChangeLog:

http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10.2/phpMyAdmin-3.4.10.2-notes.html/download

Welcome to phpMyAdmin 3.4.10.2, a minor security release.

3.4.10.2 (2012-03-28)
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-2

Advisory:

http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php

Approved by:    shaun (mentor)
Feature safe:   yes
Security:       a81161d2-790f-11e1-ac16-e0cb4e266481

20:10 rene 

Document vulnerabilities in www/chromium < 18.0.1025.142

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3057-3065]
Feature safe:   yes

11:56 sem 

- quagga-re affected the last vulnerability too.

Feature safe:   Yes

17:20 rakuco 

Document CVE-2012-0037 for textproc/raptor and textproc/raptor2.

Security:       CVE-2012-0037
Feature safe:   yes

15:12 eadler 

Fix formatting so that "make tidy" passes

Feature safe:   yes

14:11 zi 

- Document recent vulnerabilities in net/quagga (CVE-2012-0249, CVE-2012-0250,
CVE-2012-0255)

Feature safe:   yes

08:00 delphij 

Correct version ranges.

Feature safe:   yes

07:20 lwhsu 

Document Apache Traffic Server -- heap overflow vulnerability

Feature safe:   yes

10:57 rene 

Document vulnerabilities for www/chromium < 17.0.963.83

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3045,3049-3057]
Feature safe:   yes

21:58 delphij 

Document GNUtls and libtasn1 security vulnerabilities.

Feature safe:   yes

04:39 miwi 

- Cleanup

Feature safe:   yes

04:30 miwi 

- Correct the last 3 firefox 3.6 entrys

PR:             166207
Submitted by:   Sergey Kandaurov <pluknet@gmail.com>
Feature safe:   yes

23:11 flo 

Document recent asterisk vulnerabilities.

Feature safe:   yes

15:21 wxs 

Document CVE-2012-0884.

Feature safe:   yes

13:45 osa 

Document nginx -- potential information leak.

Feature safe:   yes

09:16 beat 

- Document mozilla -- multiple vulnerabilities

Feature safe:   yes

09:37 kwm 

Do proper input validation for libXfont. This is for CVE-2011-2895.

Feature safe:   yes

02:23 wxs 

Typo fix.

Feature safe:   yes

21:37 simon 

- Document portaudit -- auditfile remote code execution.
- Update (c) year.

Feature safe:   yes

16:07 wxs 

Appease the tidy target. ;)

Feature safe:   yes

11:16 rene 

Document vulnerabilities in www/chromium < 17.0.963.79

Security:       CVE-2011-3047
Feature safe:   yes

01:47 eadler 

Fix formatting so that "make tidy" passes

Feature safe:   yes

01:45 eadler 

Document the latest flash player vulnerabilities

Reviewed by:    nox
Feature safe:   yes

10:03 rene 

Mark chromium < 17.0.963.78 as vulnerable.

Security:       CVE-2011-3046
Feature safe:   yes

18:44 lwhsu 

Document jenkins XSS vulnerability.

Submitted by:   Gersom van de Bunt <gersom.vandebunt@pine.nl>

18:16 rene 

Add new vulnerabilities for www/chromium < 17.0.963.65

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3031-3044]

23:07 ak 

Document dropbear security issue

Approved by:    eadler (mentor)

01:00 wxs 

Whitespace cleanup and stick to ASCII in recent openx entry.

21:32 jgh 

document latest openx security issue

PR:     ports/165613

19:19 crees 

Document latest PostgreSQL vulnerabilities

Security:       http://www.postgresql.org/about/news/1377/

00:09 eadler 

- Add information about make tidy checking now that it actually functions
- use ' instead of `
- add a note about ports-security

00:04 eadler 

Document recent flash vulns

Reviewed by:    nox

23:49 eadler 

Pacify 'make tidy' and use valid XML.
While make diff against the tidy version a canconical test.

23:10 kwm 

Add libxml2 vulnability.

PR:             ports/164270
Submitted by:   kj <b4039413@nwldx.com>

03:04 wxs 

Fixup python entry. No need to have python metaport listed.

Reviewed by:    miwi@

04:28 eadler 

Minor whitespace fixup

22:27 rene 

Include PORTREVISION in plib version number to fix previous commit.

22:14 rene 

Document a remote code execution via a buffer overflow in PLIB.

Security:       CVE-2011-4620

15:00 matthew 

  Security update to 3.4.10.1

    XSS in replication setup

  ChangeLog:

    Welcome to phpMyAdmin 3.4.10.1, a minor security release.

