| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_5
08 Jun 2021 19:30:08
     |
Ashish SHUKLA (ashish)  |
security/vuxml: Document CVE-2021-33896 in net-im/dino port |
1.1_5
06 Jun 2021 20:48:56
|
Matthew Seaman (matthew) |
security/vuxml: Document CVE-2021-3515 for databases/pglogical
A shell injection flaw was found in pglogical in versions before 2.3.4
and before 3.6.26. An attacker with CREATEDB privileges on a
PostgreSQL server can craft a database name that allows execution of
shell commands as the postgresql user when calling
pglogical.create_subscription(). |
1.1_5
06 Jun 2021 08:48:40
|
Kurt Jaeger (pi)
Author: Simon Wright |
security/vuxml: add www/drupal7 CVE |
1.1_5
04 Jun 2021 18:29:52
|
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in sysutils/polkit
Cedric Buissart reports:
The function `polkit_system_bus_name_get_creds_sync` is used to get the
uid and pid of the process requesting the action. It does this by
sending the unique bus name of the requesting process, which is
typically something like ":1.96", to `dbus-daemon`. These unique names
are assigned and managed by `dbus-daemon` and cannot be forged, so this
is a good way to check the privileges of the requesting process.
The vulnerability happens when the requesting process disconnects from
`dbus-daemon` just before the call to
`polkit_system_bus_name_get_creds_sync` starts. In this scenario, the
unique bus name is no longer valid, so `dbus-daemon` sends back an error (Only the first 15 lines of the commit message are shown above  ) |
1.1_5
04 Jun 2021 09:59:47
|
Thomas Zander (riggs) |
security/vuxml: Document CVE-2021-33054 for www/sogo*.
PR: 256374
Reported by: rob2g2 <spam123@bitbert.com> |
1.1_5
04 Jun 2021 09:38:47
|
Fernando ApesteguĂa (fernape) |
security/vuxml: Add CVE-2020-8492 for lang/tauthon
PR: 256387
Reported by: olivier.freebsd@free.fr |
1.1_5
04 Jun 2021 09:32:50
|
Thomas Zander (riggs) |
security/vuxml: Document CVE-2021-28091 for security/lasso.
PR: 256373
Reported by: spam123@bitbert.com |
1.1_5
03 Jun 2021 23:17:28
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5
03 Jun 2021 11:26:09
|
Dmitry Marakasov (amdmi3) |
security/vuxml: document aiohttp CVE-2021-21330 |
1.1_5
02 Jun 2021 23:53:02
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.2
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability. |
1.1_5
02 Jun 2021 18:41:43
|
Dmitry Marakasov (amdmi3) |
security/vuxml: add entry for PyYAML CVE-2020-14343
PR: 256220 |
1.1_5
02 Jun 2021 13:48:26
|
Ryan Steinmetz (zi) |
security/vuxml: Fix overly large entry that violates 'make validate' |
1.1_5
02 Jun 2021 13:48:26
|
Ryan Steinmetz (zi) |
security/vuxml: Document isc-dhcp44-* vulnerability
PR: 256377 |
1.1_5
01 Jun 2021 22:37:21
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities. |
1.1_5
01 Jun 2021 16:59:21
|
Jung-uk Kim (jkim) |
security/vuxml: Correct CVE entry for the x11/libX11 vulnerability |
1.1_5
01 Jun 2021 15:35:26
|
Sergey A. Osokin (osa) |
security/vuxml: document vulnerability in databases/redis
Security: CVE-2021-32625 |
1.1_5
01 Jun 2021 15:13:05
|
Jung-uk Kim (jkim) |
security/vuxml: Document vulnerability in x11/libX11
PR: 256034
Security: CVE-2021-31535 |
1.1_5
01 Jun 2021 03:02:51
|
Guangyuan Yang (ygy)
Author: David O'Rourke |
security/vuxml: Document vulnerability in net-mgmt/prometheus2
PR: 255976
Security: CVE-2021-29622
Approved by: lwhsu (mentor) |
1.1_5
31 May 2021 20:55:37
|
Adriaan de Groot (adridg) |
security/vuxml: Document graphics/wayland <= 1.19.0 |
1.1_5
27 May 2021 05:17:36
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:12.libradius |
1.1_5
27 May 2021 05:17:36
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:11.smap |
1.1_5
26 May 2021 10:17:39
|
Rene Ladan (rene) |
vuln.xml: Document chromium < 91.0.4472.77
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html |
1.1_5
26 May 2021 00:33:57
|
Danilo G. Baio (dbaio) |
security/vuxml: Document net/libzmq4 issues
PR: 255102
Reported by: Thomas Petig <thomas@petig.eu>
Security: CVE-2019-13132
Security: CVE-2020-15166 |
1.1_5
25 May 2021 15:40:21
|
Sergey A. Osokin (osa) |
security/vuxml: document vulnerability in www/nginx and www/nginx-devel
Security: CVE-2021-23017 |
1.1_5
24 May 2021 15:57:00
|
Palle Girgensohn (girgen) |
databases/pg_partman: arbitrary code execution
Security: CVE-2021-33204 |
1.1_5
24 May 2021 15:02:45
|
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in texptroc/expat2
Security: CVE-2013-0340
PR: 256121 |
1.1_5
23 May 2021 14:44:41
|
Tobias C. Berner (tcberner)
Author: Yasuhiro Kimura |
security/vuxml: document vulnerability in texptroc/libxml2
