| non port: security/vuxml/vuln.xml |
Number of commits found: 6274 (showing only 100 on this page) |
|
Friday, 5 Aug 2005
|
10:34 remko 
Correct the ranges for the IPSec advisory and the devfs advisory.
Also correct proper ranges for the zlib advisory.
Approved by: portsmgr (blanket VuXML)
 |
10:21 remko
Document some recent FreeBSD advisories:
o devfs -- ruleset bypass.
o zlib -- buffer overflow vulnerability.
o ipsec -- Incorrect key usage in AES-XCBC-MAC.
Approved by: portsmgr (blanket VuXML)
|
|
Thursday, 4 Aug 2005
|
15:56 remko
Add some more entries to the apache -- http smuggling vulnerability.
PR: ports/84312
Submitted by: Dmitry A Grigorovich <odip at bionet dot nsc dot ru>
Approved by: portsmgr (blanket VuXML)
|
|
Wednesday, 3 Aug 2005
|
17:14 simon
Document proftpd -- format string vulnerabilities.
Approved by: portmgr (blanket, VuXML)
|
16:54 simon
Note that the fix for gnupg -- OpenPGP symmetric encryption
vulnerability in gnupg is not complete (see entry for details).
Discussed with: nectar
Approved by: portmgr (blanket, VuXML)
|
11:58 simon
Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg --
OpenPGP symmetric encryption vulnerability.
Reminded by: nectar
Approved by: portmgr (blanket, VuXML)
|
|
Monday, 1 Aug 2005
|
18:38 simon
Mark latest gdal version as fixed for all tiff vulnerabilities.
|
07:45 niels
Added nbsmtp format string vulnerability.
Approved by: nectar (mentor)
|
|
Sunday, 31 Jul 2005
|
23:39 simon
Mark latest the linux-tiff and pdflib ports safe from latest tiff
vulnerability.
Thanks to lawrance and netchild for fast fixes.
|
15:00 simon
Document sylpheed -- MIME-encoded file name buffer overflow
vulnerability.
|
13:50 simon
Document phpmyadmin -- cross site scripting vulnerability.
|
13:23 simon
Document gnupg -- OpenPGP symmetric encryption vulnerability.
Note: this is mainly a theoretical vulnerability.
|
11:38 remko
Bump entry date.
Forgotten by: remko
Spotted by: simon
|
11:31 remko
Document vim -- vulnerabilities in modeline handling: glob, expand.
Discussed with: nectar, simon
|
|
Saturday, 30 Jul 2005
|
22:20 simon
Document that ekg -- insecure temporary file creation was fixed in
1.6r2,1.
Noted by: Michal Kalkowski
|
20:20 simon
Add pdflib-perl, fractorama, gdal, iv, ivtools, ja-iv, ja-libimg,
paraview to recent libtiff vulnerabilities since they contain (and
compile) an embedded version of libtiff...
|
15:48 simon
Document tiff -- buffer overflow vulnerability.
|
11:18 simon
- Misc. markup/whitespace fixes.
- Collapse a few package entries from the latest apache entry (still
matches same package names, is just shorter markup-wise).
- Use standard topic style for jaberd entry.
- Fix entry date for jaberd entry.
|
10:00 vsevolod
Document jabberd vulnerabilities that were fixed by the latest update.
Approved by: perky (mentor)
|
09:24 simon
Be consistent and use the same title for the latest ethereal
vulnerabilities as used for previous entries.
|
09:13 simon
Document opera -- image dragging vulnerability and opera -- download
dialog spoofing vulnerability.
|
08:26 simon
Document ethereal -- multiple vulnerabilities.
|
|
Thursday, 28 Jul 2005
|
08:51 clement
- Fix apache 2.1 range for CAN-2005-2088 entry which prevents apache 2.0 from
upgrading.
Pointyhat to: clement, remko
Reviewed by: erwin
|
04:22 remko
Mark apache+mod_ssl-1.3.33+2.8.22_1 as not vulnerable in the latest Apache
entry.
|
|
Wednesday, 27 Jul 2005
|
17:21 remko
There must be an curse. s/il/li/.
Noticed by: nectar
|
17:01 remko
Update my latest Apache entry to make clear that this only affects certain
installations (when Apache is used as a HTTP proxy in combination with some
web servers). I didn't make that clear in the first commit.
Requested by: nectar
Discussed with: clement
|
15:57 remko
Document apache -- http request smuggling.
