| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Wednesday, 4 Mar 2009
|
15:30 roam 
Document the cURL redirection security bypass - CVE-2009-0037.
I'll update the ftp/curl port itself ASAP.
PR: 132299
Reported by: Mark Foster <mark@foster.cc> (the PR),
Daniel Bond <db@danielbond.org> (e-mail)
 |
|
Monday, 23 Feb 2009
|
20:48 marcus
Bump the modified date for the previous Firefox change.
Requested by: miwi
|
20:41 marcus
Correct the Firefox 2.0 version for the recent Firefox vulnerabilities.
|
00:53 mnag
- Add CVE entries for last lighttpd security issue.
Reported by: Eygene Ryabinkin <rea-fbsd___codelabs.ru>
|
|
Wednesday, 18 Feb 2009
|
18:06 glarkin
- Update to 1.7.5
- Added UPDATING entry about incompatibility between 1.7.4 and 1.7.5
- Added vuln.xml entry for local file inclusion vulnerability in <1.7.5
- Added maintainer mode target in ZF Makefile to speed up fixups of
pkg-plist output from genplist
Security: cf495fd4-fdcd-11dd-9a86-0050568452ac
Security: http://framework.zend.com/issues/browse/ZF-5748
Security:
http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html
|
|
Tuesday, 17 Feb 2009
|
21:11 jadawin
- Document dia -- remote command execution vulnerability
Reviewed by: miwi
|
|
Sunday, 15 Feb 2009
|
21:45 miwi
- Document pycrypto -- ARC2 module buffer overflow
PR: based on 131689
Submitted by: Mark Foster <mark@foster.cc>
|
18:23 marcus
Update the latest firefox vulnerability ranges.
|
13:29 kuriyama
Minor whitespace nits.
|
13:08 miwi
- Update previous entry
* remove duplicate bid entry
* add more referens
* fix whitespaces
|
11:06 des
Document Varnish 2.0 DoS.
PR: ports/131690
Submitted by: Mark Foster <mark@foster.cc>
|
|
Friday, 13 Feb 2009
|
13:30 miwi
- Document tor -- multiple vulnerabilites
|
|
Wednesday, 11 Feb 2009
|
19:15 miwi
- Fix portaudit conflict with www/firefox and www/firefox3
- Mark www/firefox and www/linux-firefox FORBIDDEN
Discussion by: simon/stas
With hat: secteam
|
16:52 miwi
- Fix latest firefox entry
|
14:37 miwi
- Document firefox -- multiple vulnerabilities
|
14:15 glarkin
- document codeigniter -- arbitrary script execution in the new
Form Validationclass
|
13:36 jadawin
- Document pyblosxom -- atom flavor multiple XML injection vulnerabilities
Reviewed by: miwi
|
10:15 miwi
- Document typo3 -- cross-site scripting and information disclosure
|
|
Tuesday, 10 Feb 2009
|
20:53 miwi
- Update latest squid* entry
Add CVE-2009-0478
Submitted by: jadawin
|
|
Monday, 9 Feb 2009
|
17:55 stas
- Update ruby vuxml entries due to ruby19 version bump.
|
15:31 miwi
- Document amaya -- multiple buffer overflow vulnerabilities
PR: based on 131508
Submitted by: Mark Foster <mark@foster.cc>
|
14:52 miwi
- Document websvn -- multiple vulnerabilities
PR: based on 130934
Submitted by: Mark Foster <mark@foster.cc>
|
14:20 miwi
- Document phplist -- local file inclusion vulnerability
PR: based on 130932
|
14:04 miwi
- Document squid -- remote denial of service vulnerability
PR: based on 131431
|
13:41 miwi
- Fix topic s/typo/typo3
|
13:30 miwi
- Document typo3 -- Multiple Vulnerabilities
|
|
Friday, 6 Feb 2009
|
19:59 miwi
- Fix previous entry
|
19:35 tmclaugh
Security update for sudo to 1.6.9p20 for CVE 2009-0034
Changes:
- Only use the cached supplementory group vector when matching groups
for the invoking user. (security)
- When setting the umask, use the union of the user's umask and the
default value set in sudoers so that we never lower the user's umask
when running a command.
- Sudo now operates in the C locale again when doing a match against
sudoers.
