| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Saturday, 28 Nov 2009
|
21:03 kwm 
Document libtool vulnerability.
Reviewed by: miwi@
 |
|
Thursday, 26 Nov 2009
|
14:51 miwi
- Cleanup (whitespaces/tabs)
|
|
Tuesday, 24 Nov 2009
|
21:34 naddy
document: libvorbis -- multiple vulnerabilities
|
|
Monday, 23 Nov 2009
|
18:07 skv
Document "bugzilla" - information leak.
|
15:47 sem
- Report a XSS vulnerability in net-mgmt/cacti port
|
|
Saturday, 14 Nov 2009
|
12:41 miwi
- fix german wordpress name
|
12:20 miwi
- Document wordpress -- multiple vulnerabilities
|
|
Monday, 9 Nov 2009
|
17:14 delphij
Mark php5-gd 5.2.11_2 as safe.
|
|
Sunday, 8 Nov 2009
|
23:33 wxs
- Note that CVE-2009-3546 has been fixed in graphics/gd.
Noticed by: N.J. Mann <njm@njm.me.uk>
|
|
Friday, 6 Nov 2009
|
09:43 miwi
- Fix previous commit
|
08:22 jadawin
- Document HTML-Parser denial of service
|
|
Thursday, 5 Nov 2009
|
21:40 delphij
Document remote buffer overflow vulnerability in gd.
|
21:25 delphij
Document typo3 multiple vulnerabilities.
Notified by: Wennrich, Markus <Markus Wennrich f-i-ts de>
|
|
Tuesday, 3 Nov 2009
|
21:18 thierry
Add an entry for VideoLAN-SA-0901, about multimedia/vlc.
|
|
Monday, 2 Nov 2009
|
20:12 miwi
- Document KDE -- multiple vulnerabilities
Reported by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
|
Saturday, 31 Oct 2009
|
12:52 miwi
- Fix previous entry
|
12:41 itetcu
Add two opera vulnerabilities
PR: 140101
Submitted by: Arjan van Leeuwen
|
|
Thursday, 29 Oct 2009
|
21:59 miwi
- Fix latest entrys
|
14:21 flz
Document vulnerability in net-p2p/ctorrent < 3.3.2_2 (CVE-2009-1759).
PR: ports/139635
Submitted by: Eygene Ryabinkin
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759
|
|
Wednesday, 28 Oct 2009
|
23:04 stas
- Fix linux-opera vuxml entry (it uses different version numbering scheme) [1]
- Add entry for opera-devel as well.
PR: ports/140038 [1]
Submitted by: Sato Kuro <poyopoyo@puripuri.plala.or.jp> [1]
|
15:22 beat
- Document mozilla -- multiple vulnerabilities
Approved by: miwi (secteam)
|
|
Sunday, 25 Oct 2009
|
14:53 gabor
- Fix discovery date of a recent entry
|
14:23 stas
- Document elinks < 0.11.4 buffer overflow vulnerability.
|
|
Thursday, 22 Oct 2009
|
23:04 delphij
Add CVE reference provided by author via maintainer for the squidguard
issue.
|
23:01 delphij
Apply vendor fixes 20091015 and 20091019 to fix multiple vulnerabilities
of squidGuard 1.4.
Requested by: maintainer
Security: 692ab645-bf5d-11de-849b-00151797c2d4
|
|
Tuesday, 20 Oct 2009
|
11:03 araujo
- Add an entry for Xpdf -- Multiple Vulnerabilities.
|
|
Friday, 16 Oct 2009
|
17:42 lwhsu
- Document django -- denial-of-service attack
|
|
Tuesday, 13 Oct 2009
|
22:12 miwi
- Document phpmyadmin -- XSS and SQL injection vulnerabilities
|
|
Monday, 12 Oct 2009
|
17:22 wxs
- Document php5 multiple security vulnerabilities.
PR: ports/139196
Submitted by: Mark Foster <mark@foster.cc>
|
|
Wednesday, 7 Oct 2009
|
10:18 miwi
- Document virtualbox -- privilege escalation
|
|
Tuesday, 6 Oct 2009
|
09:37 remko
Add FreeBSD-SA-09:14.devfs to the VuXML list.
Hat: secteam
Facilitated by: Snow B.V.
|
09:33 remko
Add FreeBSD-SA-09:13.pipe to the VuXML list.
Hat: secteam
Facilitated by: Snow B.V.
|
|
Thursday, 1 Oct 2009
|
12:01 stas
- linux-f10-pango is affected by 4b172278-3f46-11de-becb-001cc0377035 too.
Reported by: "Edward Sanford Sutton, III" <mirror176@cox.net>
|
|
Wednesday, 30 Sep 2009
|
15:32 miwi
- Document mybb -- multiple vulnerabilities
PR: based on 139197
|
|
Tuesday, 22 Sep 2009
|
23:03 miwi
- Document drupal -- Multiple Vulnerabilities
Submitted by: Nick Hillard (based on)
Feature safe: yes
|
|
Monday, 21 Sep 2009
|
22:23 miwi
- Rework latest horde-base entry (ee23aa09-a175-11de-96c0-0011098ad87f)
Feature safe: yes
|
|
Sunday, 20 Sep 2009
|
14:54 cy
Fix a formatting issue.
