| non port: security/vuxml/vuln.xml |
Number of commits found: 6271 (showing only 100 on this page) |
|
Thursday, 19 Mar 2020
|
18:00 gordon 
Add details for today's SAs.
Approved by: so
  |
|
Wednesday, 18 Mar 2020
|
07:23 koobs
security/vuxml: Add www/py-bleach entry
|
|
Sunday, 15 Mar 2020
|
22:31 leres
security/vuxml: Mark zeek < 3.0.3 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/9dda3602a760f00d9532c6314ea79108106033fa/NEWS
There are a number of potential denial of service issues due to
memory leaks, buffer overflows, and a null pointer dereference.
Approved by: matthew (mentor, implicit)
|
|
Friday, 13 Mar 2020
|
05:48 tcberner
scurity/vuxml: fix range
|
05:39 tcberner
Document security issue in graphics/okular
https://kde.org/info/security/advisory-20200312-1.txt:
Overview
========
Okular can be tricked into executing local binaries via specially crafted
PDF files.
This binary execution can require almost no user interaction.
No parameters can be passed to those local binaries.
We have not been able to identify any binary that will cause actual damage,
be it in the hardware or software level, when run without parameters.
We remain relatively confident that for this issue to do any actual damage,
it has to run a binary specially crafted. That binary must have been deployed
to the user system via another method, be it the user downloading it directly
as an email attachment, webpage download, etc. or by the system being already
compromised.
Solution
========
- Update to Okular >= 1.10.0
- or apply the following patch:
https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
Workaround
==========
There's no real workaround other than not opening PDF files from untrusted
sources.
Credits
=======
Thanks to Mickael Karatekin from Sysdream Labs for the discovery and to
Albert Astals Cid for the fix.
|
|
Thursday, 12 Mar 2020
|
10:05 mfechner
Document gitlab-ce vulnerability.
|
01:31 wen
- Document django's potential SQL injection vulnerability
|
|
Wednesday, 11 Mar 2020
|
10:58 decke
Document py-matrix-synapse vulnerabilities
PR: 244279
Submitted by: Sascha Biberhofer <ports@skyforge.at>
|
|
Monday, 9 Mar 2020
|
21:54 bhughes
security/vuxml: document recent Node.js vulnerabilities
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/
While here, fix errors from `make validate` for the preceeding gitea
vulnerabilities.
Sponsored by: Miles AS
|
|
Saturday, 7 Mar 2020
|
20:25 adamw
Fix closing tag
Reported by: joneum
|
18:31 adamw
Add entry for www/gitea
PR: 244025
Submitted by: maintainer
|
00:41 woodsb02
Document vulnerability in sysutils/py-salt
PR: 243908
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2019-17361
|
|
Friday, 6 Mar 2020
|
07:25 mfechner
Documment gitlab vulnerabilities.
|
|
Wednesday, 4 Mar 2020
|
15:23 cy
Document the latest nwtime.org ntp security advisory found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele
No CVEs have been documented yet.
Security: http://support.ntp.org/bin/view/Main/NtpBug3610
http://support.ntp.org/bin/view/Main/NtpBug3596
http://support.ntp.org/bin/view/Main/NtpBug3592
|
|
Monday, 2 Mar 2020
|
18:32 kwm
Document librsvg2 vulnabilities.
Security: CVE-2019-20446
|
08:56 0mp
Document some audio/timidity++* vulnerabilities
PR: 244429
Reported by: pi
Security: CVE-2017-11546
Security: CVE-2017-11547
Security: CVE-2017-11549
|
|
Saturday, 29 Feb 2020
|
09:59 mfechner
Document apache-solr vulnerabilities.
|
|
Thursday, 27 Feb 2020
|
10:23 fluffy
security/vuxml: fix vuxml entries for OpenSMTPd, remove duplicates with wrong
version and missed description
Approved by: ports-secteam (miwi)
|
|
Tuesday, 25 Feb 2020
|
03:07 fluffy
Document OpenSMTPd vulnerability
LPE and RCE in OpenSMTPD's default install
Security: CVE-2020-8793, CVE-2020-8794
|
|
Monday, 24 Feb 2020
|
21:15 cs
CVE-2020-8794
Security: CVE-2020-8794
|
21:11 cs
CVE-2020-8793
Security: CVE-2020-8793
|
17:21 tijl
Document Mbed TLS vulnerabilities 2019-12 and 2020-02.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02
|
|
Sunday, 23 Feb 2020
|
08:58 tcberner
vuxml: correct range for avidemux2
- avidemux2 version 2.6.12 switched to ffmpeg 2.7.6
|
05:02 cy
Post 93v ksh is only affected by the code injection vulnerability.
