notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

Finally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combination for a given watch list. This is what FreshPorts will look for.

non port: security/vuxml/vuln.xml

Number of commits found: 6271 (showing only 100 on this page)

[First Page]  «  53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63  »  [Last Page]

Thursday, 13 Jan 2005
20:42 nectar search for other commits by this committer
For the latest three Squid issues, add references to the Squid bug
tracking database.  Also, rework the description of the empty ACL issue.
Original commit
20:26 nectar search for other commits by this committer
Add a better reference and description of the jabberd vulnerability.
Original commit
20:04 nectar search for other commits by this committer
Oops, add missing closing tag for Bugtraq ID which I recently added.
Original commit
20:02 nectar search for other commits by this committer
Add CVE name for up-imapproxy issue.
Original commit
19:53 nectar search for other commits by this committer
Add CVE names to greed buffer overflows issue.  Re-indent <references>
children.
Original commit
19:51 nectar search for other commits by this committer
For mpg123 playlist issue, add CVE name, Bugtraq ID, and X-Force
references.  Correct a double slash (`//') in a URL.  Re-ident the
<references> children.
Original commit
19:46 nectar search for other commits by this committer
Add a CVE name for VIM modeline handling issue.
Original commit
19:39 nectar search for other commits by this committer
Cancel VID 14e8f315-600e-11d9-a9e7-0001020eed82 "tiff -- stripoffsets
integer overflow vulnerability", as it was a subset of VID
3897a2f8-1d57-11d9-bc4a-000c41e2cdad "tiff -- multiple integer
overflows".  This is another case of iDEFENSE ``discovering'' a
vulnerability months after it had already been made public and
corrected.  I've preserved the iDEFENSE advisory reference by moving it
to the older entry, so that someone won't get misled by it again later.
Original commit
19:09 nectar search for other commits by this committer
Add CVE name for tnftp mget vulnerability.  Re-indent <references>
children while I'm here.
Original commit
18:41 nectar search for other commits by this committer
For recent squid WCCP DoS issue, correct the URL used in <blockquote>
"cite" attribute and <url> content.  It referenced the wrong squid
patch description.
Original commit
18:03 nectar search for other commits by this committer
Document Mozilla NNTP handler vulnerability.
Original commit
16:10 simon search for other commits by this committer
- Document a vulnerability in mpg123.
- Add mpg123-nas to an earlier mpg123 entry.
- Make title for exim entry more accurate.
- Fix invalid modification date in latest xpdf entry.
Original commit
Wednesday, 12 Jan 2005
22:37 simon search for other commits by this committer
- Integrate vendor patches as published on
  <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for the following
  issues:
  + Prevent a possible denial of service attack via WCCP messages (squid bug
    #1190), classified as security issue by the vendor
  + Fix a buffer overflow in the Gopher to HTML conversion routine (squid bug
    #1189), classified as security issue by the vendor
  + Fix a null pointer access and plug memory leaks in the fake_auth NTLM
    helper (squid bug #1183) (this helper app is not installed by default by
    the port)
  + Stop closing open filedescriptors beyond stdin, stdout and stderr on
    startup (squid bug #1177)

- Unbreak the port on NO_NIS systems (thanks to "Alexander <freebsd AT
  nagilum.de>" for reporting this)

- Document the two security issues in VuXML.

PR:             ports/76173
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Approved by:    erwin (mentor)
Original commit
14:39 nectar search for other commits by this committer
- Document some older security issues in libxine.
- Cancel VID bef4515b-eaa9-11d8-9440-000347a4fa7d in favor of a more
  complete, new entry.  (A xine security announcement covered the same
  issue and others.)
- Add references to xine security announcements and iDEFENSE
  Security Advisories.
Original commit
Tuesday, 11 Jan 2005
22:41 nectar search for other commits by this committer
Document HylaFAX authentication bypass vulnerability.
Original commit
22:18 naddy search for other commits by this committer
Document xshisen buffer overflows.
Original commit
16:39 nectar search for other commits by this committer
Add CERT Vulnerability Note reference for tiff issue.
Original commit
14:31 nectar search for other commits by this committer
Bump copyright for 2005.
Original commit
00:33 simon search for other commits by this committer
Mark pdftohtml as vulnerable to recent xpdf vulnerability.
Original commit
Monday, 10 Jan 2005
22:20 niels search for other commits by this committer
Documented two vulnerabilities in the helvis port
Original commit
Sunday, 9 Jan 2005
18:34 nectar search for other commits by this committer
Add CVE names for exim issue.
Original commit
Saturday, 8 Jan 2005
20:18 simon search for other commits by this committer
Document format string vulnerability in dillo.
Original commit
17:47 sem search for other commits by this committer
- Shorten exim entry

Thanks to:      simon
Original commit
17:39 simon search for other commits by this committer
Fix typo in latest tiff entry.

