non port: security/vuxml/vuln.xml |
Number of commits found: 6271 (showing only 100 on this page) |
Wednesday, 1 Jun 2005
|
15:53 nectar
correct version number for mailman password generation issue
|
15:51 nectar
Document vulnerability in set-user-ID sympa application.
|
15:36 nectar
Another older mailman vulnerability, somewhat minor
|
15:27 nectar
Add year-old mailman vulnerability, that seems to not have been
previously documented here.
|
14:48 nectar
document Apache Jakarta Tomcat 5.x XSS issue
|
Sunday, 29 May 2005
|
15:01 simon
Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflow
vulnerability".
Reminded by: NAKAJI Hiroyuki <nakaji@jp.freebsd.org>
|
03:06 kuriyama
- Update to 3.5.8 (including XSS problem fix).
Submitted by: Toshiya SAITOH <toshiya@saitoh.nu>
PR: ports/81520
|
Sunday, 22 May 2005
|
13:27 remko
Remove a forgotten :.
Spotted by: simon
|
13:18 remko
Document the following issues:
o freeradius -- sql injection and denial of service vulnerability
o ppxp -- local root exploit
o oops -- format string vulnerability
Approved by: simon
|
Thursday, 19 May 2005
|
19:56 simon
Fix entry dates for latest squid entries.
|
19:48 remko
Reword the cdrdao entry, this includes comments from Simon which i overlooked.
Forgotten by: remko
Spotted by: simon
|
14:17 pav
- Update Squid to 2.5.STABLE10
PR: ports/81213
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
|
04:17 remko
Document cdrdao -- unspecified privilege escalation vulnerability.
Approved by: simon
|
Saturday, 14 May 2005
|
03:43 simon
Document two gaim issues.
|
Friday, 13 May 2005
|
16:24 nectar
Add FreeBSD-SA-05:09.htt.
|
15:32 nectar
Update some leafnode references.
Add new leafnode vulnerability.
PR: ports/80724
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
Thursday, 12 May 2005
|
09:59 simon
Document two new vulnerabilities in mozilla/firefox.
|
Wednesday, 11 May 2005
|
19:00 simon
Document mozilla -- code execution via javascript: IconURL vulnerability.
|
Monday, 9 May 2005
|
07:04 okazaki
Document some vulnerabilities in groff.
- pic2graph and eqn2graph are vulnerable to symlink attack through temporary
files
- groffer uses temporary files unsafely
PR: ports/80671
Submitted by: KOMATSU Shinichiro
|
Tuesday, 3 May 2005
|
10:14 sem
- gnu-radius exploitation was fixed in maintenance release 1.2.94
as reported in
http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
PR: ports/80558 (follow-up)
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
|
Monday, 2 May 2005
|
18:57 glewis
. Update the version for the jar(1) vulnerability so that 1.2.2p11_4 is
no longer considered vulnerable. Adjust the modified date for the entry.
|
Sunday, 1 May 2005
|
14:33 remko
Document sharutils -- unshar insecure temporary file creation
Approved by: simon
|
12:25 remko
Document rsnapshot -- local privilege escalation
Approved by: simon
|
00:30 brooks
coppermine -- IP spoofing and XSS vulnerability
|
Friday, 29 Apr 2005
|
15:00 glewis
. Correct the range of vulnerable jdk14 ports for the jar(1) vulnerability
and update the modified time for the entry.
|
Wednesday, 27 Apr 2005
|
21:35 simon
Document ImageMagick -- ReadPNMImage() heap overflow vulnerability.
|
21:24 simon
Bump modified date for last commit.
|
20:46 glewis
. Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable to
the jar(1) vulnerability but is still marked vulnerable to the browser
plugin vulnerability (although the plugin is no longer built by default).
|
Monday, 25 Apr 2005
|
21:53 simon
Document mplayer & libxine -- MMS and Real RTSP buffer overflow
vulnerabilities.
|
21:10 simon
Document some older vulnerabilities in GAIM.
|
Saturday, 23 Apr 2005
|
11:40 simon
Document kdewebdev -- kommander untrusted code execution vulnerability.
|
Friday, 22 Apr 2005
|
21:53 remko
Fix a typo in the kdelibs - kimgio entry.
|
21:52 remko
junkbuster -- heap corruption vulnerability and configuration modification
vulnerability
Approved by: simon
|
08:22 simon
Document kdelibs -- kimgio input validation errors.
|
Tuesday, 19 Apr 2005
|
22:09 simon
Mark latest openoffice 1.1 as fixed wrt. openoffice -- DOC document
heap overflow vulnerability.
