| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_5
10 Dec 2021 02:36:34
     |
Guangyuan Yang (ygy)  |
security/vuxml: Document lang/go vulnerabilities |
1.1_5
07 Dec 2021 20:59:33
|
Rene Ladan (rene) |
security/vuxml: document www/chromium < 96.0.4664.93
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html |
1.1_5
07 Dec 2021 08:05:25
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_5
02 Dec 2021 13:58:50
|
Bernard Spil (brnrd) |
security/vuxml: Record NSS vulnerability |
1.1_5
01 Dec 2021 19:09:11
|
Matthias Andree (mandree) |
security/vuxml: mail/mailman < 2.1.38 CSRF vuln.
Security: CVE-2021-44227
Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e |
1.1_5
25 Nov 2021 01:54:25
|
Mateusz Piotrowski (0mp) |
security/vuxml: Mark java/bouncycastle as vulnerable where applicable
Some of the reported java/bouncycastle15 security issues affect the
legacy port of java/bouncycastle as well. Update vuxml.xml accordingly.
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc. |
1.1_5
24 Nov 2021 15:18:56
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document cookie prefix spoofing in rubygem-cgi |
1.1_5
24 Nov 2021 15:18:56
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document buffer overrun in rubygem-cgi |
1.1_5
24 Nov 2021 15:18:56
|
Yasuhiro Kimura (yasu) |
security/vuxml: Update affecting packages of
6916ea94-4628-11ec-bbe2-0800270512f4
This vulnerability also affects ruby ports. |
1.1_5
23 Nov 2021 16:53:00
|
Ashish SHUKLA (ashish)
Author: Evilham |
security/vuxml: Document vulnerability in Matrix Synapse
PR: 259994
Reported by: Sascha Biberhofer <ports at skyforge dot at>
Security: 27aa2253-4c72-11ec-b6b9-e86a64caca56
Security: CVE-2021-41281 |
1.1_5
19 Nov 2021 09:47:50
|
Guangyuan Yang (ygy)
Author: Robert Clausecker |
security/vuxml: Document archivers/advancecomp vulnerabilities
PR: 259534 |
1.1_5
16 Nov 2021 22:48:48
|
Rene Ladan (rene) |
security/vuxml: document www/chromium < 96.0.4664.45
Obtained
from: https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html |
1.1_5
15 Nov 2021 15:42:11
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document denial of service vunlerability in rubygem-date |
1.1_5
15 Nov 2021 11:04:58
|
Bernard Spil (brnrd) |
security/vuxml: Mark roundcube vuln in quarterly |
1.1_5
13 Nov 2021 10:52:32
|
Matthias Andree (mandree) |
security/vuxml: also list mailman exim4/postfix pkgs
The initial commit 162e701a5982 omitted listing the
-exim4 and -postfix packages. Make up for that.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332 |
1.1_5
13 Nov 2021 10:06:43
|
Matthias Andree (mandree) |
security/vuxml: document mail/mailman < 2.1.37 issues
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
LP: A crafted URL to the user options page can execute arbitrary
javascript.
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
LP: The CSRF token for the admindb page contains an encrypted version of
the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332 |
1.1_5
11 Nov 2021 14:45:28
|
Palle Girgensohn (girgen) |
security-vuxml: Add URL for PostgreSQL release notes |
1.1_5
11 Nov 2021 14:37:01
|
Palle Girgensohn (girgen) |
security/vuxml: Document latest PostgreSQL vulnerability
* CVE-2021-23214
* CVE-2021-23222 |
1.1_5
10 Nov 2021 06:31:25
|
Romain Tartière (romain) |
security/vuxml: Document latest Puppet issues
* CVE-2021-27023
* CVE-2021-27025 |
1.1_5
10 Nov 2021 02:04:01
|
Timur I. Bakeyev (timur) |
security/vuxml: Document latest Samba security issues.
