| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_5
21 Sep 2021 03:47:26
     |
Po-Chuan Hsieh (sunpoet)  |
security/vuxml: Document libssh vulnerability |
1.1_5
20 Sep 2021 06:26:06
|
Daniel Engberg (diizzy)
Author: Robert Clausecker |
security/vuxml: Add entry for libpano13 < 2.9.20
PR: 258354
Approved by: tcberner
Differential Revision: https://reviews.freebsd.org/D31980 |
1.1_5
17 Sep 2021 21:37:59
|
Jan Beich (jbeich) |
security/vuxml: update seatd 0.6.{0,1} entry
- Discovered 1 day before announcement
- Assigned CVE-2021-41387 |
1.1_5
17 Sep 2021 19:15:56
|
Eugene Grosbein (eugen) |
security/vuxml: fix range in vid f55921aa-10c9-11ec-8647-00e0670f2660
Fix ranges for latest net/mpd5 vulnerability.
Reported by: Clive Lin |
1.1_5
17 Sep 2021 17:40:47
|
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulns |
1.1_5
17 Sep 2021 10:52:12
|
Bernard Spil (brnrd) |
security/vuxml: Register cURL vulns |
1.1_5
16 Sep 2021 01:20:09
|
Jan Beich (jbeich) |
security/vuxml: consistently use -- in topic after e0992ef21346 |
1.1_5
16 Sep 2021 01:15:04
|
Jan Beich (jbeich) |
security/vuxml: mark seatd 0.6.{0,1} as vulnerable |
1.1_5
14 Sep 2021 16:55:06
|
Rene Ladan (rene) |
security/vuxml: add chromium < 93.0.4577.82
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html |
1.1_5
13 Sep 2021 18:14:24
|
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerabilities in Matrix clients
Security: 93eb0e48-14ba-11ec-875e-901b0e9408dc
Security: CVE-2021-40823
Security: CVE-2021-40824 |
1.1_5
11 Sep 2021 00:30:50
|
Brad Davis (brd) |
security/vuxml: document sysutils/consul vulnerability |
1.1_5
10 Sep 2021 17:21:33
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5
09 Sep 2021 12:11:13
|
Wen Heping (wen) |
security/vuxml: Document multiple vulnerabilities of python38 |
1.1_5
08 Sep 2021 22:02:51
|
Eugene Grosbein (eugen) |
security/vuxml: add net/mpd5 PPPoE Server remotely exploitable crash
Version 5.9_2 contains security fix for PPPoE servers.
Insufficient validation of incoming PPPoE Discovery request
specially crafted by unauthenticated user might lead to unexpected
termination of the process. The problem affects mpd versions since 5.0.
Installations not using PPPoE server configuration were not affected.
Reported by: Yannick C at SourceForge
Tested by: Yannick C at SourceForge, paul at SourceForge |
1.1_5
07 Sep 2021 07:12:37
|
Wen Heping (wen) |
security/vuxml: Document multiple vulnerabilities of python36 and python37 |
1.1_5
05 Sep 2021 11:32:07
|
Bernard Spil (brnrd) |
security/vuxml: Document WeeChat vulnerability |
1.1_5
02 Sep 2021 14:31:26
|
Ashish SHUKLA (ashish) |
security/vuxml: Document py-matrix-synapse vulnerabilities
PR: 258187
Reported by: Sascha Biberhofer <ports@skyforge.at>
Security: a67e358c-0bf6-11ec-875e-901b0e9408dc
Security: CVE-2021-39163
Security: CVE-2021-39164 |
1.1_5
02 Sep 2021 04:48:27
|
Wen Heping (wen) |
security/vuxml: Document python39 multiple vulnerabilities |
1.1_5
02 Sep 2021 03:41:34
|
Hajimu UMEMOTO (ume) |
security/vuxml: fix range
Reported by: rene |
1.1_5
01 Sep 2021 20:34:29
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 93.0.4577.63
Obtained
from: https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html |
1.1_5
01 Sep 2021 13:22:35
|
Hajimu UMEMOTO (ume) |
security/vuxml: Document cyrus-imapd vulnerability. |
1.1_5
31 Aug 2021 21:20:14
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5
26 Aug 2021 23:09:48
|
Matthias Andree (mandree) |
security/vuxml: document fetchmail TLS vulns
URL: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
Security: CVE-2021-39272
Security: 1d6410e8-06c1-11ec-a35d-03ca114d16d6 |
1.1_5
25 Aug 2021 06:14:17
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:17.openssl
Reference FreeBSD SA-21:17.openssl in the 16 February 2021
OpenSSL entry and note the fixed patch releases. |
1.1_5
25 Aug 2021 06:14:16
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:16.openssl
Reference FreeBSD SA-21:16.openssl in the 24 August 2021
OpenSSL entry and note the fixed patch releases. |
1.1_5
25 Aug 2021 06:14:16
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:15.libfetch |
1.1_5
25 Aug 2021 06:14:16
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:14.ggatec |
1.1_5
25 Aug 2021 06:14:15
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:13.bhyve |
1.1_5
24 Aug 2021 15:13:24
|
Bernard Spil (brnrd) |
security/vuxml: Fix openssl-devel version |
1.1_5
24 Aug 2021 15:10:04
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL vulnerabilities |
1.1_5
22 Aug 2021 15:28:16
|
Adam Weinberger (adamw)
Author: Stefan Bethke |
vuxml: Add entry for gitea < 1.15.0
PR: 257994 |
1.1_5
20 Aug 2021 18:37:03
|
Adam Weinberger (adamw)
Author: Stefan Bethke |
vuxml: Add entry for gitea < 1.14.6 |
1.1_5
20 Aug 2021 03:40:09
|
Kyle Evans (kevans) |
security/vuxml: Document vulnerabilities in java/bouncycastle15
MFH: 2021Q3
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc. |
1.1_5
18 Aug 2021 06:10:16
|
Fernando ApesteguÃa (fernape)
Author: Yasuhiro Kimura |
security/vuxml: Excessive memory consumption vulnerability in binutils
Fixed in main a0e752df8013 and in 2021Q3 in 9c4ee12.
