| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Monday, 23 Jan 2012
|
21:26 wxs 
Whitespace cleanup.
 |
21:25 wxs
- Document buffer overflows in spamdyke.
|
14:08 wxs
Fixup to please "make tidy". No need to wrap this line.
|
13:52 wxs
- Add CVE for spamdyke STARTTLS plaintext injection.
|
|
Sunday, 22 Jan 2012
|
14:59 sunpoet
- Fix affected rubygem-rack version: add ,3 as PORTEPOCH=3 is restored
|
02:49 zi
- Correct package range in 5c5f19ce-43af-11e1-89b4-001ec9578670
- Add databases/redis to the affected list for
91be81e7-3fea-11e1-afc7-2c4138874f7d
|
|
Saturday, 21 Jan 2012
|
01:38 zi
- Fix formatting/topic in 91be81e7-3fea-11e1-afc7-2c4138874f7d
Reviewed by: wxs
|
|
Friday, 20 Jan 2012
|
21:43 zi
- Document security vulnerability in security/openssl (CVE-2012-0050)
|
19:24 jgh
fix uuid on latest tomcat vulnerability
Approved by: crees, rene (implicit)
|
18:41 delphij
- Fix modified date;
- Add more ruby variants.
|
18:28 delphij
Update 91be81e7-3fea-11e1-afc7-2c4138874f7d to cover ruby+no-pthreads as
well.
Spotted by: Kevin Oberman <kob6558 gmail.com>
|
00:14 flo
- document asterisk remote crash vulnerability
|
|
Thursday, 19 Jan 2012
|
19:51 jgh
Document recent vulnerability of Apache Tomcat Server.
Approved by: rene (mentor)
|
18:33 delphij
Sigh, should have used <lt> instead of <gt>.
Pointy hat to: delphij
|
18:27 delphij
php52-exif no longer vulnerable to CVE-2011-4566 as of 5.2.17_6
|
09:16 knu
Fix the version range for ruby. The stock version is affected.
|
09:13 knu
There was no patch release in rubygem-rack 1.3.5_*, so just say < 1.3.6.
|
07:32 sunpoet
- Fix affected rubygem-rack version: it should be _3 for PORTREVISION=3
|
|
Tuesday, 17 Jan 2012
|
09:53 danfe
Fix CVE URL in recent OpenTTD entry.
|
08:36 danfe
Unexpand (convert leading spaces to tabs when possible).
|
08:31 danfe
Document recent vulnerability of OpenTTD game server.
Reported by: Ilya Arkhipov
|
|
Monday, 16 Jan 2012
|
09:57 knu
PHP5 had its own entry for this vulnerability, so remove this.
Pointed out by: ohauer
|
03:23 knu
Add node < 0.6.7 (for V8).
|
03:20 knu
Add v8 < 3.8.5 (CVE-2011-5037).
|
03:16 knu
Add PHP < 5.3.9 (CVE-2011-4885).
|
03:03 knu
Add Multiple implementations denial-of-service via hash algorithm collision.
Currently only JRuby, Ruby, and Rack are mentioned. More to follow.
|
|
Saturday, 14 Jan 2012
|
10:01 mm
Add missing URL reference to last commit
|
09:46 mm
Add relevant FFmpeg vulnerabilities from Ubuntu USN-1320-1
|
04:36 miwi
- clean up
|
02:47 zi
- Document vulnerabilities in security/openssl
-- CVE-2011-4108, CVE-2011-4109, CVE-2011-4576
-- CVE-2011-4577, CVE-2011-4619, CVE-2012-0027
|
|
Friday, 13 Jan 2012
|
12:10 zi
- Document vulnerability in net/isc-dhcp42-server (CVE-2011-4868)
|
|
Thursday, 12 Jan 2012
|
21:56 delphij
Document PowerDNS DoS vulnerability.
PR: ports/164066
Submitted by: Ralf van der Enden <tremere cainites.net>
|
|
Wednesday, 11 Jan 2012
|
18:32 delphij
Document PHP multiple vulnerabilities.
|
|
Monday, 9 Jan 2012
|
18:13 rene
Document a untrusted local library exploit in games/torcs.
Security: CVE-2010-3384
|
02:26 wxs
Document spamdyke STARTTLS plaintext injection vulnerability.
|
|
Saturday, 7 Jan 2012
|
23:44 simon
Remove HTML entity from a VuXML entry as they are not allowed in
VuXML, only Unicode charecter entities are allowed.
This should fix the portaudit build.
If anyone care enough to insert the correct umlaut, feel free to fix.
|
|
Friday, 6 Jan 2012
|
18:35 rene
Add new vulnerabilities for www/chromium.
