| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
1.1_6 01 Jul 2026 00:38:02
    |
Philip Paeps (philip)  |
security/vuxml: add FreeBSD SAs issued on 2026-06-30
FreeBSD-SA-26:37.vm affects all supported releases
FreeBSD-SA-26:38.jail affects 15.0R and 15.1R
FreeBSD-SA-26:39.execve affects all supported releases
FreeBSD-SA-26:40.zfs affects all supported releases
FreeBSD-SA-26:41.libalias affects all supported releases
FreeBSD-SA-26:42.unlinkat affects all supported releases
FreeBSD-SA-26:43.tcp affects all supported releases
FreeBSD-SA-26:44.posixshm affects all supported releases
FreeBSD-SA-26:45.audit affects all supported releases
FreeBSD-SA-26:46.ktls affects all supported releases
FreeBSD-SA-26:47.linux affects 14.3R, 14.4R and 15.0R
FreeBSD-SA-26:48.compat32 affects 14.3R, 14.4R and 15.0R
FreeBSD-SA-26:49.iconv affects all supported releases |
1.1_6 30 Jun 2026 16:46:45
    |
Florian Smeets (flo)  |
security/vuxml: Document net-mgmt/icinga2 vulnerabilities |
1.1_6 30 Jun 2026 11:11:40
    |
Palle Girgensohn (girgen)  |
security/vuxml: Document databases/postgresql-jdbc vulnerability |
1.1_6 30 Jun 2026 10:59:41
    |
Robert Nagy (rnagy)  |
security/vuxml: add www/*chromium < 149.0.7827.200
Obtained
from: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01245939337.html |
1.1_6 29 Jun 2026 16:28:35
    |
Yusuf Yaman (nxjoseph)  Author: Jaap Akkerhuis |
security/vuxml: Document dns/nsd vulnerabilities
PR: 296375
Approved by: osa, vvd (Mentors, implicit) |
1.1_6 29 Jun 2026 13:07:14
    |
Yusuf Yaman (nxjoseph)  |
security/vuxml: Document net/rclone vulnerability
PR: 296192
Approved by: osa, vvd (Mentors, implicit) |
1.1_6 29 Jun 2026 12:32:18
    |
Yusuf Yaman (nxjoseph)  |
security/vuxml: Document dns/powerdns vulnerabilities
PR: 296312
Approved by: osa, vvd (Mentors, implicit) |
1.1_6 29 Jun 2026 11:14:13
    |
Yusuf Yaman (nxjoseph)  |
security/vuxml: Document dns/powerdns-recursor vulnerabilities
PR: 296313
Approved by: osa, vvd (Mentors, implicit) |
1.1_6 29 Jun 2026 10:07:44
    |
Yusuf Yaman (nxjoseph)  |
security/vuxml: Document dns/dnsdist vulnerabilities
PR: 296314
Approved by: osa, vvd (Mentors, implicit) |
1.1_6 29 Jun 2026 09:04:18
    |
Jason E. Hale (jhale)  |
security/vuxml: Add gstreamer1* < 1.28.4 |
1.1_6 28 Jun 2026 18:45:30
    |
Sergey A. Osokin (osa)  |
security/vuxml: document expat2 vulberabilities
Sponsored by: tipi.work |
1.1_6 28 Jun 2026 14:27:32
    |
Yusuf Yaman (nxjoseph)  Author: ports@foss-daily.org |
security/vuxml: Document www/gitea vulnerabilities
PR: 296351
Approved by: osa, vvd (Mentors, implicit) |
1.1_6 27 Jun 2026 12:39:32
    |
Piotr Smyrak (smyru)  |
security/vuxml: document ffmpeg vulnerability
Approved by: 0mp (mentor)
Approved by: fernape
Security: CVE-2026-8461
Differential Revision: https://reviews.freebsd.org/D57843 |
1.1_6 26 Jun 2026 04:41:08
    |
Matthias Fechner (mfechner)  |
security/vuxml: document gitlab vulnerabilities |
1.1_6 24 Jun 2026 14:59:22
    |
Bernard Spil (brnrd)  |
security/vuxml: Document go-git vulnerability |
1.1_6 24 Jun 2026 10:38:03
    |
Yusuf Yaman (nxjoseph)  |
security/vuxml: Document dns/{ldns,py-ldns} vulnerability
PR: 296232
Approved by: osa, vvd (Mentors, implicit)
Security: CVE-2026-10846 |
1.1_6 23 Jun 2026 10:37:01
    |
Dave Cottlehuber (dch)  |
security/vuxml: Document podman vulnerability
Reviewed by: dfr
Sponsored by: SkunkWerks, GmbH
Differential Revision: https://reviews.freebsd.org/D57736 |
1.1_6 21 Jun 2026 13:00:15
    |
Bernard Spil (brnrd)  |
security/vuxml: Fix month error on latest MariaDB entry |
1.1_6 20 Jun 2026 06:39:47
    |
Jason E. Hale (jhale)  |
security/vuxml: Unbreak 'validate' target
73ebb85ec34a introduced basic CVE ID checking, which is fantastic. It
kind of broke the 'validate' target for a sane VuXML DB, though.
