| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Wednesday, 24 Nov 2004
|
15:46 ume 
correct fixed version
Pointed out by: josef
 |
08:04 ume
c0a269d5-3d16-11d9-8818-008088034841 and
114d70f3-3d16-11d9-8818-008088034841 are fixed in cyrus-imapd 2.1.17.
|
|
Tuesday, 23 Nov 2004
|
13:52 simon
Document that the twiki vulnerability is fixed in twiki-20040902.
|
06:29 ume
add Cyrus IMAP Server multiple remote vulnerabilities.
Obtained from: http://security.e-matters.de/advisories/152004.html
|
|
Saturday, 20 Nov 2004
|
22:21 simon
Add CVE reference for the SA-04:16.fetch entry.
|
00:39 josef
Document vulnerability in phpmyadmin.
|
|
Thursday, 18 Nov 2004
|
19:06 josef
Add localized versions of gd port to the VuXML entry.
|
15:47 simon
Document SA-04:16.fetch.
|
|
Wednesday, 17 Nov 2004
|
19:05 josef
Document the buffer overrun vulnerability in samba3
CAN-2004-882
|
17:11 josef
Correct range for xpdf vulnerability, as cups-base got a fixing
update.
|
|
Tuesday, 16 Nov 2004
|
23:16 josef
The last commit to japanese/samba also fixed the security issue
in samba (CAN-2004-0815)
As discussed with: NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer)
|
22:53 simon
Add CVE name to twiki entry.
Noticed by: josef
|
20:02 josef
Add teTeX-base to affected packages in xpdf's vuxml entry.
|
|
Monday, 15 Nov 2004
|
10:18 simon
Document arbitrary shell command execution in twiki.
|
|
Sunday, 14 Nov 2004
|
23:05 simon
Document a format string vulnerability in proxytunnel.
|
|
Saturday, 13 Nov 2004
|
09:05 simon
Fix entry date for the ruby entry from the last commit.
|
08:54 simon
- Document at DoS in the Ruby CGI module.
- Document a privilege escalation in sudo.
|
|
Friday, 12 Nov 2004
|
15:23 nectar
Add CVE name for gnats issue.
|
15:01 nectar
Note (likely) remotely exploitable vulnerability in samba 3.
Submitted by: Shane Kinney <mod6@freebsdhackers.net>
|
11:15 josef
Document vulnerability in GNATS.
|
|
Thursday, 11 Nov 2004
|
23:53 simon
Document a XSS in squirrelmail.
|
23:01 josef
Fix entry date.
|
22:46 josef
Document BNC vulnerability.
|
17:29 nectar
Note old hafiye bug.
Submitted by: Shane Kinney <mod6@freebsdhackers.net>
|
15:46 naddy
Fix a format string vulnerability in ez-ipupdate.
Approved by: se@
Obtained from: Ulf Harnhammar <Ulf.Harnhammar.9485@student.uu.se>
|
14:17 simon
Document a buffer overflow in ImageMagick's EXIF parser.
|
13:34 simon
Correct recent Apache 2 entry to not match Apache 1.X.
Noticed by: Dan Langille <dan@langille.org>
|
|
Wednesday, 10 Nov 2004
|
22:48 josef
Document vulnerability in Apache 2 (CAN-2004-0942).
|
20:25 marcus
Update the libxml vulnerability to indicate the fixed version.
|
|
Tuesday, 9 Nov 2004
|
23:30 simon
Document a format string vulnerability in socat.
|
22:07 simon
Document remote buffers overflow in libxml and libxml2.
|
17:00 nectar
The bugs discovered by Chris Evans have been fixed
in linux-gdk-pixbuf.
Reported by: thierry
|
|
Monday, 8 Nov 2004
|
10:26 josef
Fix pkgnames for mod_include vulnerability.
Thanks to Dan Langille for helping me to track these down.
|
00:07 simon
Document a virus detection evasion in p5-Archive-Zip.
|
|
Saturday, 6 Nov 2004
|
12:31 josef
Document mod_include vulnerability in apache and related ports.
|
00:38 simon
Document an insecure temporary file creation in postgresql-contrib.
|
|
Friday, 5 Nov 2004
|
21:57 simon
Bump modified date in the entry for the last commit.
|
21:54 simon
Update latest mpg123 entry to note that the port is fixed in the most
recent port version.
|
14:48 simon
There was a gd 1.X port with portepoch 2 for a while, so let the gd
entry also match that.
|
13:59 simon
Document an integer overflow in the GD Graphics Library.
|
|
Thursday, 4 Nov 2004
|
08:56 simon
Correct entry date for the putty entry.