* CVE-2020-25717
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* CVE-2016-2124
* CVE-2021-3738
* CVE-2021-23192 |
1.1_5
09 Nov 2021 08:41:37
|
Bernard Spil (brnrd) |
security/vuxml: Update latest MySQL entry
* Mark MariaDB vulnerable
* Add list of CVE's |
1.1_5
05 Nov 2021 08:35:56
|
Kai Knoblich (kai) |
security/vuxml: Document net/pyrad security issues
PR: 259332 |
1.1_5
05 Nov 2021 07:51:39
|
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5
04 Nov 2021 14:52:01
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-11-04
Sponsored by: The FreeBSD Foundation |
1.1_5
04 Nov 2021 08:51:40
|
Li-Wen Hsu (lwhsu)
Author: Stefan Bethke |
security/vuxml: Document security issues in gitlab <= 1.15.5
PR: 259548 |
1.1_5
30 Oct 2021 08:33:11
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5
29 Oct 2021 19:33:45
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 95.0.4638.69
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html |
1.1_5
28 Oct 2021 15:23:09
|
Sergey A. Osokin (osa) |
security/vuxml: fix openssl-devel-3.0.0-alpha12 package version |
1.1_5
27 Oct 2021 15:48:14
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible RCE vulnerability in fail2ban.
Differential Revision: https://reviews.freebsd.org/D32575 |
1.1_5
27 Oct 2021 09:01:21
|
Yasuhiro Kimura (yasu)
Author: Boris Korzun |
security/vuxml: Document snapshot authentication bypass vulnerability in Grafana
PR: 258962
Differential Revision: https://reviews.freebsd.org/D32667 |
1.1_5
23 Oct 2021 19:50:04
|
Steve Wills (swills) |
security/vuxml: document minio issue |
1.1_5
20 Oct 2021 17:59:37
|
Matthias Andree (mandree) |
security/vuxml: two mail/mailman < 2.1.35 vulns
Security: CVE-2021-42096
Security: CVE-2021-42097
Security: 8d65aa3b-31ce-11ec-8c32-a14e8e520dc7 |
1.1_5
19 Oct 2021 20:14:42
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 95.0.4638.54
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html |
1.1_5
17 Oct 2021 15:42:44
|
Bernard Spil (brnrd) |
security/vuxml: Document 2021Q4 MySQL vulnerabilities |
1.1_5
14 Oct 2021 18:31:11
|
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js October 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
Sponsored by: Miles AS |
1.1_5
12 Oct 2021 21:15:17
|
Bryan Drewery (bdrewery) |
security/vuxml: Update OpenSSH CVE-2021-41617 fix for quarterly commit |
1.1_5
12 Oct 2021 18:06:43
|
Bryan Drewery (bdrewery) |
security/vuxml: Document OpenSSH CVE-2021-41617 |
1.1_5
12 Oct 2021 13:16:54
|
Dave Cottlehuber (dch) |
security/vuxml: add CouchDB CVE details
while here, appease `make validate` indentation
Security: https://docs.couchdb.org/en/stable/cve/2021-38295.html
Sponsored by: SkunkWerks, GmbH |
1.1_5
11 Oct 2021 18:36:00
|
Don Lewis (truckman) |
security/vuxml: topic format consistency
Reformat to be consistent with other entries. |
1.1_5
11 Oct 2021 18:33:34
|
Don Lewis (truckman) |
security/vuxml: update editors/openoffice-{4,devel} latest entry
Add info about three just announced CVEs. |
1.1_5
11 Oct 2021 17:43:09
|
Mateusz Piotrowski (0mp) |
security/vuxml: Document Ansible vulnerability
Security: CVE-2021-3620 |
1.1_5
09 Oct 2021 21:20:53
|
Don Lewis (truckman) |
security/vuxml: Document editors/openoffice-{4,devel} vulnerability |
1.1_5
09 Oct 2021 07:02:33
|
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerability |
1.1_5
08 Oct 2021 08:25:04
|
Rene Ladan (rene) |
security/vuxml: document www/chromium < 94.0.4606.81
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html |
1.1_5
07 Oct 2021 17:38:35
|
Cy Schubert (cy) |
security/vuxml: Only apache24 2.4.49 and 2.4.50 are vulnerable |
1.1_5
07 Oct 2021 02:24:55
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range of 9bad457e-b396-4452-8773-15bec67e1ceb
Sponsored by: The FreeBSD Foundation |
1.1_5
07 Oct 2021 02:22:48
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-10-06
Sponsored by: The FreeBSD Foundation |
1.1_5
06 Oct 2021 13:30:22
|
Bernard Spil (brnrd) |
security/vuxml: Only apache24 2.4.49 is vulnerable |
1.1_5
05 Oct 2021 18:51:23
|
Sergey A. Osokin (osa) |
security/vuxml: document multiple issues with databases/redis-devel |
1.1_5
05 Oct 2021 13:28:13
|
Sergey A. Osokin (osa) |
security/vuxml: document multiple issue with databases/redis{,5,6}
PR: 258935 |
1.1_5
05 Oct 2021 08:47:45
|
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulnerability |
1.1_5
05 Oct 2021 05:09:26
|
Matthias Fechner (mfechner) |
security/vuxml: Document bacula-web vulnerabilities |
1.1_5
01 Oct 2021 07:19:35
|
Wen Heping (wen) |
security/vuxml: Document mediawiki's multiple vulnerabilities |
1.1_5
30 Sep 2021 21:03:02
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 94.0.4606.71
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html |
1.1_5
30 Sep 2021 19:28:52
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5
30 Sep 2021 16:23:08
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix entry 7062bce0-1b17-11ec-9d9d-0022489ad614
This should also fix vuxml build.
