| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Friday, 17 Mar 2006
|
23:24 brooks 
Add drupal <= 4.6.5 vulns.
 |
|
Wednesday, 15 Mar 2006
|
21:27 thierry
Add an entry for Horde < 3.1 (SA19246).
Noticed by: mnag
|
07:10 simon
Document linux-flashplugin -- arbitrary code execution vulnerability.
|
|
Sunday, 12 Mar 2006
|
21:25 remko
Document nfs -- remote denial of service (FreeBSD: SA-06:10)
Approved by: portmgr (blanket VuXML)
|
19:57 remko
Add OpenSSH Remote Denial of Service (FreeBSD SA-06:09.openssh) to the
vuxml list.
Approved by: portmgr (Blanket VuXML)
|
|
Saturday, 11 Mar 2006
|
10:38 remko
Correct the gpg entry wrt. style.
Approved by: portmgr (Blanket VuXML)
|
|
Thursday, 9 Mar 2006
|
22:44 kuriyama
Update to 1.4.2.2.
Security: GnuPG does not detect injection of unsigned data
References:
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Probbed by: simon
Approved by: portmgr (erwin)
|
10:53 vd
Document multimedia/mplayer's heap overflow in the ASF demuxer
Reviewed by: simon
Approved by: portmgr (implicit), security-officer (simon)
|
|
Monday, 6 Mar 2006
|
12:15 marius
Add the ssh2-nox11 slave port to the list of ports affected by
VID 594ad3c5-a39b-11da-926c-0800209adf0e.
Prodded by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
Approved by: portmgr (erwin)
|
|
Saturday, 4 Mar 2006
|
17:31 marius
Document a SSH.COM SFTP server format string vulnerability affecting
the security/ssh2 port.
Approved by: portmgr (erwin)
|
15:03 naddy
Document GNU tar invalid headers buffer overflow.
Approved by: portmgr (erwin)
|
|
Monday, 27 Feb 2006
|
20:16 remko
Remove the pinentry entry. It was gentoo specific and I overlooked
that.
Noticed by: Dejan Lesjak <dejan dot lesjak at ijs dot si>
Pointyhat: remko
Approved by: portmgr (implicit VuXML)
|
14:36 skv
Document Bugzilla [2.*, 2.20.1) vulnerabilities.
Approved by: security-officer (simon)
Approved by: portmgr (implicit)
|
|
Friday, 24 Feb 2006
|
19:56 delphij
Document squirrelmail (< 1.4.6) vulnerabilities:
CVE-2006-0377 (IMAP injection)
CVE-2006-0195 (XSS)
CVE-2006-0188 (XSS)
Approved by: security-officer (simon)
Approved by: portmgr (implicit)
|
|
Monday, 20 Feb 2006
|
19:15 remko
Remove the latest squid entry, it already existed.
Noticed by: Thomas-Martin Seck <tmseck at netcologne dot de>
|
16:03 remko
Document gedit -- format string vulnerability.
|
15:43 remko
Add koffice to the RTF import issue.
|
15:17 remko
Documenet WebCalendar -- unauthorized access vulnerability.
|
14:29 remko
Document abiword -- stack based buffer overflow vulnerabilities.
|
12:26 remko
Document pinentry -- local privilege escalation.
Correct previous entry (the entry time was invalid).
|
12:02 remko
Document squid -- dns lookup spoofing.
|
|
Saturday, 18 Feb 2006
|
14:22 simon
Document postgresql81-server -- SET ROLE privilege escalation.
|
|
Friday, 17 Feb 2006
|
09:53 simon
Document gnupg -- false positive signature verification.
|
|
Thursday, 16 Feb 2006
|
15:05 remko
Document rssh -- privilege escalation vulnerability.
The port will be marked forbidden due to possible
root access.
|
14:33 remko
Document tor -- malicious tor server can locate a hidden service.
|
14:20 remko
Document sudo -- arbitrary command execution.
|
14:08 remko
Document libtomcrypt -- weak signature scheme with ECC keys.
|
13:19 remko
Document mantis -- "view_filters_page.php" cross site scripting vulnerability.
|
12:59 remko
Document phpbb -- multiple vulnerabilities.