Noticed by:     bmah
Original commit
00:20 simon search for other commits by this committer
- Document that two older tiff vulnerabilities also affects
  linux-tiff. [1]
- Add an extra reference to each of the two entries while I'm here
  anyway.
- In one of the tiff title elements do s/---/--/ for consistency.

Discussed with: nectar [1]
Approved by:    portmgr (implicit, VuXML)
Original commit
Friday, 7 Jan 2005
15:34 nectar search for other commits by this committer
The tnftp port has been updated.

Approved by:    portmgr (implicit, VuXML)
Original commit
13:59 nectar search for other commits by this committer
Fix up last commit (tnftp entry):
- Malformed XML
    - mismatched tags (<packages></package>)
    - invalid entity reference &content-type= (ampersand should have
      been replaced with &amp;)
- Replace <range> so that it matches all possible versions for now,
  until a fixed version is available in the ports tree
- <entry> date was in the past

Approved by:    portmgr (implicit, VuXML)
Pointy hat to:  ahze  (hint: make validate)
Original commit
07:09 ahze search for other commits by this committer
Document vulnerabilites in tnftp

PR:             ports/75782
Submitted by:   Tom McLaughlin
Approved by:    portmgr (krion)
Original commit
Thursday, 6 Jan 2005
22:41 simon search for other commits by this committer
Document several vulnerabilites in tiff.

Approved by:    portmgr (implicit, VuXML)
Original commit
17:05 nectar search for other commits by this committer
Fill in forgotten `cite' attribute value.

Noticed by:     simon
Approved by:    portmgr (implicit, VuXML)
Original commit
16:54 nectar search for other commits by this committer
Document a local vulnerability in VIM's modeline handling.

Approved by:    portmgr (implicit, VuXML)
Original commit
14:46 nectar search for other commits by this committer
Add a CERT VU reference for the latest Acrobat Reader vulnerability.

Add old package names (acroread4, acroread5) for an older Acrobat Reader
vulnerability.

Approved by:    portmgr (implicit, VuXML)
Original commit
00:26 simon search for other commits by this committer
Document buffer overflow vulnerabilities in pcal.

Approved by:    portmgr (implicit, VuXML)
Original commit
Wednesday, 5 Jan 2005
20:41 simon search for other commits by this committer
Add (now deleted) exim-ldap package to latest exim entry.

Approved by:    portmgr (implicit, VuXML)
Original commit
02:12 sem search for other commits by this committer
s/le/lt/ on my last commit. it's "<", not "<=".

Approved by:    portmgr (implicitly)
Original commit
02:03 sem search for other commits by this committer
exim -- two relatively minor security issues

Approved by:    portmgr (implicitly, VuXML)
Original commit
Tuesday, 4 Jan 2005
20:28 simon search for other commits by this committer
For the "kdelibs3 -- konqueror FTP command injection vulnerability"
entry: replace references to Debian and KDE bugtracking systems with a
KDE advisory which basically contains the same information but is more
readable.

Approved by:    portmgr (implicit, VuXML)
Original commit
Monday, 3 Jan 2005
21:48 josef search for other commits by this committer
Document security issues in golddig, greed, mpg123.

Submitted by:   niels
Approved by:    portmgr(implicit, VuXML)
Original commit
Sunday, 2 Jan 2005
23:54 simon search for other commits by this committer
Mark open-motif-2.2.3_1 as fixed with regard to the "xpm -- image
decoding vulnerabilities" entry.

PR:             misc/75726
Submitted by:   Hilko Meyer <hilko.meyer@gmx.de>
Approved by:    portmgr (implicit, VuXML)
Original commit
12:37 simon search for other commits by this committer
- Note that the port update to up-imapproxy 1.2.2 included a patch to
  fix the security vulnerability.
- Mark pop3proxy as vulnerable to the up-imapproxy vulnerability,
  since pop3proxy is derived from up-imapproxy.

Reported by:    mbr
Approved by:    portmgr (implicit, VuXML)
Original commit
10:53 simon search for other commits by this committer
Document vulnerabilities in up-imapproxy.

Approved by:    portmgr (implicit, VuXML)
Original commit
00:59 simon search for other commits by this committer
Add two bugtraq ids to the latest a2ps entry.

Approved by:    portmgr (implicit, VuXML)
Original commit
Saturday, 1 Jan 2005
15:55 simon search for other commits by this committer
Document FTP command injection vulnerability in kdelibs3.