Requested by: clement
Glanced at by: clement
|
|
Tuesday, 26 Jul 2005
|
13:32 erwin
Set modified date in entry for previous commit.
Cluebat swung by: simon
|
10:50 erwin
Note that the fd_set vulnerability in net/bld was fixed in 0.3.3
Prodded by: garga
Glanced at by: remko
|
|
Monday, 25 Jul 2005
|
15:57 hrs
Document clamav -- multiple remote buffer overflows.
|
|
Saturday, 23 Jul 2005
|
09:30 simon
- Document isc-dhcpd -- format string vulnerabilities (older
vulnerabilty). [1]
- Use standard title format for latest egroupware entry.
Reminded by: Panagiotis Christias [1]
|
02:03 kuriyama
Add entry for eGroupWare's recent vulnerabilities.
|
|
Friday, 22 Jul 2005
|
09:44 barner
Document denial of service attack in fetchmail 6.5.2.1.
Reported by: Matthias Andree <matthias.andree@gmx.de>
Reviewed by: simon
|
|
Thursday, 21 Jul 2005
|
21:13 simon
Update phppgadmin entry to note that it was fixed in 3.5.4 and add a
few references while here anyway.
Prodded by: Tobias Roth (I think :-) )
|
16:31 simon
Document dnrd -- remote buffer and stack overflow vulnerabilities.
|
13:38 simon
Fix typo in last commit
Noticed by: Matthias Andree <matthias.andree@gmx.de>
|
10:56 simon
Add more references to latest fetchmail entry [1] and sort references
while here anyway.
Submitted by: Matthias Andree <matthias.andree@gmx.de> [1]
|
08:43 trhodes
Document an issue with the LDAP backend provided by PowerDNS.
|
|
Wednesday, 20 Jul 2005
|
19:43 simon
Document fetchmail -- remote root/code injection from malicious POP3
server.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
|
Monday, 18 Jul 2005
|
20:07 mich
o add kdebase (kate) vulnarability.
Reviewed by: simon
|
09:54 simon
Add CVE names to recent bugzilla entry.
|
|
Saturday, 16 Jul 2005
|
14:38 simon
- Document firefox & mozilla -- multiple vulnerabilities.
- Minor style nit in drupal entry: Use port name (i.e. lower case) as
first part of the title.
|
11:29 erwin
Add an entry for the drupal vulnerabilities.
|
|
Friday, 15 Jul 2005
|
14:35 niels
Fixed incorrect newsfetch and mnogosearch affected package versions
Approved by: nectar (mentor)
|
|
Wednesday, 13 Jul 2005
|
03:04 kuriyama
Markup fixed version of net-snmp problem.
|
|
Saturday, 9 Jul 2005
|
20:02 remko
Correct a typo: s/lemote/remote/
Spotted by: simon
|
19:57 remko
Document the following vulnerabilities:
phpSysInfo -- cross site scripting vulnerability
mysql-server -- insecure temporary file creation
net-snmp -- fixproc insecure temporary file creation
phpbb -- multiple vulnerabilities
shtool -- insecure temporary file creation
Approved by: simon
|
|
Friday, 8 Jul 2005
|
21:36 simon
Document phppgadmin -- "formLanguage" local file inclusion vulnerability.
|
21:17 simon
Document pear-XML_RPC -- information disclosure vulnerabilities.
|
21:03 simon
Document ekg -- insecure temporary file creation.
|
20:29 simon
Document bugzilla -- multiple vulnerabilities.
|
20:04 simon
Document nwclient -- multiple vulnerabilities (old issues).
PR: ports/82101
Submitted by: niels
Noticed by: Derik van Zuetphen <dz@426.ch>
|
|
Wednesday, 6 Jul 2005
|
22:46 simon
Add CAN reference to recent phpbb vulnerability.
|
22:25 simon
Document acroread -- insecure temporary file creation.
|
22:14 simon
Document two calmav vulnerabilities.
|
21:34 simon
- Add FreeBSD-SA-05:16.zlib.
- Fix ranges for recent security advisories, a bunch of <le> really
should have been <lt>.
|
20:45 simon
Document acroread -- buffer overflow vulnerability.
|
|
Tuesday, 5 Jul 2005
|
21:13 simon
Document net-snmp -- remote DoS vulnerability.
|
20:33 simon
Document cacti -- multiple vulnerabilities.
Prodded by: Babak Farrokhi <babak@farrokhi.net>
|
19:01 simon
- Add another reference to bzip2 -- denial of service and permission
race vulnerabilities.