Pointy hat to: myself
Noticed by: miwi
Feature safe: Yes
|
05:58 delphij
Fix build.
Feature safe: yes
|
05:37 cy
Document a security problem in fwbuilder/libfwbuilder 3.0.4 - 3.0.6.
Generated iptables scripts when used to generate static routing
configurations have a security issue.
Feature safe: Yes
|
|
Thursday, 17 Sep 2009
|
13:28 skv
Document "bugzilla" - two SQL injections, sensitive data exposure.
Feature safe: yes
|
|
Monday, 14 Sep 2009
|
21:57 thierry
Adding an entry for three vulnerabilities fixed in the latest Horde
framework (i.e. the port www/horde-base).
|
20:06 stas
- Fix formatting.
- Add link to the debian security advisory.
- Fix the description to be the actual citation from the official sources
instead of some wild interpretation. We do not know for sure if remote
code execution is possible at all and from looking to the source code it
seems unlikely as the buffer undeflown is allocated on the heap. Moreover,
it is not clear if this is exploitable in the default install.
Discussed with: az
|
19:48 wxs
Document nginx DoS condition.
Submitted by: az@ (via IRC)
|
|
Sunday, 13 Sep 2009
|
16:56 ume
Add cvename and bid for cyrus-imapd potential buffer overflow
in Sieve.
|
16:06 brix
Add ikiwiki vulnerability.
|
11:24 miwi
- Cleanup previous commit
|
11:06 brix
- Add xapian-omega cross-scripting vulnerability
|
|
Thursday, 10 Sep 2009
|
17:28 miwi
- Document mozilla firefox -- Multiple Vulnerabilities
|
|
Wednesday, 9 Sep 2009
|
15:13 ume
Fix xml broke by my previous commit.
|
15:08 ume
Document cyrus-imapd potential buffer overflow vulnerability in Sieve.
|
|
Tuesday, 8 Sep 2009
|
23:24 wxs
- Document silc-toolkit format string vulnerabilities. Unfortunately little
information is provided publicly.
|
|
Friday, 4 Sep 2009
|
08:18 miwi
- Mark seamonkey as safe
|
08:02 miwi
- Update latest Opera entry,
* add missing linux-opera
* fix topic
|
07:26 jadawin
- Fix vuxml build
Pointyhat to: me
|
07:12 jadawin
- Fix vuxml build
Pointyhat to: itetcu
|
05:59 itetcu
Add an atry for opera < 10.00
PR: 138449
Submitted by: maintainer
|
|
Wednesday, 2 Sep 2009
|
12:32 miwi
- Fix cvenames
|
11:42 miwi
- Document dnsmasq -- TFTP server remote code injection vulnerability
PR: 138418 (based on)
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
|
Tuesday, 25 Aug 2009
|
08:20 kuriyama
- I cannot confirm these vulns can be affected to 1.3.x and 2.0.x
lines. Limit this entry to 2.2.x until confirmed.
|
06:47 kuriyama
Add apache-2.2.12 fixes.
|
|
Saturday, 22 Aug 2009
|
11:48 beat
- Mark thunderbird 2.0.0.23 and higher as safe
Approved by: secteam (miwi)
|
|
Thursday, 20 Aug 2009
|
19:37 wxs
- Document pidgin, libpurple, and finch memory corruption.
PR: ports/137997
Submitted by: Armin Pirkovitsch <armin@frozen-zone.org>
|
|
Monday, 17 Aug 2009
|
14:37 wxs
- Document NUL byte problem in gnutls and gnutls-devel
- Document multiple vulnerabilities in older versions[1]
Note: These have all been fixed with the exception of the NUL byte problem
in gnutls-devel.
PR: [1]: ports/134785
Submitted by: [1]: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by: miwi
|
13:26 mnag
- memcached -- memcached stats maps Information Disclosure Weakness
PR: 134206
Submitted by: Mark Foster <mark___foster.cc>
|
|
Thursday, 13 Aug 2009
|
09:55 miwi
- Update latest wordpress entry
* add wordpress-mu which was also affected
- Mark latest fetchmail entry as safe
|
|
Wednesday, 12 Aug 2009
|
14:57 skreuzer
Document remote admin password reset vulnerability in wordpress <= 3.8.3
Reviewed by: simon
|
|
Tuesday, 11 Aug 2009
|
14:54 amdmi3
- Document fetchmail -- improper SSL certificate subject verification
|
13:35 skreuzer
Fix typo in affected version number for vid
739b94a4-838b-11de-938e-003048590f9e
Submitted by: Roberto Nunnari <robi@nunnisoft.ch> (Private eMail)
Reviewed by: simon
|
|
Friday, 7 Aug 2009
|
21:24 skreuzer
- Fix improper formatting reported by miwi
- Add additioinal reference url for vid 739b94a4-838b-11de-938e-003048590f9e
reported by miwi
Reviewed by: miwi
|
20:06 skreuzer
Document com_mailto Timeout Issue in www/joomla15
|
16:30 simon
Cleanup whitespace and XML format using 'make tidy' and a bit manual
editing.