Approved by:    portmgr (implicit, VuXML)
Original commit
Thursday, 30 Dec 2004
20:20 simon search for other commits by this committer
Improve topic for latest phpbb vulnerability to highlight the main
problem (arbitrary command execution).

Prodded by:     remko
Original commit
17:55 simon search for other commits by this committer
Document insecure temporary file creation in a2ps.
Original commit
14:11 simon search for other commits by this committer
Add more references to two older entries.
Original commit
Wednesday, 29 Dec 2004
17:48 josef search for other commits by this committer
Add m odified date to my last commit.

Spotted by:     simon
Original commit
17:34 josef search for other commits by this committer
libxine is also affected by the mplayer vulnerabilities.

Add cvenames.
Original commit
16:26 josef search for other commits by this committer
Document vulnerability in libxine.
Original commit
Sunday, 26 Dec 2004
20:51 josef search for other commits by this committer
Document vulnerability in jabberd1
Original commit
Friday, 24 Dec 2004
23:49 josef search for other commits by this committer
s/kpdf/kdegraphics
Original commit
13:48 josef search for other commits by this committer
Add ports to xpdf report that come with own xpdf in distfile.

For kdegraphics:
Reported by:    lofi
Original commit
Thursday, 23 Dec 2004
11:03 simon search for other commits by this committer
Remove duplicate word in the latest squid entry.

Noticed by:     josef
Original commit
00:58 simon search for other commits by this committer
Document potentially confusing results results on empty ACL
declarations in squid.

PR:             ports/75403 (part of)
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>
Original commit
00:39 simon search for other commits by this committer
Document multiple vulnerabilities in ethereal.
Original commit
00:04 simon search for other commits by this committer
Document a buffer overflow vulnerability in xpdf.
Original commit
Wednesday, 22 Dec 2004
12:17 delphij search for other commits by this committer
Document phpBB vulnerability that exists on phpBB < 2.0.11

Submitted by:   Kang LIU <liukang bjut edu cn>
Original commit
Tuesday, 21 Dec 2004
22:37 simon search for other commits by this committer
Document a vulnerability in acroread.
Original commit
22:10 simon search for other commits by this committer
Document a vulnerability in ecartis.
Original commit
19:38 simon search for other commits by this committer
Document multiple vulnerabilities in mplayer.
Original commit
02:09 simon search for other commits by this committer
Document a heap buffer overflow vulnerability in MIT Kerberos 5.
Original commit
00:34 simon search for other commits by this committer
Document an integer overflow vulnerability in samba.
Original commit
Monday, 20 Dec 2004
09:55 niels search for other commits by this committer
Corrected typo (blockquote in wrong place).
Approved by:    nectar (implicit)
Original commit
Sunday, 19 Dec 2004
12:49 simon search for other commits by this committer
- Update the corrected version number for recent phpMyAdmin entry to match
  the actual ports version number for phpMyAdmin 2.6.1-rc1.
- Bump modification date for the updated entries.
Original commit
Saturday, 18 Dec 2004
18:53 simon search for other commits by this committer
Updates for the latest PHP entry:
- Correctly match the www/mod_php4 port (it was missing PORTEPOCH).
- Add a few more references.
- Bump modified date.
Original commit
Friday, 17 Dec 2004
14:56 simon search for other commits by this committer
Correct recent php entry, 4.3.10 and 5.0.3 are fixed.
Original commit
10:56 sem search for other commits by this committer
Fix VID for the last commit.
Original commit
09:32 sem search for other commits by this committer
Multiple vulnerabilities in PHP. From Secunia report.
Original commit
Thursday, 16 Dec 2004
10:51 niels search for other commits by this committer
Added 5 MySQL vulnerabilities
Approved by: nectar (mentor)
Original commit
Wednesday, 15 Dec 2004
22:21 simon search for other commits by this committer
Document two vulnerabilities in phpMyAdmin.
Original commit
Tuesday, 14 Dec 2004
17:55 simon search for other commits by this committer
Document multiple vulnerabilities in wget.
Original commit
Sunday, 12 Dec 2004
22:15 simon search for other commits by this committer
- Add bugtraqid references to several entries.
- Fix typo in msgid for a samba entry.
- Bump modification date for updated entries.
Original commit
21:14 josef search for other commits by this committer
Document security issue in Konqueror.
Original commit
Saturday, 11 Dec 2004
16:22 simon search for other commits by this committer
Document a NULL pointer dereference vulnerability in mod_access_referer.