Reviewed by: simon
|
12:50 remko
Document postgresql -- character conversion and tsearch2 vulnerabilities.
|
09:08 remko
Document heartbeat -- insecure temporary file creation vulnerability.
|
|
Wednesday, 15 Feb 2006
|
13:25 remko
Document kpdf -- heap based buffer overflow
|
12:53 remko
Document perl, webmin, usermin -- perl format string integer wrap vulnerability
PR: ports/91202
Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>
(slightly modified).
|
12:33 remko
Document phpicalendar -- cross site scripting vulnerability and
document phpicalendar -- file disclosure vulnerability [1].
Reviewed by: simon [1]
Spotted on: cvs-ports@ [1]
|
|
Tuesday, 14 Feb 2006
|
10:35 remko
Document FreeBSD -- Infinite loop in SACK handling (FreeBSD SA 06.08)
|
10:28 remko
Document pf -- IP fragment handling panic, FreeBSD SA 06.07
|
10:09 remko
Document FreeBSD -- Local kernel memory disclosure
(FreeBSD SA 06.07).
|
09:57 remko
Document IEEE 802.11 -- buffer overflow (FreeBSD SA 06.05).
|
08:13 remko
Add FreeBSD SA 06.04.ipfw to the vuln.xml list.
|
|
Tuesday, 7 Feb 2006
|
20:43 simon
Mark ivtools 1.2.3 as fixed for jpeg vulnerabilities. Note that this
version is not yet in ports, but marking the new version fixed now
make porting a bit simpler.
|
20:09 simon
Document kpopup -- local root exploit and local denial of service.
PR: ports/92359
Submitted by: Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>
|
|
Friday, 27 Jan 2006
|
19:07 remko
Oops. Forgot to modify the discovery date.
Spotted by: simon (again)
|
12:20 remko
Add 4 FreeBSD advisories to the VuXML database.
The other recently released advisories will be
added later today.
o SA-06:03.cpio
o SA-06:02.ee
o SA-06:01.texindex
o SA-05:20.cvsbug
|
|
Monday, 23 Jan 2006
|
21:29 brooks
Document local root exploit in SGE.
|
15:35 barner
Document "fetchmail -- crash when bouncing a message" DOS vulnerability.
Reviewed by: secteam (simon)
|
|
Saturday, 14 Jan 2006
|
23:36 simon
- Update description and references for "clamav -- possible heap
overflow in the UPX code" now that more information is available.
- Remove some EOL whitespace.
|
|
Tuesday, 10 Jan 2006
|
14:02 ehaupt
Add an entry for clamav/clamav-devel
Reviewed by: simon (secteam)
|
|
Monday, 9 Jan 2006
|
21:47 simon
Document milter-bogom -- headerless message crash.
Reported by: Victor Balada Diaz <victor@bsdes.net>
|
20:49 simon
Mark latest bnc version as fixed wrt. to "fd_set -- bitmap index
overflow in multiple applications".
Reported by: Christian Elmerot <Chreo At chreo , net>
|
|
Saturday, 7 Jan 2006
|
14:56 simon
Document two bogofilter vulnerabilities.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
|
Wednesday, 4 Jan 2006
|
23:00 thierry
Add an entry for rxvt-unicode < 6.3: root privileges were not restored
before the call to openpty(), so the permissions on the pty device node
remain root:wheel 666 after opening a new terminal.
Discovered by: Ryan Beasley <ryanb (at) rainbowdevilsland.co.uk>
|
|
Tuesday, 3 Jan 2006
|
18:40 lev
`ru-apache' and `ru-apache+mod_ssl' was patchet against CAN-2005-3352
(http://www.FreeBSD.org/ports/portaudit/9fff8dc8-7aa7-11da-bf72-00123f589060.html)
Yes, changes are validated with xmllint at this time.
|
|
Monday, 2 Jan 2006
|
18:32 remko
Correct a little typo.
|
|
Sunday, 1 Jan 2006
|
21:40 remko
Document apache -- mod_imap cross-site scripting flaw.