Security: CVE-2011-[3919,3921-3922]
|
|
Thursday, 5 Jan 2012
|
18:52 delphij
Fix build.
|
17:29 ohauer
- document bugzilla and bugzilla3 security issues
|
|
Tuesday, 3 Jan 2012
|
23:50 delphij
Document wordpress xss vulnerability.
Feature safe: yes
|
|
Friday, 30 Dec 2011
|
01:05 cy
Add additional MITKRB5 reference.
Security: MITKRB5-SA-2011-008
Feature safe: yes
|
|
Thursday, 29 Dec 2011
|
14:26 remko
Fix build by adding a reference to the original URL.
|
13:04 crees
Document XSS vulnerability in net-mgmt/zabbix-frontend
PR: ports/163691
Obtained from: https://support.zabbix.com/browse/ZBX-4015
Security: ZBX-4015
|
|
Wednesday, 28 Dec 2011
|
12:24 mm
Document remote DoS vulnerability in lighttpd HTTP authentication
Security: CVS-2011-4362
|
|
Tuesday, 27 Dec 2011
|
04:00 eadler
- Fix most of the duplicate words in vuxml, a few affect 'blockquotes' but that
should be okay as no information is lost.
|
|
Monday, 26 Dec 2011
|
23:23 wxs
Don't wrap a couple of lines. No other entries wrap these lines, so when
in Rome...
|
23:00 wxs
Whitespace cleanup in a BIND topic.
|
22:42 wxs
Fix the build. Missing a quote on the blockquote citation and a missing </p>.
|
21:51 cy
Document CVE-2011-4862 (FreeBSD-SA-11:08.telnetd) as it affects krb5-appl too.
Security: CVE-2011-4862, FreeBSD-SA-11:08.telnetd
Feature safe: yes
|
|
Friday, 23 Dec 2011
|
20:37 delphij
Add vuxml entry for proftpd chroot vulnerability.
Feature safe: yes
|
|
Thursday, 22 Dec 2011
|
12:11 zi
- Document recent vulnerabilities in databases/phpmyadmin (PMASA-2011-19 and
PMASA-2011-20)
|
|
Wednesday, 21 Dec 2011
|
12:40 beat
- Also fix SeaMonkey version range
|
11:28 beat
- Fix cvename in latest mozilla vulnerability
|
07:48 beat
- Document mozilla -- multiple vulnerabilities
|
|
Monday, 19 Dec 2011
|
13:15 sem
unbound DoS vulnerability
|
|
Sunday, 18 Dec 2011
|
14:24 miwi
- Cleanup
* correct line limit
* sort cvename
|
13:30 zi
- Correct package name in previous commit
Reported by: crees@
|
13:07 zi
- Document vulnerabilities in www/typo3 and www/typo345
|
|
Wednesday, 14 Dec 2011
|
04:07 zi
- Document security/krb5 vulnerability as described in MITKRB5-SA-2011-007
|
03:52 zi
- Add CVE for recent asterisk vulnerabilities
Feature safe: yes
|
|
Tuesday, 13 Dec 2011
|
20:35 delphij
Document Opera multiple vulnerabilities.
Requested by: tabthorpe
Feature safe: yes
|
20:17 rene
Document vulnerabilities fixed in Chromium 16.0.912.63
Security: CVE-2011-[3903-3917]
|
17:45 mandree
Add cvename tag with content CVE-2011-4607 for PuTTY password 'vulnerability'.
Feature safe: yes
Submitted by: eadler
|
17:34 zi
- Correct package name for asterisk18
Feature safe: yes
|
|
Monday, 12 Dec 2011
|
19:57 mandree
Update PuTTY to new upstream security and bug fix release 0.62,
and add a new VuXML entry.
Changelog:
http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html
Security: bbd5f486-24f1-11e1-95bc-080027ef73ec
Feature safe: yes
|
|
Friday, 9 Dec 2011
|
01:52 zi
- Document asterisk vulnerabilities
Feature safe: yes
|
|
Wednesday, 7 Dec 2011
|
23:49 zi
- Document vulnerabilities in isc-dhcp: CVE-2011-4539
Feature safe: yes
|
|
Thursday, 1 Dec 2011
|
21:03 dougb
Update to version 3.4.8
This is the formal release of the fix to CVE-2011-4634, but there are
no code differences from the preliminary fixes released in 3.4.8-rc1
except for the updated version number.
PMSA-2011-18 has now been published; vuxml entry attached.