PR: 258802
Sponsored by: The FreeBSD Foundation |
1.1_5
30 Sep 2021 02:02:47
|
Alex Kozlov (ak) |
security/vuxml: document archivers/ha vulnerabilities |
1.1_5
29 Sep 2021 05:52:41
|
Kyle Evans (kevans) |
security/vuxml: document recent nexus2-oss vulnerabilities
PR: 252564 |
1.1_5
28 Sep 2021 08:29:46
|
Bernard Spil (brnrd) |
security/vuxml: Fix range on latest cURL vuln
Submitted by: yasu
PR: 258586 |
1.1_5
28 Sep 2021 08:03:58
|
Bernard Spil (brnrd) |
security/vuxml: Fix double CVE- in latest httpd entry |
1.1_5
27 Sep 2021 08:39:45
|
Baptiste Daroussin (bapt)
Author: Evgeniy Khramtsov |
security/vuxml: add www/webkit2-gtk3
PR: 255528
Obtained from: https://webkitgtk.org/security/WSA-2021-0005.html |
1.1_5
24 Sep 2021 20:38:25
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 94.0.4606.61
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html |
1.1_5
23 Sep 2021 01:03:25
|
Craig Leres (leres) |
security/vuxml: Fix missing <name> field
I wasn't able to see my mistake based on the error "make validate"
gave me:
Traceback (most recent call last):
File
"/usr/local/poudriere/ports/current-patched/security/vuxml/files/extra-validation.py",
line 99, in <module>
if (re_invalid_package_name.search(name.text) is not None):
TypeError: expected string or bytes-like object
*** Error code 1
Thanks to Dan for the pointy hat save.
Reported by: Dan Langille |
1.1_5
22 Sep 2021 22:09:30
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.4 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.4
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause
it to crash. Due to the possibility of this happening with packets
received from the network, this is a potential DoS vulnerability. |
1.1_5
22 Sep 2021 08:59:34
|
Bernard Spil (brnrd) |
security/vuxml: Document mod_auth_mellon vulnerability |
1.1_5
21 Sep 2021 20:27:13
|
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js August 2021 Security Releases (2)
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Sponsored by: Miles AS |
1.1_5
21 Sep 2021 20:26:42
|
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js August 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
Sponsored by: Miles AS |
1.1_5
21 Sep 2021 20:26:41
|
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js July 2021 Security Releases (2)
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
Sponsored by: Miles AS |
1.1_5
21 Sep 2021 20:26:35
|
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js July 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
Sponsored by: Miles AS |
1.1_5
21 Sep 2021 20:17:35
|
Rene Ladan (rene) |
security/vuxml: add chromium < 94.0.4606.54
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html |
1.1_5
21 Sep 2021 03:47:26
|
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document libssh vulnerability |
1.1_5
20 Sep 2021 06:26:06
|
Daniel Engberg (diizzy)
Author: Robert Clausecker |
security/vuxml: Add entry for libpano13 < 2.9.20
PR: 258354
Approved by: tcberner
Differential Revision: https://reviews.freebsd.org/D31980 |
1.1_5
17 Sep 2021 21:37:59
|
Jan Beich (jbeich) |
security/vuxml: update seatd 0.6.{0,1} entry
- Discovered 1 day before announcement
- Assigned CVE-2021-41387 |
1.1_5
17 Sep 2021 19:15:56
|
Eugene Grosbein (eugen) |
security/vuxml: fix range in vid f55921aa-10c9-11ec-8647-00e0670f2660
Fix ranges for latest net/mpd5 vulnerability.