This fixes the 'validate' target keeping to the orginal idea and with
pretty-print as an added bonus. |
1.1_6 19 Jun 2026 13:32:41
    |
Piotr Smyrak (smyru)  |
security/vuxml: refuse non CVE vuln IDs in validate target
PR: 295994
Approved by: 0mp (mentor)
Reviewed by: 0mp, fernape, philip
Differential Revision: https://reviews.freebsd.org/D57539 |
1.1_6 19 Jun 2026 04:21:14
    |
Charlie Li (vishwin)  |
security/vuxml: fix lang/python311 version typo
Event: BSDCan 2026 |
1.1_6 19 Jun 2026 04:16:15
    |
Charlie Li (vishwin)  |
security/vuxml: update python entries with upstream commits
Event: BSDCan 2026 |
1.1_6 18 Jun 2026 15:19:19
    |
Jochen Neumeister (joneum)  |
security/vuxml: Add entry for NGINX
Add entry for NGINX
Sponsored by: Netzkommune GmbH |
1.1_6 17 Jun 2026 20:17:56
    |
Jochen Neumeister (joneum)  |
security/vuxml: fix NGINX entry again
That's what happens when you're not focused.
Edit the entry again, since it's for nginx-devel
Sponsored by: Netzkommune GmbH |
1.1_6 17 Jun 2026 20:02:26
    |
Jochen Neumeister (joneum)  |
security/vuxml: fix NGINX entry
Fix NGINX entry
Sponsored by: Netzkommune GmbH |
1.1_6 17 Jun 2026 19:58:44
    |
Jochen Neumeister (joneum)  |
security/vuxml: add entry for NGINX
Add entry for NGINX
Sponsored by: Netzkommune GmbH |
1.1_6 17 Jun 2026 17:18:10
    |
Li-Wen Hsu (lwhsu)  |
security/vuxml: Document Jenkins Security Advisory 2026-06-10
Sponsored by: The FreeBSD Foundation |
1.1_6 17 Jun 2026 14:40:58
    |
Yusuf Yaman (nxjoseph)  |
security/vuxml: Document net/routinator vulnerabilities
PR: 295979
Security: CVE-2026-49232
Security: CVE-2026-49233
Security: CVE-2026-49234
Security: CVE-2026-49235
Approved by: osa, vvd (Mentors, implicit) |
1.1_6 17 Jun 2026 07:35:45
    |
Robert Nagy (rnagy)  |
security/vuxml: add www/*chromium < 149.0.7827.155 + fix prev version
Obtained
from: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html |
1.1_6 17 Jun 2026 06:52:38
    |
Guido Falsi (madpilot)  |
security/vuxml: Report mailpit vulnerability |
1.1_6 15 Jun 2026 12:00:35
    |
Robert Nagy (rnagy)  |
security/vuxml: add www/*chromium < 149.0.7827.114
Obtained
from: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01962725236.html |
1.1_6 14 Jun 2026 22:09:37
    |
Sergey A. Osokin (osa)  |
security/vuxml: improve recent change
Fixes: a90e0c311e44e5916df1d0b26f288bac063d1688 |
1.1_6 14 Jun 2026 21:53:08
    |
Kousuke Kannagi (mce)  |
security/vuxml: Add libsmi 0.4.8 vulnerability
PR: 295866
Approved by: osa (mentor) |
1.1_6 14 Jun 2026 06:28:02
    |
Thomas Zander (riggs)  |
security/vuxml: Document multiple vulnerabilities in net/traefik |
1.1_6 13 Jun 2026 22:39:21
    |
Adam Weinberger (adamw)  |
security/vuxml: Add caddy < 2.11.4 |
1.1_6 12 Jun 2026 04:50:03
    |
Matthias Fechner (mfechner)  |
security/vuxml: document gitlab vulnerabilities |
1.1_6 11 Jun 2026 23:01:44
    |
Dave Cottlehuber (dch)  |
security/vuxml: Document h2o vulnerabilities
Sponsored by: SkunkWerks, GmbH |
1.1_6 11 Jun 2026 08:04:14
    |
Philip Paeps (philip)  |
security/vuxml: remove bogus <cvename/s> tags
Unbreak the vuxml build (again).