I expanded the diff from the PR a bit to denote other
affected apache ports as well. Therefor mistakes in
that should be redirected to me.
Also bump the copyright year for the vuxml file.
PR: ports/91157 (based on)
Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>
|
09:03 hrs
Fix the affected versions of 9b4facec-6761-11da-99f6-00123ffe8333.
PR: ports/91156
Submitted by: KOMATSU Shinichiro (koma2 at lovepeers dot org)
|
|
Sunday, 25 Dec 2005
|
22:23 simon
Add missing "</package>" tag from rev. 1.917, which caused the file to
be invalid XML and in turn caused the portaudit database to be only
partially built.
Bump modification date of all entries which had modification date on
the 23'rd to make sure VuXML consumers catch the updates.
Portaudit problem reported by: Peter Vohmann
Pointy hat to: lev
|
|
Friday, 23 Dec 2005
|
13:33 lev
russian/apache13 and russian/apache13-modssl were updated and new version
doesn't
contain any known vulnerabilities.
|
12:10 simon
Bump modification date for entries touched by last commit.
|
11:47 remko
Update the phpSysInfo entries, PR ports/90849 will solve the documented
issues.
Requested by: Babak Farrokhi <babak at farrokhi dot net>
|
10:29 remko
Fix another typo in my nbd entry.
Spotted by: Linus Nordberg <linus at nordberg dot se>
|
|
Thursday, 22 Dec 2005
|
21:25 remko
Correct a typo.
Submitted by: Linus Nordberg <linus at nordberg dot se>
|
21:08 remko
Update the affected range.
Prodded by: erwin
|
21:07 remko
The previous entry should have read:
Document ndb-server -- buffer overflow vulnerability
|
21:05 remko
:
|
16:25 garga
- Register scponly-4.1 vulnerabilities
PR: ports/90813
Submitted by: maintainer
Security:
https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
|
15:49 remko
Correct the recent horde entries as per the FDP
(made the entries max 72 chars wide).
|
|
Monday, 19 Dec 2005
|
15:14 barner
Document fetchmail vulnerability:
http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt (CVE-2005-4348)
Reviewed by: secteam (simon@)
|
|
Wednesday, 14 Dec 2005
|
21:51 remko
Document the following mantis vulnerabilities:
o "t_core_path" file inclusion vulnerability
o "view_filters_page.php" cross-site scripting vulnerability
|
|
Sunday, 11 Dec 2005
|
21:41 thierry
- Add entries for several XSS vulnerabilities in Horde, Kronolith, Nag
Turba and Mnemo;
- Fix a typo in the previous Horde entry.
|
|
Friday, 9 Dec 2005
|
12:24 mnag
Add curl -- URL buffer overflow vulnerability
Reviewed by: simon
|
|
Wednesday, 7 Dec 2005
|
21:59 mnag
Add phpmyadmin -- register_globals emulation "import_blacklist" manipulation
Add phpmyadmin -- XSS vulnerabilities
|
11:53 mnag
Add ffmpeg -- libavcodec buffer overflow vulnerability
Reviewed by: simon
|
11:34 mnag
Add trac -- search module SQL injection vulnerability
Reviewed by: simon
|
|
Thursday, 1 Dec 2005
|
16:08 mnag
Add drupal -- multiple vulnerabilities
Reviewed by: simon
|
|
Wednesday, 30 Nov 2005
|
20:55 simon
Document opera -- multiple vulnerabilities.
|
20:35 simon
Document opera -- command line URL shell command injection.
|
13:41 mnag
Add entry to www/mambo
Reviewed by: simon
|
|
Tuesday, 29 Nov 2005
|
08:41 simon
Mark flyspar 0.9.8 as fixed wrt. "flyspray -- cross-site scripting
vulnerabilities" since our port version of 0.9.8 includes update1 which
fixes the issue.