|
13:18 simon
Various affects fixes to the last 3 Mozilla/Firefox entries to make then
match correctly against package names. In particular the port name
instead of package name was used in a couple of places. For Seamonkey
and Thunderbird where no known fixes exist don't include a fixed
version.
|
10:48 miwi
- Update previous subversion entry,
add missing p5-subversion and py-subversion
|
09:31 miwi
- Fix latest firefox entry.
Reported by: b.f <bf1793@gmail.com>
|
|
Thursday, 6 Aug 2009
|
21:41 simon
Document subversion -- heap overflow vulnerability.
|
|
Wednesday, 5 Aug 2009
|
23:23 simon
Add a few CVE names to the 'squid -- several remote denial of service
vulnerabilities' entry.
|
23:19 simon
Document bugzilla -- product name information leak.
|
|
Tuesday, 4 Aug 2009
|
23:15 miwi
- Mark squid 3.1.0.12 as safe
|
22:57 miwi
- Document mozilla -- multiple vulnerabilities
|
18:20 wxs
- Add bind9-sdb-ldap and bind9-sdb-postgresql to recent BIND DoS.
Reviewed by: miwi
|
18:06 wxs
- Document silc-client and silc-irssi-plugin format string vulnerability.
Reviewed by: miwi
|
|
Sunday, 2 Aug 2009
|
14:11 thierry
Mark mail/squirrelmail-multilogin-plugin as FORBIDDEN and add the
corresponding entry in VuXML.
Security: VuXML: 0d0237d0-7f68-11de-984d-0011098ad87f
|
|
Saturday, 1 Aug 2009
|
14:25 wxs
- White space fixes and correct the entry date in
vid 83725c91-7c7e-11de-9672-00e0815b8da8
|
14:17 wxs
s/package/system/ for vid fbc8413f-2f7a-11de-9a3f-001b77d09812.
Reviewed by: remko
Approved by: secteam (remko)
|
14:13 wxs
- Document BIND DoS in base and ports.
Reviewed by: remko
Approved by: secteam (remko)
|
|
Wednesday, 29 Jul 2009
|
16:17 miwi
- Close tag
|
16:00 miwi
- Document Mono XML Signature HMAC Truncation Spoofing
|
|
Monday, 27 Jul 2009
|
19:39 delphij
Document squid remote denial of service vulnerabilities.
Submitted by: Thomas-Martin Seck <tmseck@web.de>
PR: ports/137184
|
|
Wednesday, 22 Jul 2009
|
00:11 jpaetzel
Fix security advsory with patches from Ubuntu project.
http://vuxml.FreeBSD.org/c444c8b7-7169-11de-9ab7-000c29a67389.html
PR: ports/136891
Submitted by: wxs@
Reviewed by: simon@
Approved by: itetcu@ (mentor)
|
|
Friday, 17 Jul 2009
|
10:18 miwi
- Fix a typo
|
07:58 miwi
- Document firefox35 -- corrupt JIT state after deep return from native function
|
|
Wednesday, 15 Jul 2009
|
18:34 wxs
- Document isc-dhcp*-client stack overflow.
|
|
Tuesday, 14 Jul 2009
|
03:17 wxs
- Tweak nagios version information a bit for the command injection
vulnerability. Patches for net-mgmt/nagios and net-mgmt/nagios2 coming
shortly.
|
|
Monday, 13 Jul 2009
|
19:01 miwi
- Document drupal -- multiple vulnerabilities
Submitted by: Nick Hilliard (based on)
|
|
Sunday, 12 Jul 2009
|
13:51 beat
- Mark linux-firefox 3.0.11 and higher as safe
Approved by: secteam (miwi)
|
|
Friday, 3 Jul 2009
|
01:35 wxs
- Document remote command execution in net-mgmt/nfsen
PR: ports/136070
Submitted by: Bjoern Engels <engels@openit.de>
|
|
Thursday, 2 Jul 2009
|
20:38 wxs
- Add syslog-ng package to the list of vulnerable versions for the chroot
vulnerability.
|
|
Wednesday, 1 Jul 2009
|
13:01 wxs
- Add newly created CVE for nagios command injection vulnerability.
- Add the other two nagios packages to the list.
- Add modified entry accordingly.
|
|
Tuesday, 30 Jun 2009
|
19:10 delphij
Document phpMyAdmin XSS vulnerability
|
14:13 wxs
- Document nagios command injection vulnerability.
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.