PR: 256133
Reviewed by: fluffy@, koobs@
Security: CVE-2021-3487 |
1.1_5
17 Aug 2021 12:35:20
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 92.0.4515.159
Obtained
from: https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html |
1.1_5
15 Aug 2021 07:11:46
|
Carlo Strub (cs) |
security/vuxml: Update release number for fixed lynx vulnerability
Security: e9200f8e-fd34-11eb-afb1-c85b76ce9b5a |
1.1_5
14 Aug 2021 19:41:58
|
Carlo Strub (cs) |
security/vuxml: Document credential leakage vulnerability
Security: e9200f8e-fd34-11eb-afb1-c85b76ce9b5a |
1.1_5
12 Aug 2021 16:22:50
|
Palle Girgensohn (girgen) |
security/vuxml: postgresql??-server vuln CVE-2021-3677 |
1.1_5
10 Aug 2021 00:42:24
|
Romain Tartière (romain) |
security/vuxml: document xtrlock CVE-2016-10894 |
1.1_5
09 Aug 2021 20:15:04
|
Cy Schubert (cy) |
security/vuxml: Document x11/cde local privilege escalation
Security: CVE-2020-2696, VU#308289 |
1.1_5
05 Aug 2021 23:00:59
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5
04 Aug 2021 08:29:40
|
Matthias Fechner (mfechner) |
security/vuxml: Security vulnerabilities for gitlab-ce |
1.1_5
04 Aug 2021 08:10:56
|
Bernard Spil (brnrd) |
security/vuxml: Mark MariaDB vulnerable |
1.1_5
03 Aug 2021 18:22:00
|
Li-Wen Hsu (lwhsu)
Author: Thomas Morper |
security/vuxml: Add net-im/prosody CVE-2021-37601
PR: 257597 |
1.1_5
03 Aug 2021 18:19:14
|
Matthias Andree (mandree) |
security/vuxml: update fetchmail CVE-2021-36386 vuln
this vuln was a reintroduction of CVE-2008-2711 which got fixed in
fetchmail 6.3.9, when 6.3.17 refactored code.
- restrict range (>= 6.3.9 < 6.3.17 unaffected)
- add reference to old CVE-2008-2711
URL: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
Security: cbfd1874-efea-11eb-8fe9-036bd763ff35
Security: CVE-2021-36386
Security: CVE-2008-2711 |
1.1_5
03 Aug 2021 17:17:22
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 92.0.4515.131
Obtained
from: https://chromereleases.googleblog.com/search/label/Stable%20updates |
1.1_5
02 Aug 2021 09:52:36
|
Dave Cottlehuber (dch) |
security/vuxml: document net/rabbitmq CVE-2021-22116
https://tanzu.vmware.com/security/cve-2021-22116 |
1.1_5
01 Aug 2021 21:57:10
|
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-33037
PR: 257153 |
1.1_5
01 Aug 2021 21:52:40
|
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-30640
PR: 257153 |
1.1_5
01 Aug 2021 21:42:39
|
Kevin Bowling (kbowling) |
security/vuxml: correct tomcat package name/versions
PR: 257153
Fixes: 9462edd84baf |
1.1_5
01 Aug 2021 21:35:55
|
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-30639
PR: 257153 |
1.1_5
28 Jul 2021 21:36:56
|
Matthias Andree (mandree) |
security/vuxml: add fetchmail < 6.4.20 vuln
Security: cbfd1874-efea-11eb-8fe9-036bd763ff35
Security: CVE-2021-36386 |
1.1_5
27 Jul 2021 10:24:10
|
Li-Wen Hsu (lwhsu)
Author: Yasuhiro Kimura |
security/vuxml: Document integer overflow vulnerability in redis
PR: 257325 |
1.1_5
27 Jul 2021 09:00:51
|
Li-Wen Hsu (lwhsu)
Author: rob2g2 |
security/vuxml: Document dns/powerdns CVE-2021-36754
PR: 257435 |
1.1_5
24 Jul 2021 16:59:42
|
Craig Leres (leres) |
security/vuxml: Mark mosquitto >= 2.0.0, < 2.0.10 vulnerable as per:
https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt
- If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault.