|
|
Friday, 21 Feb 2020
|
18:46 brnrd
security/vuxml: Document latest WeeChat vulns
|
|
Wednesday, 19 Feb 2020
|
18:06 kwm
Document webkit2-gtk3 vulnabilities
|
|
Friday, 14 Feb 2020
|
01:16 philip
security/vuxml: Add January FreeBSD SAs
SA-20:01.libfetch
SA-20:02.ipsec
SA-20:03.thrmisc
PR: 243702
Submitted by: Miroslav Lachman <000.fbsd@quip.cz>
|
|
Thursday, 13 Feb 2020
|
21:41 mfechner
Document gitlab vulnerability.
|
00:18 ler
security/vuxml: dovecot vulnerabilities
|
|
Wednesday, 12 Feb 2020
|
16:18 cem
security/vuxml: Document sysutils/grub2-bhyve escalations
Mitigated in r525916.
admbugs: 948
Reported by: Reno Robert <renorobert AT gmail.com>
Approved by: bapt
MFH: 2020Q1 (bapt)
|
00:19 dbaio
security/vuxml: Document graphics/libexif issue
PR: 244060
Reported by: tj@mrsk.me (email)
Security: CVE-2019-9278
|
|
Tuesday, 11 Feb 2020
|
15:13 jkim
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-06.html
|
08:53 joneum
Fix entry for NGINX
Sponsored by: Netzkommune GmbH
|
|
Monday, 10 Feb 2020
|
17:42 joneum
Fix NGINX entry
Sponsored by: Netzkommune GmbH
|
|
Sunday, 9 Feb 2020
|
11:10 joneum
Add entry for nginx
PR: 243952
Sponsored by: Netzkommune GmbH
|
|
Friday, 7 Feb 2020
|
19:38 cy
Document ksh93 CVE-2019-14868: certain environment variables interpreted
as arithmetic expressions on startup, leading to code injection.
Reported by: Siteshwar Vashisht <svashisht@redhat.com>
MFH: 2020Q1
Security: CVE-2019-14868
https://bugzilla.redhat.com/show_bug.cgi?id=1757324
https://access.redhat.com/security/cve/CVE-2019-14868
|
|
Thursday, 6 Feb 2020
|
21:02 pi
security/vuxml: Document Denial-of-Service vulnerability in ClamAV
- CVE-2020-3123
PR: 243913
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>
|
|
Tuesday, 4 Feb 2020
|
18:17 sunpoet
Document Django vulnerability
|
|
Sunday, 2 Feb 2020
|
20:14 brnrd
security/vuxml: Properly document MariaDB vuln
PR: 243660
Reported by: <ari ish com au>
|
07:20 woodsb02
Fix typo in SpamAssassin vuxml entry from 2020-01-31
|
07:15 woodsb02
vuxml: Add entry for libssh CVE-2019-14889
Security: CVE-2019-14889
|
|
Friday, 31 Jan 2020
|
20:22 cy
Remove my older entry for CVE-2020-1931. The subequent entry by
zeising@ is better.
Whitespace adjustment.
|
16:02 zeising
vuxml: Add entries for spamassasin vulnerabilities.
|
14:00 cy
Document sudo CVE-2019-18634:
Buffer overflow when pwfeedback is set in sudoers.