- Document two cases of wordpress -- multiple vulnerabilities.
|
|
Sunday, 3 Jul 2005
|
08:40 hrs
Document the following issues:
- phpbb -- remote PHP code execution vulnerability
- pear-XML_RPC -- arbitrary remote code execution
|
08:12 simon
Add certvu reference to kernel -- TCP connection stall denial of service
vulnerability.
|
|
Wednesday, 29 Jun 2005
|
23:00 simon
Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and
FreeBSD-SA-05:15.tcp.
|
|
Friday, 24 Jun 2005
|
20:38 simon
Document ethereal -- multiple protocol dissectors vulnerabilities.
|
10:22 hrs
Document tor -- information disclosure.
|
09:09 hrs
Document linux-realplayer -- RealText parsing heap overflow.
|
|
Thursday, 23 Jun 2005
|
06:55 hrs
Document ruby -- arbitrary command execution on XMLRPC server.
|
|
Tuesday, 21 Jun 2005
|
09:58 sem
- net/cacti - potential SQL injection and cross site scripting attacks
|
|
Monday, 20 Jun 2005
|
22:34 simon
Document three opera issues.
|
20:18 simon
Document sudo -- local race condition vulnerability.
|
19:17 simon
Add another reference to the latest tcpdump issue.
|
19:09 simon
- Add entry for trac -- file upload/download vulnerability.
- Improve the last couple of entries a bit:
- Whilespace cleanup.
- Use standard topic format (port name first, then description
starting with lower case).
- Make sure SpamAssasin entry also match other 3.0.3 port revisions.
|
07:30 sem
- razor-agents DoS vulnerabilities
PR: ports/82414
Submitted by: dawnshade <h-k@mail.ru>
|
|
Sunday, 19 Jun 2005
|
04:57 hrs
Fix year in <discovery> and <entry>.
Noticed by: nectar
Pointy hat to: hrs
|
|
Saturday, 18 Jun 2005
|
17:27 hrs
Document SpamAssassin -- Denial of service vulnerability.
|
17:15 hrs
Document squirrelmail -- Several cross site scripting vulnerabilities.
|
16:54 hrs
Document acroread -- XML External Entity vulnerability.
|
14:49 simon
Use standard topic format for gzip vulnerability.
|
14:32 simon
Document FreeBSD-SA-05:11.gzip.
|
|
Friday, 17 Jun 2005
|
23:19 simon
Document SA-05:10.tcpdump.
|
19:12 simon
Document two vulnerabilities in Gaim.
|
18:37 nectar
Document an older, more serious gallery vulnerability.
|
18:30 nectar
Document XSS vulnerabilities in gallery.
|
18:11 nectar
Document KDE kstars vulnerability.
|
17:00 nectar
Document fd_set overruns reported by 3APA3A.
|
|
Thursday, 9 Jun 2005
|
08:44 simon
Document leafnode -- denial of service vulnerability.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
|
Friday, 3 Jun 2005
|
19:45 nectar
Document a directory traversal issue in older GForge versions.
|
19:29 nectar
Document an authentication bypass vulnerability in imap-uw.
|
19:18 nectar
Document squid denial-of-service vulnerabilities.
|
19:08 nectar
Document a remote denial-of-service vulnerability in racoon.
|
18:24 nectar
Document integer overflows in xli.
|
18:19 nectar
Document arbitrary command execution vulnerabilities in xli and
xloadimage.
|
18:01 nectar
Add new CVE names for yamt entry.
|
17:56 nectar
Correct and improve recent xli entry:
* It actually affected xloadimage and xli
* A slightly better topic than just "buffer overflows"
* More refererences
* Fix the version number for xli... it is still vulnerable as of this
writing
|
16:26 nectar
Correct recently added yamt entry:
* This is not CAN-2004-1302, which was documented much earlier
* Try to explain the issue
* Add the only public reference to the issue I can find
|
04:48 trhodes
Buffer overflow in xli.
|
02:15 trhodes
Fix breakage I caused.
|
02:09 trhodes
Note buffer overflows and directory transversal issues in audio/ymat.
|
|
Wednesday, 1 Jun 2005
|
17:16 nectar
Update entry for FreeStyle Wiki:
* <topic> style: ASCII em-dash "--" for separator
* replace quoted text with more informative excerpt from a Secunia
advisory
* add CVE name
|
17:07 nectar
Document vulnerabilities in XView library.
|
Number of commits found: 6274 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.