Fixes: 81a6669e034d07e3db13eff0688b32365ceff302 |
1.1_6 11 Jun 2026 01:49:13
    |
Jimmy Olgeni (olgeni)  |
security/vuxml: Document Erlang/OTP June 2026 vulnerabilities |
1.1_6 10 Jun 2026 12:41:40
    |
Rodrigo Osorio (rodrigo)  |
security/vuxml: Document p5-ack vulnerabilities |
1.1_6 10 Jun 2026 11:22:41
    |
Piotr Smyrak (smyru)  |
security/vuxml: document devel/tree-sitter-cli vulnerabilities
PR: 294982
Approved by: 0mp
Differential Revision: https://reviews.freebsd.org/D57502 |
1.1_6 10 Jun 2026 09:25:07
    |
Bernard Spil (brnrd)  |
security/vuxml: Document OpenSSL vulnerabilities |
1.1_6 10 Jun 2026 08:00:34
    |
Robert Nagy (rnagy)  |
security/vuxml: add www/*chromium < 149.0.7827.102
Obtained
from: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html |
1.1_6 10 Jun 2026 02:59:06
    |
Philip Paeps (philip)  |
security/vuxml: add FreeBSD SAs issued on 2026-06-09
FreeBSD-SA-26:25.thr affects all supported releases
FreeBSD-SA-26:26.ktls affects all supported releases
FreeBSD-SA-26:27.sound affects all supported releases
FreeBSD-SA-26:28.capsicum affects all supported releases
FreeBSD-SA-26:29.ip6_multicast affects all supported releases
FreeBSD-SA-26:30.linux affects all supported releases
FreeBSD-SA-26:31.arm64 affects all supported releases
FreeBSD-SA-26:32.elf affects all supported releases
FreeBSD-SA-26:33.unbound affects all supported releases
FreeBSD-SA-26:34.vt affects all supported releases
FreeBSD-SA-26:35.openssl affects all supported releases
FreeBSD-SA-26:36.ldns affects all supported releases |
1.1_6 09 Jun 2026 21:29:43
    |
Dave Cottlehuber (dch)  |
security/vuxml: Document Elixir vulnerabilities
- CVE-2026-49762, GHSA-w2h8-8x3g-278p
References:
https://github.com/elixir-lang/elixir/releases/tag/v1.20.1
Sponsored by: SkunkWerks, GmbH |
1.1_6 08 Jun 2026 21:10:23
    |
Bernard Spil (brnrd)  |
security/vuxml: Document Apache httpd 2.4.67 vulnerabilities |
1.1_6 08 Jun 2026 18:33:18
    |
R. Christian McDonald (rcm)  |
security/vuxml: Document multiple Unbound vulnerabilities
* CVE-2026-32792
* CVE-2026-33278
* CVE-2026-40622
* CVE-2026-41292
* CVE-2026-42534
* CVE-2026-42923
* CVE-2026-42944
* CVE-2026-42959
* CVE-2026-42960
* CVE-2026-44390
* CVE-2026-44608
References:
https://www.nlnetlabs.nl/projects/unbound/security-advisories/
PR: 295442
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_6 08 Jun 2026 17:24:09
    |
R. Christian McDonald (rcm)  |
security/vuxml: Add entry for strongSwan CVE-2026-47895
PR: 295936
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_6 07 Jun 2026 09:02:52
    |
Bernard Spil (brnrd)  |
security/vuxml: Document WeeChat 4.9.0 vulnerabilities |
1.1_6 07 Jun 2026 08:55:11
    |
Bernard Spil (brnrd)  |
security/vuxml: Document WeeChat vulnerabilities |
1.1_6 06 Jun 2026 05:08:24
    |
Matthias Fechner (mfechner)  |
security/vuxml: document gitlab vulnerabilities |
1.1_6 06 Jun 2026 01:23:46
    |
Sergey A. Osokin (osa)  |
security/vuxml: add CVEs for xorg-server and xwayland
Sponsored by: tipi.work |
1.1_6 04 Jun 2026 21:01:17
    |
Fernando Apesteguía (fernape)  |
security/vuxml: Fix nginx entry
PR: 295797
Reported by: tomas@ciernik.sk and others |
1.1_6 04 Jun 2026 18:58:21
    |
Florian Smeets (flo)  |
security/vuxml: Document PowerDNS vulnerabilities |
1.1_6 04 Jun 2026 08:15:04
    |
Bernard Spil (brnrd)  |
security/vuxml: Document Apache DoS vulnerability |