Security: CVE-2019-18634
|
10:09 mfechner
Document gitlab vulnerabilities.
|
|
Thursday, 30 Jan 2020
|
13:51 cy
Document:
[CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration
(.cf) files can be configured to run system commands with warnings
Security: CVE-2020-1931
Security: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/\
build/announcements/3.4.4.txt
Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1931
|
06:25 fluffy
Document mail/opensmtpd LPE and RCE vulnerabilities
PR: 243686
Security: CVE-2020-7247
|
|
Wednesday, 29 Jan 2020
|
15:29 lwhsu
Document Jenkins Security Advisory 2020-01-29
Sponsored by: The FreeBSD Foundation
|
13:23 bapt
Document libfetch vulnerability which affects pkg.
|
|
Monday, 27 Jan 2020
|
01:38 timur
Add an entry about CVE-2019-14902, CVE-2019-14907, CVE-2019-19344
vulnerabilities in the Samba 4.1[01] versions.
Security: CVE-2019-14902
CVE-2019-14907
CVE-2019-19344
|
|
Sunday, 26 Jan 2020
|
17:51 kwm
Document webkit-gtk3 vulnabilities.
|
|
Friday, 24 Jan 2020
|
22:20 kai
security/vuxml: Document graphics/py-pillow issues
PR: 243336
Security: CVE-2019-19911
CVE-2020-5310
CVE-2020-5311
CVE-2020-5312
CVE-2020-5313
|
|
Monday, 20 Jan 2020
|
11:07 joneum
Add entry for www/gitea
PR: 243437
Reported by: stb@lassitu.de
Sponsored by: Netzkommune GmbH
|
|
Wednesday, 15 Jan 2020
|
20:23 brnrd
security/vuxml: Document 2020Q1 Oracle MySQL Vulns
|
13:54 zeising
vuxml: Document recent intel GPU vulnerability
|
|
Tuesday, 14 Jan 2020
|
13:57 adamw
VuXML: Add entry for p5-Template-Toolkit directory traversal bug
|
07:28 mfechner
Document gitlab vulnerability.
|
|
Saturday, 11 Jan 2020
|
18:32 mandree
mark e2fsprogs vulnerable, CVE-2019-5188
Security: 8b61308b-322a-11ea-b34b-1de6fb24355d
Security: CVE-2019-5188
|
08:19 mfechner
Document phpMyAdmin vulnerability.
|
|
Monday, 6 Jan 2020
|
17:27 kai
security/vuxml: Document net-mgmt/cacti issues
PR: 242834
Submitted by: Michael Muenz <m.muenz@gmail.com> (based on)
Security: CVE-2019-17357
CVE-2019-17358
|
|
Friday, 3 Jan 2020
|
09:18 mfechner
Document gitlab vulnerabilities.
|
|
Sunday, 29 Dec 2019
|
12:58 sunpoet
Document rubygem-rack vulnerability
|
12:11 mandree
Document graphics/ilmbase graphics/openexr vulnerabilities.
Security: e4d9dffb-2a32-11ea-9693-e1b3f6feec79
Security: CVE-2018-18443
Security: CVE-2018-18444
|
|
Thursday, 26 Dec 2019
|
10:03 joneum
Add entry for wordpress
Sponsored by: Netzkommune GmbH
|
|
Wednesday, 25 Dec 2019
|
12:25 joneum
Add entry for typo3
PR: 242707 242708
Sponsored by: Netzkommune GmbH
|
|
Saturday, 21 Dec 2019
|
11:04 mandree
Add vulnerability of e2fsprogs quota code < 1.45.4
Security: ad3451b9-23e0-11ea-8b36-f1925a339a82
Security: CVE-2019-5094
|
02:36 acm
- Re-add py-matrix-synapse entry
|
02:28 acm
- Add drupal[78] entry
|
|
Friday, 20 Dec 2019
|
21:05 decke
Document py-matrix-synapse vulnerabilities
PR: 242702
Submitted by: Sascha Biberhofer <ports@skyforge.at>
|
15:04 brnrd
security/vuxml: Document OpenSSL 1.0.2 vuln
|
|
Friday, 13 Dec 2019
|
20:34 swills
Fix typo
PR: 242627
Submitted by: lightside <lightside@gmx.com>
|
20:03 cy
Document two new spamassassin 3.4.2 vulnerabilities.