PR: 131446
Submitted by: Eygene Ryabinkin
Security: vid:13d6d997-f455-11dd-8516-001b77d09812
|
|
Wednesday, 4 Feb 2009
|
14:01 miwi
- Fix a typo (s/drual/drupal)
|
13:53 miwi
- Cleanup
|
13:47 miwi
- Document drupal -- multible vulnerabilities
|
06:47 ale
Update php5-gd entry.
|
|
Tuesday, 3 Feb 2009
|
21:42 miwi
- Document perl -- Directory Permissions Race Condition
PR: based on 129317
|
|
Friday, 30 Jan 2009
|
09:55 miwi
- Rework ganglia entry
* Fix topic
* Fix discovery and entry day
|
09:13 miwi
- Set modified for b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e entry
- more cleanup
|
08:59 miwi
- Document moinmoin -- multiple cross site scripting vulnerabilities
|
08:51 miwi
- Cleanup previous entry
* remove whitespaces
* sort bid/cvename/url
|
03:56 brooks
Upgrade Ganglia to 3.1.1 plus a fix for CVE-2009-0241.
PR: ports/129822, ports/131067
Submitted by: Mark Foster <mark at foster dot cc> (vuxml)
Security: vid:b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e
|
|
Thursday, 29 Jan 2009
|
22:49 miwi
- Document Tor -- Unspecified Memory Corruption Vulnerability
|
|
Wednesday, 28 Jan 2009
|
13:11 miwi
- Cleanup
* Fix whitespaces/ Tabs
* Sort <bid>/<cvename>/<url>
|
13:05 miwi
- Rewording 2ffb1b0d-ecf5-11dd-abae-00219b0fc4d (glpi -- SQL Injection)
- Add more reference sites
|
05:07 pgollucci
Document glpi -- SQL Injection vulnerabilty
PR: ports/131011
Submitted by: Mathias Monnerville <mathias@monnerville.com>
|
|
Sunday, 25 Jan 2009
|
00:56 tabthorpe
- Document openfire -- multiple vulnerabilities
PR: ports/130606
Submitted by: Mark Foster <mark foster.cc>
|
|
Saturday, 24 Jan 2009
|
02:31 delphij
Update information about 9fff8dc8-7aa7-11da-bf72-00123f589060
and 651996e0-fe07-11d9-8329-000e0c2e438a, newer versions of
apache+ipv6 has the problems fixed.
Submitted by: sumikawa
|
|
Wednesday, 21 Jan 2009
|
19:44 wxs
- Document two old ipsec-tools DoS
PR: ports/129468
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
|
Tuesday, 20 Jan 2009
|
15:20 wxs
- Document directory traversal bug in teamspeak server
PR: ports/130608
Submitted by: Mark Foster <mark@foster.cc>
|
|
Monday, 19 Jan 2009
|
20:21 wxs
- Document graphics/optipng buffer overflow
PR: ports/129072
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
20:04 wxs
- Document old gitweb privilege escalation vulnerability.
PR: ports/130600
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
|
Friday, 16 Jan 2009
|
16:11 naddy
Document vulnerability in older versions of GNU tar.
PR: 130602
Submitted by: Mark Foster <mark@foster.cc>
|
00:02 miwi
- Mark net-mgmt/nagios2 as secure
|
|
Thursday, 15 Jan 2009
|
23:00 miwi
- Document mplayer -- vulnerability in STR files processor
PR: based on 130573
|
|
Tuesday, 13 Jan 2009
|
12:22 miwi
- Cleanup previous entry
- Add more references
|
03:30 wxs
- Add missing blockquote and linewrap properly
|
03:19 wxs
- Document cgiwrap XSS vulnerability
PR: ports/130277
Submitted by: Eric W. Bates <ericx@vineyard.net>
|
|
Monday, 12 Jan 2009
|
12:27 miwi
- Document nagios -- web interface privilege escalation vulnerability
|
|
Sunday, 11 Jan 2009
|
19:58 miwi
- Document pdfjam -- insecure temporary files
PR: based on 130028
|
19:35 miwi
- Document verlihub -- insecure temporary file usage and arbitrary command
execution
|
18:16 miwi
- Document mysql -- empty bit-string literal denial of service
PR: based on 129978
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
15:38 miwi
- Fix discovery date
|
15:27 miwi
- Document mysql multiple vulnerabilities:
* mysql -- renaming of arbitrary tables by authenticated users
* mysql -- remote Denial of Service via malformed password packet
* mysql -- privilege escalation and overwrite of the system table
information
PR: based on 130025
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
14:49 miwi
- Document imap-uw -- imap c-client buffer overflow
PR: 130013
Submitted by: Mark Foster <mark@foster.cc>
Approved by: maintainer timeout
|
14:32 miwi
- Fix a small typo
|
14:29 miwi
- Document imap-uw -- local buffer overflow vulnerabilities
PR: 128923
Submitted by: Mark Foster <mark@foster.cc>
Approved by: maintainer timeout
|
13:15 miwi
- Document libcdaudio -- remote buffer overflow and code execution
|
|
Tuesday, 6 Jan 2009
|
04:31 tabthorpe
- Mark xterm 238 safe
|
|
Monday, 5 Jan 2009
|
10:09 remko
Import latest FreeBSD-SA's so that we are up to date again.