OK'ed by: josef
|
00:05 josef
Document vulnerability in putty
Reviewed by: simon
|
|
Wednesday, 3 Nov 2004
|
22:49 simon
Add an entry for a wzdftpd remote DoS.
|
22:36 simon
Updates to the bogofilter entry:
- Improve information about which versions are vulnerable. [1]
- Add a few more references.
Submitted by: Matthias Andree <matthias.andree@gmx.de> [1]
|
|
Monday, 1 Nov 2004
|
21:24 mezz
Update linux-openmotif to 2.2.4 to fix the security.
http://vuxml.freebsd.org/ef253f8b-0727-11d9-b45d-000c41e2cdad.html
|
|
Wednesday, 27 Oct 2004
|
21:11 josef
Document rssh format string vulnerability.
Approved by: nectar
|
12:25 nectar
Create a VuXML entry for Horde XSS help window vulnerability to replace
the portaudit-db entry.
|
|
Tuesday, 26 Oct 2004
|
11:12 nectar
Document a denial-of-service issue in bogofilter.
This entry is slightly modified from one that was
Submitted by: Matthias Andree <matthias.andree@gmx.de>
|
05:41 nork
Fix integer overflow vulnerabilities.
Patch made by: Chris Evans, Dirk Muller, Sebastian Krahmer,
Derek Noonburg and Marcus Meissner
Submitted by: nectar
|
|
Monday, 25 Oct 2004
|
20:22 nectar
Document xpdf 2 and xpdf 3 vulnerabilities.
|
19:27 nectar
Document several security issues in gaim, fixed in various versions from
0.82 through 1.0.2. While I'm here, notice that there have been ru-,
ko-, and ja- flavors of gaim, as well as a fairly short-lived range of
version numbers based on dates (snapshots).
|
17:21 nectar
Note that the Red Hat based linux_base ports contain
vulnerable libXpm.so files.
Noticed by: maho
|
|
Sunday, 24 Oct 2004
|
19:39 josef
Document SSL_Cypherbypass vulnerability in mod_ssl
and buffer overflow vulnerability in gaim.
|
|
Saturday, 23 Oct 2004
|
16:08 simon
- Document more buffer overflows in mpg123.
- Fix package name in two older mpg123 entries.
Approved by: nectar
|
|
Friday, 22 Oct 2004
|
12:21 nectar
I suck. (Correct a typo that would have been readily detected if
I would have run `make validate' before committing.)
|
12:13 nectar
Add CVE name for cabextract issue.
|
|
Thursday, 21 Oct 2004
|
22:23 simon
Fix a copy/paste typo in last commit.
|
22:17 simon
Document DoS in Apache 2 SSL handling.
Approved by: nectar
|
20:04 nectar
Note that xpm has been fixed.
Also, it appears that Motif itself is affected, so add related packages.
|
12:34 nectar
Update entry regarding INN 2.4.x buffer overflow:
- The email archive referenced is no longer available. Use
marc.theaimsgroup.com archive instead.
- Note that only 2.4.x versions are affected (earlier ones
are not).
Reported by: leeym
|
|
Wednesday, 20 Oct 2004
|
21:21 simon
Document remote command execution vulnerability in phpMyAdmin.
Approved by: nectar
|
18:38 simon
Document insecure directory handling in cabextract.
Approved by: nectar
|
|
Tuesday, 19 Oct 2004
|
22:08 simon
Set correct entry date for the a2ps issue.
Noticed by: nectar
Pointy hat to: simon
|
21:41 simon
Document insecure command line argument handling in a2ps.
Approved by: nectar
|
16:40 nectar
Document a vulnerability in ifmail. (There does not exist
an appropriate public reference yet--- this entry should be
updated when the port is updated.)
Reported by: Niels Heinen <niels.heinen@ubizen.com>
|
15:41 nectar
Document a vulnerability in imwheel.
|
14:11 nectar
Add CVE names for FreeRADIUS vulnerabilities.
|
|
Monday, 18 Oct 2004
|
20:21 josef
Document NTLM authentication vulnerability in squid
Approved by: nectar
|
17:56 simon
Document a SQL command injection in Cacti.