CVE-2019-12420 for Multipart Denial of Service Vulnerability
CVE-2018-11805 for nefarious CF files can be configured to run system
commands without any output or errors.
|
16:11 timur
Add entry for Samba4 CVE-2019-14861 and CVE-2019-14870
Security: CVE-2019-14861
CVE-2019-14870
|
14:40 ler
security/vuxml: dovecot vulnerability
|
|
Tuesday, 10 Dec 2019
|
21:06 mfechner
Document gitlab vulnerabilities.
|
17:16 sunpoet
Update libidn2 vulnerability
Reported by: Stephen Wall <stephen.wall@redcom.com>, jkim
|
|
Monday, 9 Dec 2019
|
20:54 tijl
Document Ghostscript vulnerabilities.
Security: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817
|
|
Friday, 6 Dec 2019
|
20:22 joneum
Add entry for phpmyadmin
Sponsored by: Netzkommune GmbH
|
|
Wednesday, 4 Dec 2019
|
20:32 zeising
vuxml: Add drm-fbsd11.2-kmod to drm vulnerability
Add drm-fbsd11.2-kmod to the list of packages vulnerable to the
drm graphics drivers -- Local privilege escalation and denial of serivce
entry.
|
|
Tuesday, 3 Dec 2019
|
03:04 wen
- Document Django multiple vulnerabilities
|
|
Thursday, 28 Nov 2019
|
15:44 decke
Document net-im/py-matrix-synapse vulnerabilities
PR: 241574
Submitted by: Sascha Biberhofer <ports@skyforge.at>
|
07:02 mfechner
Document gitlab-ce vulnerability.
|
|
Wednesday, 27 Nov 2019
|
19:04 mfechner
Document www/gitlab-ce vulnerabilities.
|
16:32 kwm
Document webkit2-gtk3 vulnabilities
|
|
Tuesday, 26 Nov 2019
|
11:51 kai
security/vuxml: Document net/py-urllib3 issues
PR: 229322
Security: CVE-2018-20060
CVE-2019-11236
CVE-2019-11324
|
|
Monday, 25 Nov 2019
|
21:45 dch
security/vuxml: add FreeBSD kernel entries for recent Intel CVEs
PR: 241931
Submitted by: Miroslav Lachman <000.fbsd@quip.cz>
Reviewed by: dch
Approved by: joneum (ports-secteam)
Security: CVE-2019-11135
Security: CVE-2019-11139
Security: CVE-2018-12126
Security: CVE-2018-12127
Security: CVE-2018-12130
Security: CVE-2018-11091
Security: CVE-2017-5715
Security: CVE-2018-12207
Sponsored by: SkunkWerks, GmbH
|
09:18 joneum
Add entry for security/clamav
PR: 242118
Sponsored by: Netzkommune GmbH
|
|
Saturday, 23 Nov 2019
|
12:50 joneum
Add entry for dns/unbound
PR: 242075
Sponsored by: Netzkommune GmbH
|
|
Friday, 22 Nov 2019
|
11:15 kai
security/vuxml: Document www/gitea issues
PR: 241981
Submitted by: Nils Johannsen <nilsjohannsen@gmx.de> (based on)
Approved by: stb@lassitu.de (maintainer)
|
09:03 madpilot
Document asterisk vulnerabilities.
|
09:01 madpilot
Remove extra whitespace.
|
|
Wednesday, 20 Nov 2019
|
10:57 zeising
Document intel drm driver vulnerabilities
Document intel drm driver vulnerabilities related to Intel 2019.2 IPU [1].
[1]
https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu
|
|
Tuesday, 19 Nov 2019
|
08:25 joneum
Add entry for www/squid
PR: 241976
Sponsored by: Netzkommune GmbH
|
|
Monday, 18 Nov 2019
|
18:13 sunpoet
Document libidn2 vulnerability
|
|
Friday, 15 Nov 2019
|
22:46 naddy
Document vulnerabilities in GNU cpio < 2.13.
|
|
Wednesday, 13 Nov 2019
|
23:45 sunpoet
Document libmad vulnerability
|
|
Tuesday, 12 Nov 2019
|
21:38 gjb
Fix build.
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
21:01 rene
Document new vulnerability in www/chromium < 78.0.3904.97
|
08:16 joneum
fix typo
Sponsored by: Netzkommune GmbH
|
07:42 joneum
Add entry for wordpress
Sponsored by: Netzkommune GmbH
|
Number of commits found: 6271 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.