FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7fe7df75-6568-11e6-a590-14dae9d210b8	End of Life Ports These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible. Discovery 2016-08-18 Entry 2016-08-18 Modified 2016-10-18 python32 python31 python30 python26 python25 python24 python23 python22 python21 python20 python15 ge 0 php54 php53 php52 php5 php4 ge 0 perl5 < 5.18 perl5.16 perl5.14 perl5.12 perl ge 0 ruby ruby_static < 2.1,1 unifi2 unifi3 ge 0 apache21 apache20 apache13 ge 0 tomcat55 tomcat41 ge 0 mysql51-client mysql51-server mysql50-client mysql50-server mysql41-client mysql41-server mysql40-client mysql40-server ge 0 postgresql90-client postgresql90-server postgresql84-client postgresql84-server postgresql83-client postgresql83-server postgresql82-client postgresql82-server postgresql81-client postgresql81-server postgresql80-client postgresql80-server postgresql74-client postgresql74-server postgresql73-client postgresql73-server postgresql72-client postgresql72-server postgresql71-client postgresql71-server postgresql7-client postgresql7-server ge 0 ports/211975
1daea60a-4719-11da-b5c6-0004614cc33d	ruby -- vulnerability in the safe level settings Ruby home page reports: The Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms: safe level and taint flag on objects. A vulnerability has been found that allows bypassing these mechanisms. By using the vulnerability, arbitrary code can be executed beyond the restrictions specified in each safe level. Therefore, Ruby has to be updated on all systems that use safe level to execute untrusted code. Discovery 2005-10-02 Entry 2005-10-27 ruby ruby_static gt 1.6.* lt 1.6.8.2004.07.28_2 gt 1.8.* lt 1.8.2_5 CVE-2005-2337 http://www.ruby-lang.org/en/20051003.html
76562594-1f19-11db-b7d4-0008743bf21a	ruby -- multiple vulnerabilities Secunia reports: Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level. An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams. Discovery 2006-07-12 Entry 2006-07-29 Modified 2006-07-30 ruby ruby_static gt 1.6.* lt 1.8.* gt 1.8.* lt 1.8.4_9,1 18944 CVE-2006-3694 http://secunia.com/advisories/21009/ http://jvn.jp/jp/JVN%2383768862/index.html http://jvn.jp/jp/JVN%2313947696/index.html

VuXML ID

Description

7fe7df75-6568-11e6-a590-14dae9d210b8

End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.

Discovery 2016-08-18
Entry 2016-08-18
Modified 2016-10-18
python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15

ge 0

php54
php53
php52
php5
php4

ge 0

perl5

< 5.18

perl5.16
perl5.14
perl5.12
perl

ge 0

ruby
ruby_static

< 2.1,1

unifi2
unifi3

ge 0

apache21
apache20
apache13

ge 0

tomcat55
tomcat41

ge 0

mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server

ge 0

postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server

ge 0

ports/211975

1daea60a-4719-11da-b5c6-0004614cc33d

ruby -- vulnerability in the safe level settings

Ruby home page reports:

The Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms: safe level and taint flag on objects.

A vulnerability has been found that allows bypassing these mechanisms.

By using the vulnerability, arbitrary code can be executed beyond the restrictions specified in each safe level. Therefore, Ruby has to be updated on all systems that use safe level to execute untrusted code.

Discovery 2005-10-02
Entry 2005-10-27
ruby
ruby_static

gt 1.6.* lt 1.6.8.2004.07.28_2

gt 1.8.* lt 1.8.2_5

CVE-2005-2337
http://www.ruby-lang.org/en/20051003.html

76562594-1f19-11db-b7d4-0008743bf21a

ruby -- multiple vulnerabilities

Secunia reports:

Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.

An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level.

An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams.

Discovery 2006-07-12
Entry 2006-07-29
Modified 2006-07-30
ruby
ruby_static

gt 1.6.* lt 1.8.*

gt 1.8.* lt 1.8.4_9,1

18944
CVE-2006-3694
http://secunia.com/advisories/21009/
http://jvn.jp/jp/JVN%2383768862/index.html
http://jvn.jp/jp/JVN%2313947696/index.html