Reported by: Volodymyr Kostyrko via pav
|
|
Monday, 28 Nov 2005
|
15:37 mnag
Change topic zope28 to zope (www/zope affected too)
Add <cvename> to zope entry
Change CAN-XXXX-XXXX to CVE-XXXX-XXXX
Reviewed by: simon
|
|
Sunday, 27 Nov 2005
|
17:57 hrs
Security fix: several shell scripts included in the Ghostscript package
allow local users to overwrite files via a symlink attack on temporary
files.
Security: CAN-2004-0967
|
|
Saturday, 26 Nov 2005
|
10:58 remko
Forced commit to notice that I also added some references to the
latest horde entry.
|
10:54 remko
Standarize the horde -- Cross site scripting vulnerabilities in MIME
viewers entry as per the FDP-primer and the vuxml layout (topic).
Also correct the qpopper vulnerability to match 4.0 and above since
the 2.x range is listed as affected at the moment but has an entirely
different base. After checking it appears that the information all
point to >= 4.0. [1]
Noticed by: ache [1]
|
|
Tuesday, 22 Nov 2005
|
19:56 thierry
Add an entry for cross site scripting vulnerabilities in Horde's MIME
viewers.
|
|
Wednesday, 16 Nov 2005
|
14:17 mnag
phpmyadmin -- HTTP Response Splitting vulnerability
Reviewed by: simon
|
|
Monday, 14 Nov 2005
|
16:57 simon
Add CVE name to an old sudo entry.
|
08:45 simon
Update latest phpSysInfo entry to reflect that 2.4 was in fact not fixed
(or rather, had an incorrect "fix").
Reported by: Christopher Kunz (advisory author)
Security: http://www.hardened-php.net/advisory_222005.81.html
|
|
Sunday, 13 Nov 2005
|
21:39 sem
- Micromedia -> Macromedia
- Standard FDP primer documentation rules apply
- Two dots fixed
Noted by: remko
|
21:21 sem
- Document phpSysInfo vulnerability
|
20:59 sem
- Document flashplugin vulnerability
|
|
Thursday, 10 Nov 2005
|
11:09 sem
- Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports)
- Document flyspray cross-site scripting vulnerabilities
|
|
Tuesday, 8 Nov 2005
|
17:34 remko
Update the recent gallery2 and webcalendar entries:
o Add a better topic (description)
o Reword the webcalendar entry to have some more usefull data
o Add references (bid's and CVE names).
|
|
Monday, 7 Nov 2005
|
20:44 remko
Document qpopper -- multiple privilege escalation vulnerabilities.
Note that the current version is not affected anymore.
|
|
Sunday, 6 Nov 2005
|
17:28 sem
- Add missed </p> tag [1]
- Modify 594eb447-e398-11d9-a8bd-000cf18bbe54 entry:
ruby 1.6.x is not affected this vulnerability,
it have no XMLRPC support.
Pointy hat to: simon [1]
|
|
Friday, 4 Nov 2005
|
22:49 simon
Add a bit more info from the PEAR advisory about the vulnerability to
make the scope of the vulnerability a bit more clear.
Disussed with: thierry
|
22:35 simon
The two latest OpenVPN vulnerabilities were both only for 2.0 and
newer, so mark the correctly as such.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
21:23 thierry
Add an entry for pear-PEAR arbitrary code execution vulnerability.
|
|
Wednesday, 2 Nov 2005
|
10:16 simon
Correct skype entry to match the correct fixed port version number.
Noted by: Stefan Lambrev, cheffo FreeBSD-BG org
|
|
Tuesday, 1 Nov 2005
|
22:49 simon
Document two OpenVPN vulnerabilities.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
21:39 naddy
As Peter Jeremy points out, the recent lynx vulnerability also concerns
lynx-ssl.
|
09:33 sem
- Document skype vulnerabilities
- Document PHP vulnerabilities
- Convert first letters in titles from upcase to lowercase
in my last additions.
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.