Reported by: Clive Lin |
1.1_5
17 Sep 2021 17:40:47
|
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulns |
1.1_5
17 Sep 2021 10:52:12
|
Bernard Spil (brnrd) |
security/vuxml: Register cURL vulns |
1.1_5
16 Sep 2021 01:20:09
|
Jan Beich (jbeich) |
security/vuxml: consistently use -- in topic after e0992ef21346 |
1.1_5
16 Sep 2021 01:15:04
|
Jan Beich (jbeich) |
security/vuxml: mark seatd 0.6.{0,1} as vulnerable |
1.1_5
14 Sep 2021 16:55:06
|
Rene Ladan (rene) |
security/vuxml: add chromium < 93.0.4577.82
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html |
1.1_5
13 Sep 2021 18:14:24
|
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerabilities in Matrix clients
Security: 93eb0e48-14ba-11ec-875e-901b0e9408dc
Security: CVE-2021-40823
Security: CVE-2021-40824 |
1.1_5
11 Sep 2021 00:30:50
|
Brad Davis (brd) |
security/vuxml: document sysutils/consul vulnerability |
1.1_5
10 Sep 2021 17:21:33
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5
09 Sep 2021 12:11:13
|
Wen Heping (wen) |
security/vuxml: Document multiple vulnerabilities of python38 |
1.1_5
08 Sep 2021 22:02:51
|
Eugene Grosbein (eugen) |
security/vuxml: add net/mpd5 PPPoE Server remotely exploitable crash
Version 5.9_2 contains security fix for PPPoE servers.
Insufficient validation of incoming PPPoE Discovery request
specially crafted by unauthenticated user might lead to unexpected
termination of the process. The problem affects mpd versions since 5.0.
Installations not using PPPoE server configuration were not affected.
Reported by: Yannick C at SourceForge
Tested by: Yannick C at SourceForge, paul at SourceForge |
1.1_5
07 Sep 2021 07:12:37
|
Wen Heping (wen) |
security/vuxml: Document multiple vulnerabilities of python36 and python37 |
1.1_5
05 Sep 2021 11:32:07
|
Bernard Spil (brnrd) |
security/vuxml: Document WeeChat vulnerability |
1.1_5
02 Sep 2021 14:31:26
|
Ashish SHUKLA (ashish) |
security/vuxml: Document py-matrix-synapse vulnerabilities
PR: 258187
Reported by: Sascha Biberhofer <ports@skyforge.at>
Security: a67e358c-0bf6-11ec-875e-901b0e9408dc
Security: CVE-2021-39163
Security: CVE-2021-39164 |
1.1_5
02 Sep 2021 04:48:27
|
Wen Heping (wen) |
security/vuxml: Document python39 multiple vulnerabilities |
1.1_5
02 Sep 2021 03:41:34
|
Hajimu UMEMOTO (ume) |
security/vuxml: fix range
Reported by: rene |
1.1_5
01 Sep 2021 20:34:29
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 93.0.4577.63
Obtained
from: https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html |
1.1_5
01 Sep 2021 13:22:35
|
Hajimu UMEMOTO (ume) |
security/vuxml: Document cyrus-imapd vulnerability. |
1.1_5
31 Aug 2021 21:20:14
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5
26 Aug 2021 23:09:48
|
Matthias Andree (mandree) |
security/vuxml: document fetchmail TLS vulns
URL: https://www.fetchmail.info/fetchmail-SA-2021-02.txt
Security: CVE-2021-39272
Security: 1d6410e8-06c1-11ec-a35d-03ca114d16d6 |
1.1_5
25 Aug 2021 06:14:17
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:17.openssl
Reference FreeBSD SA-21:17.openssl in the 16 February 2021
OpenSSL entry and note the fixed patch releases. |
1.1_5
25 Aug 2021 06:14:16
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:16.openssl
Reference FreeBSD SA-21:16.openssl in the 24 August 2021
OpenSSL entry and note the fixed patch releases. |
1.1_5
25 Aug 2021 06:14:16
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:15.libfetch |
1.1_5
25 Aug 2021 06:14:16
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:14.ggatec |
1.1_5
25 Aug 2021 06:14:15
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:13.bhyve |
1.1_5
24 Aug 2021 15:13:24
|
Bernard Spil (brnrd) |
security/vuxml: Fix openssl-devel version |
1.1_5
24 Aug 2021 15:10:04
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL vulnerabilities |
As an Amazon Associate I earn from qualifying purchases.