Informed by: maho
|
11:14 remko
Document gld -- format string and buffer overflow vulnerabilities
|
Sunday, 17 Apr 2005
|
15:34 naddy
Document remote buffer overflow in ftp/axel.
|
Saturday, 16 Apr 2005
|
22:52 simon
Document firefox -- PLUGINSPAGE privileged javascript execution (also
from the < 1.0.3 batch).
|
22:35 remko
Document jdk - jar directory traversal vulnerability.
Approved by: simon
|
16:12 simon
Document several mozilla/firefox issues.
|
Friday, 15 Apr 2005
|
21:47 simon
Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities"
entry.
Info provided by: sf
|
Wednesday, 13 Apr 2005
|
23:17 simon
Document openoffice -- DOC document heap overflow vulnerability.
|
Tuesday, 12 Apr 2005
|
08:24 simon
Fix and document insecure temporary file handling in portupgrade.
Security: CAN-2005-0610
Security:
http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html
Approved by: erwin (mentor), maintainer timeout
OK'ed by: portmgr
Reviewed by: nectar
|
Sunday, 10 Apr 2005
|
19:41 simon
Document three GAIM vulnerabilities.
|
18:47 simon
Document an old PHP issue.
|
10:22 simon
Document squid -- DoS on failed PUT/POST requests vulnerability.
Submitted by: Devon H. O'Dell <dodell@offmyserver.com> (original version)
|
Saturday, 9 Apr 2005
|
20:42 pav
- Fix closing tag on the entry I just touched.
Pointed out by: still Chimera
Blaming: too much bear earlier tonight
|
20:38 pav
- Add <modified> to the entry I just touched
Prodded by: Chimera
|
20:21 pav
- CAN-2005-0133 is fixed in clamav-devel-20050408
PR: ports/79688
Submitted by: Renato Botelho <freebsd@galle.com.br>
|
Tuesday, 5 Apr 2005
|
20:57 simon
Bump modified date for entry modified last commit.
|
20:03 ume
add CVE name to latest vuln of Cyrus IMAPd.
|
19:57 thierry
Add an entry for a XSS vulnerabilty fixed in horde-3.0.4.
|
Monday, 4 Apr 2005
|
20:06 simon
Document wu-ftpd -- remote globbing DoS vulnerability.
|
Sunday, 3 Apr 2005
|
06:53 simon
Add CVE name to hashash entry.
|
Saturday, 2 Apr 2005
|
23:15 naddy
Document hashcash format string vulnerability.
|
Saturday, 26 Mar 2005
|
20:49 simon
Document clamav -- zip handling DoS vulnerability.
Approved by: portmgr (blanket, VuXML)
|
Thursday, 24 Mar 2005
|
14:15 nectar
Document Wine information disclosure.
Based on an entry that was
Submitted by: Devon H. O'Dell <dodell@offmyserver.com>
Approved by: portmgr (blanket, VuXML)
|
14:08 nectar
Document the most serious of the recently disclosed
Mozilla/Firefox/Thunderbird vulnerabilities.
Based on entries that were
Submitted by: Devon H. O'Dell <dodell@offmyserver.com>
Approved by: portmgr (blanket, VuXML)
|
Wednesday, 23 Mar 2005
|
18:29 nectar
Document Sylpheed buffer overflow.
Reminded by: netchild
Approved by: portmgr (blanket, VuXML)
|
Monday, 21 Mar 2005
|
21:19 simon
Document xv -- filename handling format string vulnerability.
Approved by: portmgr (implicit, VuXML)
|
20:27 simon
Document kdelibs -- local DCOP denial of service vulnerability.
Approved by: portmgr (implicit, VuXML)
|
Friday, 18 Mar 2005
|
19:16 simon
Mark grip port as fixed for recent vulnerability.
Requested by: ahze
|
Tuesday, 15 Mar 2005
|
21:13 simon
Document phpmyadmin -- increased privilege vulnerability.
|
19:40 danfe
Note that recent Quake2-LNX is fixed.
|
14:27 ale
Recent mysql snapshot import fixed several vulnerabilities.
|
Monday, 14 Mar 2005
|
21:55 simon
Document ethereal -- multiple protocol dissectors vulnerabilities.
|
20:19 simon
Document "grip -- CDDB response multiple matches buffer overflow
vulnerability".
|
19:49 simon
Update references for latest MySQL entry:
- Use bid tag for Bugtraq ID reference.
- Add CVE names.
|
15:16 ale
Document multiple mysql remote vulnerabilities.
|
Sunday, 13 Mar 2005
|
10:31 thierry
Add an entry about rxvt-unicode bufer overflow.
|
Tuesday, 8 Mar 2005
|
22:52 simon
Document two phpMyAdmin issues.
|
21:26 simon
Document libexif -- buffer overflow vulnerability.
|
Monday, 7 Mar 2005
|
15:45 nectar
Fix invalid date.