PR: ports/163001
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Feature safe: yes
|
|
Wednesday, 30 Nov 2011
|
09:31 pav
- Add a link to a nice documentation in PH
Suggested by: dougb
Feature safe: yes
|
08:45 pav
- Add a quick guide to adding a new entry to this unfriendly file
Feature safe: yes
|
|
Saturday, 19 Nov 2011
|
15:13 dinoex
- mark 1.3.41+2.8.31_4 as not vulnerable
Feature safe: yes
|
|
Friday, 18 Nov 2011
|
22:38 cs
hiawatha -- memory leak in PreventSQLi routine
Approved by: glarkin@ (mentor)
Feature safe: yes
|
20:20 delphij
Bump modified date for previous commit.
Feature safe: yes
|
20:13 dougb
The long-term URL for the latest BIND vulnerability is up at ISC,
so adjust accordingly.
Feature safe: yes
|
|
Thursday, 17 Nov 2011
|
10:08 rene
Mark chromium-15.0.874.120 vulnerable.
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-3900
Feature safe: yes
|
|
Wednesday, 16 Nov 2011
|
23:59 dougb
Add an entry for the BIND DOS vulnerability announced today
Feature safe: yes
|
|
Monday, 14 Nov 2011
|
23:27 ohauer
- document apache13 CVE-2011-3368
Feature safe: yes
|
03:25 miwi
- Fix previous entry
Feature safe: yes
|
03:14 rakuco
Add note about CVE-2011-2725 for ark in kdeutils4.
Approved by: avilla (mentor, implicit)
Feature safe: yes
|
|
Sunday, 13 Nov 2011
|
22:28 ohauer
- document apache apr-0.9 reimplementation of apr_fnmatch()
Feature safe: yes
|
02:20 dougb
Fix the recent flash entry:
1. Only one <package> container is needed
2. Use of <lt> has to be relative to the latest (unvulnerable) version
3. Improve the range for the 11.x version to not tag all 10.x versions
4. Use https for the cite in blockquote
5. Fix a CVE entry
Feature safe: yes
|
|
Saturday, 12 Nov 2011
|
16:13 miwi
- Correct latest libxml(1) entrys
- Mark CVS-2009-2414 CVS-2009-2416 CVS-2011-1944 entrys as safe
- Fix whitespaces
- Bump modify date
- While here add missing blank lines between entries [1]
[1] This would not happened when committers use "make newentry" (sometimes RTFM
is really helpful)
Feature safe: yes
|
12:15 crees
Document latest phpMyAdmin vulnerability
PR: ports/162442
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Security: CVE-2011-4107
Security: http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
CC: m.seaman@infracaninophile.co.uk
Feature safe: yes
|
05:39 eadler
- update flash10 to 10.3r183.11
- add security issues to vuln.xml
Submitted by: nox
Reviewed by: dougb (vuxml)
Security: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457,
CVE-2011-2458, CVE-2011-2459, CVE-2011-2458
Feature safe: yesA
|
|
Friday, 11 Nov 2011
|
19:13 rene
Add vulnerabilities for www/chromium < 15.0.874.120
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-[3892-3898]
Feature safe: yes
|
|
Thursday, 10 Nov 2011
|
13:40 wxs
Add missing blank lines between entries.
Feature safe: yes
|
07:58 delphij
Fix build.
Feature safe: yes
|
07:19 bapt
Register multiple libxml{1,2} vulnerabilities
|
04:44 miwi
- Cleanup a bit
|
02:27 novel
Document gnutls client session resumption vulnerability.
|
|
Tuesday, 8 Nov 2011
|
17:48 beat
- Document mozilla -- multiple vulnerabilities
|
|
Monday, 7 Nov 2011
|
04:27 eadler
- add vuxml entry for insecure use of temporary directories in caml-light
Reviewed by: dougb
Approved by: bapt,sahil (mentors, implicit)
|
04:23 eadler
- add vuxml entry for insecure use of temporary directories in caml-light
Reviewed by: dougb
Approved by: bapt,sahil (mentors, implicit)
|
|
Thursday, 3 Nov 2011
|
21:21 kwm
Fix the freetype entry. The package name is freetype2 and fill in the comment.
|
|
Tuesday, 1 Nov 2011
|
18:00 bapt
Fix vuln.xml
|
17:44 kwm
Document vulnerabilities in handling Type 1 fonts in freetype.
|
08:46 delphij
Properly match lower bound of version numbers.
Noticed by: Patrick Oonk <patrick.oonk pine.nl>
|
07:18 miwi
- bid from latest PivotX entry [1]
- while remove a lot whitespaces
PR: 161734 [1]
Submitted by: Fumiyuki Shimizu <fumifumi@abacustech.jp>
|
|
Friday, 28 Oct 2011
|
17:06 kwm
Document cacti security issues.
SQL injection issue with user login
Cross-site scripting issues.
PR: ports/162044
Reported by: moggie <moggie@elasticmind.net>
|
09:28 miwi
- Cleanup & whitespace fixe
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.