PR: 255229
Reported by: Daniel Engberg |
1.1_5
23 Jul 2021 23:14:14
|
Guido Falsi (madpilot) |
security/vuxml: Document new pjsip vulnerability |
1.1_5
23 Jul 2021 21:21:10
|
Guido Falsi (madpilot) |
security/vuxml: Document new asterisk vulnerabilities |
1.1_5
21 Jul 2021 14:10:34
|
Rene Ladan (rene) |
security/vuxml: document Chromium < 92.0.4515.107 |
1.1_5
21 Jul 2021 13:40:45
|
Rene Ladan (rene) |
security/vuxml: fix `make validate' |
1.1_5
21 Jul 2021 10:31:00
|
Bernard Spil (brnrd) |
security/vuxml: Document cURL 7.77.0 vulnerabilities |
1.1_5
20 Jul 2021 08:55:32
|
Bernard Spil (brnrd) |
security/vuxml: Document MySQL vulnerabilities Jul2021 |
1.1_5
18 Jul 2021 21:27:11
|
Guangyuan Yang (ygy)
Author: stb |
security/vuxml: Document vulnerabilities in www/gitea
PR: 257221
Approved by: lwhsu (mentor) |
1.1_5
18 Jul 2021 17:54:30
|
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix make validate after 069e58611c7933431ec82b0b9c119677e8d6cc21
Reported by: lwhsu
Approved by: delphij (ports-secteam) |
1.1_5
16 Jul 2021 20:31:59
|
Rene Ladan (rene) |
security/vuxml: document chromium < 91.0.4472.164
Obtained
from: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html |
1.1_5
14 Jul 2021 17:26:34
|
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document ruby vulnerability |
1.1_5
14 Jul 2021 16:10:51
|
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix make test
- Respect VUXML_FILE and VUXML_FLAT_FILE [1]
It allows run "make test" on read-only media (e.g. poudriere jail)
- Copy all vuln XML file to the test directory [2]
Since vuln.xml has been split into multiple XML files, all of them must be
copied to the test directory.
Without [1], the error message is as follows:
===> Testing for vuxml-1.1_5
xmllint -noent vuln.xml > vuln-flat.xml
/bin/sh: cannot create vuln-flat.xml: Read-only file system
*** Error code 2
Stop.
Without [2], the error message is as follows: (Only the first 15 lines of the commit message are shown above  ) |
1.1_5
13 Jul 2021 12:01:52
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5
10 Jul 2021 12:51:01
|
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in databases/mantis
PR: 257068
Reported by: Zoltan ALEXANDERSON BESSE <zab@zltech.eu> |
1.1_5
08 Jul 2021 06:49:57
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerability |
1.1_5
04 Jul 2021 20:55:52
|
Tobias C. Berner (tcberner)
Author: Daniel Engberg |
security/vuxml: document vulnerabilities in graphics/exiv2
PR: 256803 |
1.1_5
03 Jul 2021 05:01:44
|
Matthias Andree (mandree) |
security/vuxml: document openexr < 3.0.5 vulns
Security: f2596f27-db4c-11eb-8bc6-c556d71493c9 |
1.1_5
02 Jul 2021 07:34:26
|
Matthias Fechner (mfechner) |
security/vuxml: Documented gitlab vulnerabilities. |
1.1_5
01 Jul 2021 07:30:09
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Let vuln-flat.xml depend on all vuln xml files
So it can get rebuilt when any of vuln xml file changed.