Noticed by: Kang Liu <liukang@bjut.edu.cn>
|
Sunday, 6 Mar 2005
|
17:06 nectar
Add <modified> date for recent commit to phpbb vulnerability.
Forgotten by: delphij
While here, add msgids for recent phpbb addition.
|
Saturday, 5 Mar 2005
|
15:53 delphij
Document a low risk HTML injection (configuration bypass)
vulnerability [1] of phpBB.
(maintainer contacted and is preparing a fix)
[1] http://marc.theaimsgroup.com/?l=bugtraq&m=110987231502274
|
15:42 delphij
Add bugtraq bug ID for phpbb vulnerability.
Submitted by: Kang LIU <liukang bjut edu cn>
|
Friday, 4 Mar 2005
|
18:14 nectar
Document two phpnuke vulnerabilities, and a Linux RealPlayer
vulnerability.
Based on entries that were
Submitted by: Devon H. O'Dell <dodell@sitetronics.com>
|
Thursday, 3 Mar 2005
|
22:20 simon
- Document ImageMagick -- format string vulnerability.
- Fix typo on older tiff entry.
|
Wednesday, 2 Mar 2005
|
13:17 nobutaka
Document the privilege escalation vulnerability in uim.
|
Tuesday, 1 Mar 2005
|
13:39 nectar
Fix typo in linux-tiff version number for
http://vuxml.freebsd.org/8f86d8b5-6025-11d9-a9e7-0001020eed82.html
Reported by: Ian Moore <no-spam@swiftdsl.com.au>
|
13:23 nectar
Document lighttpd information disclosure bug.
This entry is based on one that was
Submitted by: Devon H. O'Dell <dodell@offmyserver.com>
|
Monday, 28 Feb 2005
|
13:41 nectar
Fix typo in linux-tiff version number for
http://vuxml..freebsd.org/fc7e6a42-6012-11d9-a9e7-0001020eed82.html
Reported by: Ian Moore <no-spam@swiftdsl.com.au>
|
10:48 delphij
Document latest phpBB critical security vulnerabilities.
Submitted by: Kang LIU <liukang bjut edu cn>
|
03:42 nectar
Correct the linux-tiff version number for several entries.
Reported by: netchild
|
Sunday, 27 Feb 2005
|
21:24 simon
Document curl -- authentication buffer overflow vulnerability.
|
20:34 simon
- Document cyrus-imapd -- multiple buffer overflow vulnerabilities. [1]
- Use bid tag for a reference in sup entry.
Advice from: ume [1]
|
13:21 hrs
Document format string vulnerabilities in net/sup.
|
Saturday, 26 Feb 2005
|
21:12 simon
- Just use mozilla in title for last entry for consistency.
- Document mozilla -- insecure temporary directory vulnerability.
|
20:36 simon
Update list of affected mozilla/firefox ports by the web browsers --
window injection vulnerabilities entry.
|
14:25 simon
Document mozilla & firefox -- arbitrary code execution vulnerability.
Submitted by: Devon H. O'Dell <dodell@sitetronics.com> (original version)
|
Friday, 25 Feb 2005
|
04:55 nectar
Improve the description of the latest phpBB information disclosure
bugs.
Submitted by: delphij (in part)
|
Thursday, 24 Feb 2005
|
15:43 hrs
Document a format string vulnerability in mkbold-mkitalic.
Reviewed by: simon
|
Wednesday, 23 Feb 2005
|
16:20 nectar
Add CVE names for wget.
|
15:11 nectar
De-confuse latest AWStats entry: rewrite description, and add relevant
references. There were so many bugs, it was hard to keep them straight
(^_^).
|
14:37 nectar
Format the <topic> of the most recent entry so that it is more
consistent with other entries.
|
13:13 delphij
Document latest phpbb vulnerabilities.
Discussed with: phpbb maintainer
|
05:15 simon
Add more references to recent putty vulnerability.
|
Tuesday, 22 Feb 2005
|
21:58 nectar
The mod_dosevasive port was upgraded.
|
19:27 nectar
Nit:
- In most recent `unace' entry, replace HTML entity with the Unicode
character. We do not use HTML entities so that a VuXML document may
be processed without using the DTD. (We also avoid character entity
references for more natural grep'ing, sed'ing, and editor searching.)
Corrections:
- An invalid UUID was assigned to a FreeRADIUS vulnerability, and went
undetected since last October. (>_<) Correct it.
- A bnc vulnerability was duplicated. Cancel the older, less informative
entry and update the newer entry.
|
15:37 naddy
Document unace-1.2b vulnerabilities: buffer overflows, directory traversal.
|
Number of commits found: 6271 (showing only 100 on this page) |