The status of the PHP configuration option magic_quotes_gpc was
confirmed by: ale
Approved by: nectar
|
|
Sunday, 17 Oct 2004
|
16:38 simon
Document a format string vulnerability in the apache13 mod_ssl proxy
support.
Approved by: nectar
|
|
Saturday, 16 Oct 2004
|
20:31 simon
- Change a few uses of <url> into <mlist>.
OK'ed by: nectar
Additional comment to the Tor entry from v. 1.302, it was:
Submitted by: rik <freebsd-security@rikrose.net> (original version)
|
|
Friday, 15 Oct 2004
|
21:21 simon
- Document remote DoS and loss of anonymity in Tor.
- Update a Samba entry with new information about vulnerable versions.
Approved by: nectar
|
|
Thursday, 14 Oct 2004
|
17:52 nectar
lesstif has been upgraded to a version that is not affected by the
libXpm vulnerability.
|
17:06 simon
Recommit my changes from 1.298 which was accidently removed in 1.299.
Pointy hat to: josef (who also noticed the problem)
|
16:55 josef
Document two seperate security vulnerabilities in
icecast1 and icecast2.
Approved by: nectar
|
16:46 simon
Change the Xerces-C++ entry to match the xerces-c2 port.
Noticed by: nectar
|
|
Wednesday, 13 Oct 2004
|
22:00 josef
Document vulnerability in freeradius.
Approved by: nectar
|
21:50 simon
- Document DoS in Xerces-C++.
- Fix typo in a mozilla entry.
Approved by: nectar
|
21:12 nectar
It turns out that lesstif has libXpm sneakily embedded. There are at
least three files with this comment at the top:
* This file contains most of the source files of Xpm, concatenated and with
* the public names changed (to have an _LtXpm prefix).
|
21:01 simon
Document XSS in wordpress.
Approved by: nectar
|
20:39 nectar
Document integer overflows in libtiff.
|
17:18 simon
- Document a CUPS local information disclosure.
- Note the impact of the sharutils buffer overflows.
Approved by: nectar
|
16:55 josef
Document a vulnerability in Zinf (freeamp).
Approved by: nectar
|
16:06 nectar
Document libtiff RLE decoder issues.
|
10:27 simon
The sharutils buffer overflows has been fixed in sharutils 4.2.1_2.
|
|
Tuesday, 12 Oct 2004
|
23:46 simon
Document a vulnerability in sharutils.
Approved by: nectar
|
21:58 josef
Document 2 DoS attacks possible against
older versions of mail-notifier.
Based on the security advisories
mentioned in the reference links.
Approved by: nectar
|
15:39 nectar
ale@ reports that the only ports affected are php[45], php[45]-cgi,
and mod_php[45].
|
15:09 nectar
Note squid SNMP DoS. Based on an entry that was
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
|
02:08 nectar
The documented xv vulnerabilities were fixed by dinoex@
Approved by: portmgr
|
01:07 nectar
Note that the image decoding vulnerabilities in gdk-pixbuf have been
fixed.
Reported by: marcus
Approved by: portmgr
|
00:58 nectar
Document older cyrus-sasl bug affecting DIGEST-MD5.
Submitted by: simon
Approved by: portmgr
|
00:57 nectar
Update the description of and list of packages affected by the PHP file
upload processing bug.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr
|
|
Friday, 8 Oct 2004
|
16:50 nectar
Document unsafe use of environmental variable SASL_PATH in cyrus-sasl.
Approved by: portmgr
|
|
Tuesday, 5 Oct 2004
|
19:28 trhodes
Add some more apache ports.
Fix two errors found by nectar.
Approved by: portmgr
|
17:41 trhodes
Add imp3 issue, add apache13-ssl issue, correct a tag.
Approved by: portmgr
|
14:54 nectar
Note that older packages of bmon were dangerously installed set-user-ID.
Approved by: portmgr
|
14:33 nectar
Document GnuTLS denial-of-service (already mentioned in portaudit's
database).
Approved by: portmgr
|
14:06 nectar
Record another PHP vulnerability.
Approved by: portmgr
|
13:52 nectar
Record another PHP security issue.
Approved by: portmgr
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.