Approved by: ports-secteam (fluffy, implicitly) |
1.1_5
01 Jul 2021 07:28:36
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-06-30
Sponsored by: The FreeBSD Foundation |
1.1_5
30 Jun 2021 15:39:09
|
Juraj Lutter (otis) |
security/vuxml: Fix dovecot entry
Fix stray ">" character in a CVE URL. |
1.1_5
28 Jun 2021 15:01:36
|
Dave Cottlehuber (dch) |
security/vuxml: Add net/rabbitmq CVE-2021-22116 DoS vuln
Security: CVE-2021-22116
Sponsored by: SkunkWerks, GmbH |
1.1_5
28 Jun 2021 15:01:36
|
Dave Cottlehuber (dch) |
security/vuxml: Pet rabbitmq-c entry
make clean validate failed after rebased commit
fix package name error and indentation issues |
1.1_5
28 Jun 2021 15:01:36
|
Dave Cottlehuber (dch) |
security/vuxml: Pet puppetdb entry
make clean validate reports a missing stanza |
1.1_5
25 Jun 2021 20:46:55
|
Dave Cottlehuber (dch) |
security/vuxml: add entry for net/rabbitmq-c
Sponsored by: SkunkWerks, GmbH
Security: CVE-2019-18609
Differential Revision: https://reviews.freebsd.org/D30906 |
1.1_5
25 Jun 2021 20:03:01
|
Romain Tartière (romain) |
security/vuxml: Document CVE-2021-27021 |
1.1_5
25 Jun 2021 17:13:18
|
Mateusz Piotrowski (0mp) |
security/vuxml: Add another package for CVE-2021-3583
Also, fix a copy-paste error. py*-ansible-base are listed twice. The
second entry should list py*-ansible instead. |
1.1_5
25 Jun 2021 14:27:15
|
Mateusz Piotrowski (0mp) |
security/vuxml: Update Ansible's CVE-2021-3583
It turns out that it affects not only ansible-core, but also some other
ports. |
1.1_5
24 Jun 2021 18:50:15
|
Juraj Lutter (otis) |
security/vuxml: Fix mail/dovecot-pigeonhole vulnerable versions
Correct mail/dovecot-pigeonhole vulnerable versions to proper value. |
1.1_5
24 Jun 2021 10:30:56
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix CVS name for vid e4cd0b38-c9f9-11eb-87e1-08002750c711
This should fix vuxml.org build.
PR: 256789 |
1.1_5
24 Jun 2021 10:03:43
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Update the doc link and the comment of where to add new entry
Approved by: ports-secteam (implicitly) |
1.1_5
24 Jun 2021 09:59:09
|
Mateusz Piotrowski (0mp) |
security/vuxml: Document sysutils/py-ansible-core vulnerability
Security: CVE-2021-3583 |
1.1_5
23 Jun 2021 18:21:56
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix `make validate` to use the latest vuxml file
This is a follow up for 6954792fe916862afd25cf6ce961bd7062dfb21f
Approved by: ports-secteam (fluffy) |
1.1_5
23 Jun 2021 14:34:34
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Create 2021 entity
Let's create a new entity in the beginning of each year and append to it,
instead of massive copying in the end of each year. |
1.1_5
23 Jun 2021 10:00:10
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range of www/py-aiohttp
This also marks 3.7.4.p0 as fixed.
PR: 256219 |
1.1_5
22 Jun 2021 16:14:41
|
Juraj Lutter (otis) |
security/vuxml: Document mail/dovecot-pigeonhole vulnerability |
1.1_5
22 Jun 2021 16:14:41
|
Juraj Lutter (otis) |
security/vuxml: Document mail/dovecot vulnerabilities |
1.1_5
21 Jun 2021 20:34:11
|
Brad Davis (brd) |
security/vuxml: Fix range for www/nginx CVE-2021-23017
Reviewed by: garga
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5
21 Jun 2021 16:20:13
|
Danilo G. Baio (dbaio) |
security/vuxml: Fix 'make validate'
While here, remove hyperlinks to simplify, they can be accessed through
the report's url. |
1.1_5
20 Jun 2021 01:31:15
|
Adam Weinberger (adamw) |
security/vuxml: Add entry for gitea < 1.14.3
PR: 256720 |
1.1_5
18 Jun 2021 11:01:23
|
Rene Ladan (rene) |
security/vuxml: Add www/chromium < 91.0.4472.114
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html |
1.1_5
15 Jun 2021 15:48:20
|
Kevin Bowling (kbowling) |
security/vuxml: Document CVE-2021-29376 for irc/ircII
PR: 255492
Reported by: Andrew Gierth <andrew@tao11.riddles.org.uk> |
1.1_5
14 Jun 2021 07:15:01
|
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulns |
1.1_5
11 Jun 2021 10:50:26
|
Dmitry Marakasov (amdmi3) |
security/vuxml: document CVE-2021-33564 for rubygem-dragonfly |
1.1_5
10 Jun 2021 14:37:05
|
Rodrigo Osorio (rodrigo) |
security/vuxml: Document CVE-2020-35701 for net-mgmt/cacti |
1.1_5
10 Jun 2021 11:37:46
|
Rene Ladan (rene) |
security/vuxml: add Chromium < 91.0.4472.101
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html |
As an Amazon Associate I earn from qualifying purchases.