1.1_6 04 Jun 2026 00:52:50
    |
Philip Paeps (philip)  |
security/vuxml: remove bogus <cvename/> references
ZDI-CAN-* references are not CVEs. They are internal references from a
security company. CVEs that don't exist upset the vuxmlbuild. |
1.1_6 02 Jun 2026 01:37:15
    |
Sergey A. Osokin (osa)  |
security/vuxml: add xwayland vulnerabilities
Sponsored by: tipi.work |
1.1_6 02 Jun 2026 01:21:51
    |
Sergey A. Osokin (osa)  |
security/vuxml: add xorg-server vulnerabilities |
1.1_6 02 Jun 2026 01:12:20
    |
Sergey A. Osokin (osa)  |
security/vuxml: fix x11-servers/xorg-server's PORTEPOCH
% make -V PORTEPOCH -f /usr/ports/x11-servers/xorg-server/Makefile
1
Sponsored by: tipi.work |
1.1_6 31 May 2026 16:12:33
    |
Fernando Apesteguía (fernape)  |
security/vuxml: Fix nginx entry
The range seems wrong according to https://nginx.org/en/CHANGES:
Changes with nginx 1.31.1 22 May 2026
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with overlapping captures in
ngx_http_rewrite_module, potentially resulting in arbitrary code
execution (CVE-2026-9256).
Thanks to Mufeed VH of Winfunc Research. |
1.1_6 30 May 2026 12:44:19
    |
Robert Nagy (rnagy)  |
security/vuxml: add www/*chromium < 148.0.7778.215
Obtained
from: https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html |
1.1_6 30 May 2026 09:12:34
    |
Bernard Spil (brnrd)  |
security/vuxml: Add missing PORTEPOCH for many entries
fixes portepoch warnings from `make validate`
While here: fix some whitespace |
1.1_6 30 May 2026 08:52:12
    |
Bernard Spil (brnrd)  |
security/vuxml: Only MariaDB Cluster vulnerable |
1.1_6 30 May 2026 08:43:05
    |
Bernard Spil (brnrd)  |
security/vuxml: Add missing CVE for MariaDB |
1.1_6 29 May 2026 21:33:24
    |
Fernando Apesteguía (fernape)  |
security/vuxml: Add www/gohugo vulnerabilities
* CVE-2026-39826
* CVE-2026-39823 |
1.1_6 29 May 2026 12:58:27
    |
Bernard Spil (brnrd)  |
security/vuxml: Document MariaDB vulnerabilities |
1.1_6 28 May 2026 17:33:02
    |
Guido Falsi (madpilot)  |
security/vuxml: Report mailpit vulnerability |
1.1_6 28 May 2026 07:18:13
    |
Jochen Neumeister (joneum)  Author: Matthias Andree |
security/vuxml: Add OpenEXR vulnerabilities
PR: 295508
Sponsored by: Netzkommune GmbH |
1.1_6 28 May 2026 05:27:23
    |
Jimmy Olgeni (olgeni)  |
security/vuxml: Document Erlang/OTP TLS/public_key vulnerabilities |
1.1_6 26 May 2026 13:06:04
    |
Yusuf Yaman (nxjoseph)  Author: Boris Korzun |
security/vuxml: Add www/grafana vulnerabilities
- XSS in Grafana Explore stack trace (CVE-2025-41117)
- Public Dashboards time range restriction on annotations can be bypassed
(CVE-2026-21722)
- RCE on Grafana via sqlExpressions (CVE-2026-27876)
- Public dashboards discloses all direct mode datasources (CVE-2026-27877)
- Query resampling can cause unbounded memory allocations (CVE-2026-27879)
- OpenFeature evaluation API reads input data with no bounds (CVE-2026-27880)
- Grafana Testdata datasource can issue unbounded memory allocations
(CVE-2026-28375)
- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS
(CVE-2026-33375)
PR: 294105
Reported by: Boris Korzun <drtr0jan@yandex.ru> |
1.1_6 26 May 2026 12:01:47
    |
Michael Gmelin (grembo)  |
security/vuxml: Add PORTEPOCH validation
This adds a check if portepoch has been forgotten
in affected version range specifications, which leads
to pkg audit not reporting a vulnerability.