Submitted by:   Niels Heinen <niels.heinen@ubizen.com>
Original commit
Wednesday, 8 Dec 2004
23:16 sem search for other commits by this committer
Integrate the following vendor patches as published on
http://www.squid-cache.org/Versions/v2/2.5/bugs/:

- a malformed hostname can cause squid to return random data as error messages,
  possibly leaking internal information from former requests (squid bug #1143).
  (This is classified as a minor security issue by the squid developers, so
  maintainer cc'ed security-team@. See VuXML entry.)
- the "httpd_accel_port 0" directive does not work on its own (squid bug #1121)
- fix crashes occuring when using cachemgr's "vm_objects" operation (squid
  bug #1149)

PR:             ports/74859
Submitted by:   maintainer
Original commit
Tuesday, 7 Dec 2004
23:38 simon search for other commits by this committer
Document information leakage in viewcvs.
Original commit
13:35 simon search for other commits by this committer
Document a symlink attack vulnerability in cscope.
Original commit
Sunday, 5 Dec 2004
06:53 glewis search for other commits by this committer
. Put the topic in the same format all other recent topics have been in for
  the Java plugin vulnerability.
. Note that the diablo-jdk and diablo-jre packages are vulnerable to the
  plugin issue. [1]

Prodded by:     simon [1]
Original commit
Saturday, 4 Dec 2004
21:12 simon search for other commits by this committer
Add cvename to bnc vulnerability.
Original commit
20:47 simon search for other commits by this committer
Document a remote code execution vulnerability in bnc.
Original commit
18:21 simon search for other commits by this committer
Fix grammar nit in ImageMagick entry.

Submitted by:   Daniel Seuffert <DS@praxisvermittlung24.de>
Original commit
18:09 simon search for other commits by this committer
For the Java plugin vulnerability, also match the linux-jdk package
(old name for linux-jdk-sun).
Original commit
Friday, 3 Dec 2004
17:24 glewis search for other commits by this committer
. Note that although linux-sun-jdk13 had one plugin vulnerability fixed
  in 1.3.1.13, it contained another problem.  This is fixed in 1.3.1.14.
Original commit
08:22 rushani search for other commits by this committer
Document vulnerability that allows arbitrary command execution in rssh
and scponly.

Approved & reviewed by:    josef (security team)
Original commit
Thursday, 2 Dec 2004
21:04 naddy search for other commits by this committer
Document buffer overflows in rockdodger.
Original commit
Wednesday, 1 Dec 2004
20:08 simon search for other commits by this committer
Add CVE to zip vulnerability.
Original commit
19:38 simon search for other commits by this committer
Document a long path buffer overflow in zip.
Original commit
15:30 simon search for other commits by this committer
Document signal delivery vulnerability in sudoscript.
Original commit
Tuesday, 30 Nov 2004
21:54 josef search for other commits by this committer
Document vulnerability in net/jabberd.
Original commit
Monday, 29 Nov 2004
21:05 josef search for other commits by this committer
Document vulnerability in net/opendchub.

Based on submission by: Niels Heinen <niels.heinen@ubizen.com>
Original commit
Sunday, 28 Nov 2004
17:03 simon search for other commits by this committer
Add Bugtraq ID for SA-04:16.fetch entry.
Original commit
Friday, 26 Nov 2004
20:41 simon search for other commits by this committer
Document two vulnerabilities in unarj.
Original commit
Thursday, 25 Nov 2004
19:29 glewis search for other commits by this committer
. Mark linux-ibm-jdk as also vulnerable to the Java plugin vulnerability.
Original commit
18:43 glewis search for other commits by this committer
. Fix the range and add an additional range for the jdk vulnerability.
. Note that linux-sun-jdk and linux-blackdown-jdk are also vulnerable.
Original commit
17:56 glewis search for other commits by this committer
. Fix whitespace.
Original commit
16:10 glewis search for other commits by this committer
. Add an entry for the problem in the Java plugin.
Original commit
15:32 simon search for other commits by this committer
Update ruby CGI DoS entry to note that the most recent version in
ports is fixed.  Also remove ruby-static as vulnerable, since it does
not contain cgi.rb.
Original commit
13:38 josef search for other commits by this committer
Document vulnerability in ftp/prozilla.

Submitted by:   Niels Heinen <niels.heinen@ubizen.com>
Original commit
Wednesday, 24 Nov 2004
15:46 ume search for other commits by this committer
correct fixed version

Pointed out by: josef
Original commit
08:04 ume search for other commits by this committer
c0a269d5-3d16-11d9-8818-008088034841 and
114d70f3-3d16-11d9-8818-008088034841 are fixed in cyrus-imapd 2.1.17.
Original commit

Number of commits found: 6271 (showing only 100 on this page)

[First Page]  «  53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63  »  [Last Page]