3.4.10.1 (2012-02-18)
- [security] XSS in replication setup, see PMASA-2012-1

  Security Advisory:

    http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php

Approved by:    shaun (mentor)

21:21 jgh 

- document latest piwik security vulnerability

PR:     ports/165217

19:38 flo 

- document recent mozilla vulnerabilities
- wrap a long line

23:16 rene 

Document vulnerabilities in chromium < 17.0.963.56

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3015-3027]

19:58 glarkin 

- Updated the recent WebCalendar entry to match <= 1.2.4 instead of < 1.2.4,
  since 1.2.4 (not yet in tree) is vulnerable, and 1.2.5 has not been
  released by upstream yet
- Fixed the URL in the recent WebCalendar entry
- Canonicalized naming in other WebCalendar entries
- Fixed various nits flagged by "make tidy"

00:03 eadler 

This vuln also affects pypy

03:32 eadler 

typo

03:31 eadler 

Inform users of the DoS issue in the python SimpleXMLRPCServer function

16:27 eadler 

Add the recently assigned cve number

04:17 eadler 

Inform users of the XSS issue in the latest version of WebCalendar.

It seems that there has been no response from the vendor
and users may want to switch to an alternate product that fits their needs.

18:17 wxs 

Whitespace fixes.

10:50 beat 

- Document mozilla -- use after free in nsXBLDocumentInfo::ReadPrototypeBindings

04:55 eadler 

Inform bip users of buffer overflow (CVE-2012-0806)

01:27 eadler 

Inform users of the private information disclosure bug in surf (CVE-2012-0842)

Reviewed by:    dougb

10:26 jadawin 

Fix style

Reported by:    flo@ via irc

10:11 jadawin 

Document last glpi vulnerabilities

Submitted by:   Mathias Monnerville <mathias@monnerville.com> via email

12:48 rene 

Document new Chromium < 17.0.963.46 vulnerabilities.

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       fe1976c2-5317-11e1-9e99-00262d5ed8ee

23:11 delphij 

Document Drupal core multiple vulnerabilities.

04:13 wxs 

Fix up 3fd040be-4f0b-11e1-9e32-0025900931f by giving a better description.

12:01 skv 

Document "bugzilla" - multiple vulnerabilities.

08:40 delphij 

Document PHP remote code vulnerability.

06:33 rm 

Add vuxml entry for mathopd directory traversal vulnerability.

PR:             164717
Submitted by:   Michiel Boland <michiel at boland dot org>
Security:       6e7ad1d7-4e27-11e1-8e12-90e6ba8a36a2

18:34 jgh 

- adjust ordering for latest apache entry

Spotted by: remko

14:02 wxs 

MITRE is spelled in all capital letters.

01:32 jgh 

document latest Apache vulnerabilities

PR:     ports/164675
Reviewed by: crees, eadler
Approved by: crees (mentor)

09:46 flo 

document recent mozilla vulnerabilities

13:34 wxs 

Correct versions for sudo format string vulnerability.

Noticed by:     pluknet@

16:36 wxs 

Document sudo format string vulnerability.

03:03 wxs 

Document missing FreeBSD Security Advisories:
- SA-11:01.mountd
- SA-11:04.compress
- SA-11:09.pam_ssh
- SA-11:10.pam

Modify existing entries to document (add/adjust modified tag for all):
- SA-11:06.bind
  - Add FreeBSD package and freebsdsa
- SA-11:07.chroot
  - Add FreeBSD package
- SA-11:08.telnetd
  - Add FreeBSD package, freebsdsa and a relevant URL

23:39 zi 

- Adjust formatting for 93688f8f-4935-11e1-89b4-001ec9578670

13:30 zi 

- Document vulnerabilities in mail/postfixadmin (CVE-2012-0811, CVE-2012-0812)

08:01 miwi 

- Cleanup & Formating

12:32 zi 

- Document vulnerability in converters/mpack

12:17 zi 

- Document vulnerabilities in print/acroread9 (prior to 9.4.7)

11:02 rene 

- update entry fixed in chromium-16.0.912.75 (CVE-2011-3925)
- add entry for vulnerabilities fixed in chromium-16.0.912.77

Security:       CVE-2011-[3924-3928]

04:18 wxs 

Fix build while chanting "I will run make validate". :(

Pointyhat to:   wxs@

04:01 wxs 

Add CVE for recent spamdyke buffer overflows.

22:02 wxs 

Document multiple vulnerabilities in wireshark, all of which have
already been fixed in our port.