Usage:
make check-portepoch
This is also invoked when running `make validate`.
Approved by: fernape (ports-secteam)
Differential Revision: https://reviews.freebsd.org/D57193 |
1.1_6 25 May 2026 07:33:17
    |
Baptiste Daroussin (bapt)  |
security/vuxml: document jellyfin < 10.11.10 vulnerabilities
Three security advisories fixed in jellyfin 10.11.10:
- GHSA-f47c-m7gr-q92j
- GHSA-jg92-mrxq-vv75
- GHSA-wwwm-px48-fpvq
References:
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-f47c-m7gr-q92j
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-jg92-mrxq-vv75
https://github.com/jellyfin/jellyfin/security/advisories/GHSA-wwwm-px48-fpvq
https://github.com/jellyfin/jellyfin/releases/tag/v10.11.10 |
1.1_6 24 May 2026 10:26:09
    |
Bernard Spil (brnrd)  |
security/vuxml: Document Roundcube Webmail vulnerabilities |
1.1_6 24 May 2026 08:51:56
    |
Thomas Zander (riggs)  |
security/vuxml: Document REST vulnerability in traefik |
1.1_6 24 May 2026 07:15:59
    |
Jochen Neumeister (joneum)  Author: Matthias Andree |
security/vuxml: Add entry for putty
PR: 295501
Sponsored by: Netzkommune GmbH |
1.1_6 22 May 2026 17:09:55
    |
Jochen Neumeister (joneum)  |
security/vuxml: Add entry for NGINX
PR: 295498
Sponsored by: Netzkommune GmbH |
1.1_6 22 May 2026 16:23:25
    |
Jason E. Hale (jhale)  |
security/vuxml: Document GStreamer1 < 1.28.3 |
1.1_6 22 May 2026 16:23:24
    |
Jason E. Hale (jhale)  |
security/vuxml: Document GStreamer1 < 1.28.2 |
1.1_6 21 May 2026 16:21:49
    |
Jason E. Hale (jhale)  |
security/vuxml: Document www/qt6-webengine < 6.11.1 |
1.1_6 21 May 2026 09:03:53
    |
Rodrigo Osorio (rodrigo)  |
security/vuxml: Document net/rsync vulnerability
- CVE-2026-29518
- CVE-2026-43617
- CVE-2026-43618
- CVE-2026-43619
- CVE-2026-43620
- CVE-2026-45232 |
1.1_6 21 May 2026 01:51:29
    |
Philip Paeps (philip)  |
security/vuxml: add FreeBSD SAs issued on 2026-05-20
FreeBSD-SA-26:18.setcred affects all supported releases
FreeBSD-SA-26:19.file affects all supported releases
FreeBSD-SA-26:20.fusefs affects all supported releases
FreeBSD-SA-26:21.ptrace affects all supported releases
FreeBSD-SA-26:22.casper affects all supported releases
FreeBSD-SA-26:23.bsdinstall affects all supported releases
FreeBSD-SA-26:24.cap_net affects all supported releases |
1.1_6 19 May 2026 19:52:51
    |
Jochen Neumeister (joneum)  |
security/vuxml: Document Nginx vulnerabilities
add entry for www/nginx-devel
Sponsored by: Netzkommune GmbH |
1.1_6 19 May 2026 08:52:52
    |
Bernard Spil (brnrd)  |
security/vuxml: Document MySQL vulnerabilities |
1.1_6 19 May 2026 08:12:44
    |
Bernard Spil (brnrd)  |
security/vuxml: Document MariaDB vulnerabilities |
1.1_6 18 May 2026 15:12:20
    |
Ryan Steinmetz (zi)  |
security/vuxml: Update affected packages for varnish vuln |
1.1_6 18 May 2026 14:43:31
    |
Ryan Steinmetz (zi)  |
security/vuxml: Document varnish/vinyl vulnerability
A deficiency in HTTP/2 request parsing can be exploited to launch a backend