|
09:40 stas
- Document xterm vulnerability.
|
09:06 stas
- Document PHP gd library vulnerability.
|
|
Sunday, 4 Jan 2009
|
09:13 miwi
- Update awstats entry (also affect www/awstats-devel)
|
08:01 chinsan
- Fix the affected version of awstats
|
06:21 chinsan
- Document awstats -- multiple XSS vulnerabilities
PR: ports/129957
Submitted by: Eygene Ryabinkin <rea-fbsd _at\ codelabs.ru>
Approved by: Alex Samorukov (maintainer)
Security: http://secunia.com/advisories/31519
|
|
Saturday, 3 Jan 2009
|
12:35 miwi
- Cleanup (fix whitespaces, typos)
|
12:06 chinsan
- Completely fix CVE-2005-0448
PR: ports/129301
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
|
Friday, 2 Jan 2009
|
09:56 erwin
Bump copyright year.
|
04:44 tabthorpe
- Document vim -- multiple vulnerabilities in the netrw module
PR: ports/129137
Submitted by: Eygene Ryabinkin <rea-fbsd codelabs.ru>
|
|
Wednesday, 31 Dec 2008
|
21:23 mezz
Add vinagre -- format string vulnerability entry.
PR: ports/129959
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
|
Tuesday, 30 Dec 2008
|
19:16 glarkin
Document twiki - multiple vulnerabilities
|
17:09 ale
Add entry for roundcube.
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
11:12 miwi
- Document mysql -- MyISAM table privileges security bypass vulnerability for
symlinked paths
|
09:29 miwi
- Document mplayer -- twinvq processing buffer overflow vulnerability
Reported by: Thomas Zander <riggs@rrr.de> (mplayer maintainer)
|
|
Friday, 26 Dec 2008
|
09:22 jadawin
- ampache -- insecure temporary file usage
|
|
Thursday, 25 Dec 2008
|
16:41 miwi
- Small cleanup for the last cups-base entry
* CVE-2008-5184 was fixed in 1.3.8.
* CVE-2008-1722 does not related to anything in this entry;
* PNG buffer overflow is really CVE-2008-5286.
Reported by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
No Cookies for: miwi
|
|
Friday, 19 Dec 2008
|
21:07 miwi
- Document opera -- multiple vulnerabilities
|
21:00 miwi
- Document mediawiki -- multiple vulnerabilities
|
20:36 miwi
- Fix make validate
|
20:29 miwi
- document drupal -- Multiple vulnerabilities
|
20:01 miwi
- Document mozilla -- multiple vulnerabilities
|
|
Thursday, 11 Dec 2008
|
19:39 miwi
- Fix a small typo
|
19:37 miwi
- Document phpmyadmin -- cross-site request forgery vulnerability
|
|
Monday, 8 Dec 2008
|
14:15 tabthorpe
- Document php5 -- potential magic_quotes_gpc vulnerability
Reviewed by: miwi
|
|
Sunday, 7 Dec 2008
|
19:13 miwi
- Fix a typo
Reported by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
18:11 miwi
- Document wireshark -- SMTP Processing Denial of Service Vulnerability
|
12:13 miwi
- Document php -- multiple vulnerabilities
|
11:41 miwi
- Document mgetty+sendfax -- symlink attack via insecure temporary files
PR: based on 129471
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
11:32 miwi
- Document dovecot-managesieve -- Script Name Directory Traversal Vulnerability
PR: based on 129303
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
11:20 miwi
Document habari -- Cross-Site Scripting Vulnerability
PR: 129475
Submitted by: Ayumi M <ayu@dahlia.commun.jp>
|
09:09 miwi
- Add 32545 to the latest vlc entry.
|
|
Saturday, 6 Dec 2008
|
23:47 miwi
- Document vlc -- arbitrary code execution in the RealMedia processor
|
23:18 miwi
- S/secunia/Secunia
|
22:00 miwi
- Document mantis - PHP Code Execution Vulnerability
PR: based on 129438
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.