request desync attack (request smuggling), which in turn can be used for cache
poisoning, authentication bypass or possibly even information disclosure and
manipulation. |
1.1_6 17 May 2026 20:44:10
    |
Danilo G. Baio (dbaio)  |
security/vuxml: Fix nginx version in the latest entry |
1.1_6 14 May 2026 18:33:08
    |
Palle Girgensohn (girgen)  |
security/vuxml: Add postgreql??-* vulnerabilities
* CVE-2026-6472
* CVE-2026-6473
* CVE-2026-6474
* CVE-2026-6475
* CVE-2026-6476
* CVE-2026-6477
* CVE-2026-6478
* CVE-2026-6479
* CVE-2026-6575
* CVE-2026-6637
* CVE-2026-6638 |
1.1_6 14 May 2026 14:23:09
    |
Ryan Steinmetz (zi)  |
security/vuxml: Document www/nginx DoS/RCE
PR: 295270
Security: 3414ac89-4f9f-11f1-a1c0-0050569f0b83 |
1.1_6 14 May 2026 11:47:37
    |
Guido Falsi (madpilot)  |
security/vuxml: Document new mail/mailpit vulnerabilities |
1.1_6 14 May 2026 10:19:54
    |
Daniel Engberg (diizzy)  |
security/vuxml: Update entry for (py-)setuptools CVE-2025-47273
Expand this to our ancient ports to according to upstream report.
Affects devel/py-setuptools44 and devel/py-setuptools58 |
1.1_6 14 May 2026 09:54:57
    |
Daniel Engberg (diizzy)  |
security/vuxml: Add entry for (py-)setuptools CVE-2025-47273
This is almost a one year old CVE |
1.1_6 14 May 2026 04:35:18
    |
Matthias Fechner (mfechner)  |
security/vuxml: document Gitlab vulnerabilities |
1.1_6 12 May 2026 23:29:15
    |
Craig Leres (leres)  |
security/vuxml: Mark security/zeek < 8.0.8 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v8.0.8
This release fixes the following potential DoS vulnerability:
- A specially-crafted series of MIME headers sent via SMTP or HTTP
could cause Zeek to use large amounts of memory and potentially
crash.
Reported by: Tim Wojtulewicz |
1.1_6 12 May 2026 11:46:31
    |
Fernando Apesteguía (fernape)  Author: Matthias Andree |
security/vuxml: Add dnsmasq vulnerabilities
* CVE-2026-2291
* CVE-2026-4890
* CVE-2026-4891
* CVE-2026-4892
* CVE-2026-4893
* CVE-2026-5172
PR: 295204 |
1.1_6 12 May 2026 11:32:54
    |
Fernando Apesteguía (fernape)  Author: Einar Bjarni Halldórsson |
security/vuxml: Add prosody vulnerability
CNA: MITRE
* Base Score: 7.2 HIGH
* Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
PR: 295226 |
1.1_6 11 May 2026 22:09:38
    |
Thierry Thomas (thierry)  |
security/vuxml: adding an entry for expat
See https://blog.hartwork.org/posts/expat-2-8-1-released/
and https://nvd.nist.gov/vuln/detail/CVE-2026-45186
Security: CVE-2026-45186 |
1.1_6 11 May 2026 08:26:05
    |
Fernando Apesteguía (fernape)  |
security/vuxml: Remove warning
Reduce the size of the description in one case.
Nothing can be done for the other one. |
1.1_6 11 May 2026 07:16:18
    |
Fernando Apesteguía (fernape)  Author: Thomas Morper |
security/vuxml: add CVEs for Prosody advisory 2026-04-29
ChangeLog: https://prosody.im/security/advisory_735dd9d3/
PR: 295127 |
1.1_6 11 May 2026 03:43:20
    |
Bryan Drewery (bdrewery)  |
security/vuxml: Document dash entry |