PR: 256093
Security: CVE-2021-3541 |
1.1_5
17 May 2021 15:11:08
|
Mateusz Piotrowski (0mp) |
security/vuxml: Add example cvename tag to template
Reviewed by: riggs
Approved by: riggs (ports secteam)
Differential Revision: https://reviews.freebsd.org/D30231 |
1.1_5
15 May 2021 09:12:15
|
Palle Girgensohn (girgen) |
databases/postgresql??-server: multiple security issues |
1.1_5
13 May 2021 19:44:55
|
Neel Chauhan (nc)
Author: Thomas Morper |
security/vuxml: Add entry for net-im/prosody
PR: 255845, 255849 |
1.1_5
13 May 2021 14:43:16
|
Thierry Thomas (thierry) |
security/vuxml: declare vulnerabilities for ImageMagick6
PR: 255818 |
1.1_5
13 May 2021 14:43:16
|
Thierry Thomas (thierry) |
security/vuxml: declare vulnerabilities for ImageMagick7
PR: 255802 |
1.1_5
12 May 2021 10:09:17
|
Thierry Thomas (thierry) |
security/vuxml: add vunerabilities fixed in 8.2.0
PR: 255361 |
1.1_5
11 May 2021 18:11:58
|
Rene Ladan (rene) |
Document vulnerabilities in Chromium < 90.0.4430.212
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html |
1.1_5
11 May 2021 15:19:59
|
Neel Chauhan (nc)
Author: Sascha Biberhofer |
security/vuxml: Add entry for net-im/py-matrix-synapse |
1.1_5
10 May 2021 12:35:14
|
Hajimu UMEMOTO (ume) |
security/vuxml: cyrus-imapd -- Remote authenticated users could bypass intended
access restrictions on c\ertain server annotations. |
1.1_5
08 May 2021 16:03:23
|
Christian Weisgerber (naddy) |
security/vuxml: Document FLAC out-of-bounds read |
1.1_5
08 May 2021 09:33:44
|
Matthias Andree (mandree) |
security/vuxml: add CVE #s for OpenEXR 2.5.4 fixes |
1.1_5
07 May 2021 09:52:53
|
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document rails vulnerability |
1.1_5
06 May 2021 20:12:51
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5
05 May 2021 08:39:44
|
Mateusz Piotrowski (0mp) |
security/vuxml: Document Ansible vulnerability |
1.1_5
05 May 2021 07:05:58
|
Wen Heping (wen) |
security/vuxml : Document django's multiple vulnerabilities |
1.1_5
05 May 2021 03:39:35
|
Wen Heping (wen) |
Document Python's multiple vulnerabilities |
1.1_5
04 May 2021 14:26:23
|
Bernard Spil (brnrd) |
security/vuxml: Update latest MySQL vuln entry
* Adds CVE numbers
* Mark MariaDB partially affected |
1.1_5
03 May 2021 21:44:51
|
Sergey A. Osokin (osa) |
security/vuxml: document recent vulnerabilities with redis ports.
PR: 255580 |
1.1_5
03 May 2021 13:59:52
|
Koichiro Iwao (meta) |
security/vuxml: Document command injection vulnerability in RDoc
PR: 255552
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Security: CVE-2021-31799 |
1.1_5
02 May 2021 12:59:33
|
Kurt Jaeger (pi)
Author: Geoffroy Desvernay |
security/vuxml: add mail/sympa CVE
PR: 252464 |
1.1_5
01 May 2021 01:25:40
|
Timur I. Bakeyev (timur) |
Add an entry about Samba vulnerability CVE-2021-20254:
Negative idmap cache entries can cause incorrect group entries in the Samba file
server process token.
PR:
Submitted by:
Reported by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
MFH:
Relnotes:
Security: CVE-2021-20254
Sponsored by:
Differential Revision: |
1.1_5
29 Apr 2021 23:00:45
|
Don Lewis (truckman) |
security/vuxml: Update fixed version of openoffice-devel.
CVE-2021-30245 is fixed in version 1619649022 of
editors/openoffice-devel. |
1.1_5
28 Apr 2021 21:57:39
|
Matthias Fechner (mfechner) |
Document gitlab-ce vulnerabilities. |
1.1_5
28 Apr 2021 21:57:38
|
Matthias Fechner (mfechner) |
Document vulnerabilities for www/rubygem-carrierwave. |
1.1_5
28 Apr 2021 16:56:22
|
Neel Chauhan (nc) |
mail/sympa: add vuxml entry
PR: 255455
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer) |
1.1_5
27 Apr 2021 17:11:58
|
Rene Ladan (rene) |
Document new vulns, www/chromium < 90.0.4430.93
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html |
1.1_5
26 Apr 2021 13:30:52
|
Palle Girgensohn (girgen) |
security/shibboleth.sp: add more information to security advisory |
1.1_5
26 Apr 2021 08:36:36
|
Palle Girgensohn (girgen) |
security/shibboleth-sp: add entry for upcoming vulnerability
The details are not yet disclosed. |
1.1_5
21 Apr 2021 21:40:41
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.1 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.1
Fix null-pointer dereference when encountering an invalid enum name
in a config/input file that tries to read it into a set[enum]. For
those that have such an input feed whose contents may come from
external/remote sources, this is a potential DoS vulnerability. |
1.1_5
21 Apr 2021 17:48:54
|
Matthias Andree (mandree) |
security/vuxml: add devel/openvpn < 2.5.2 entry
Security: CVE-2020-15078
Security: efb965be-a2c0-11eb-8956-1951a8617e30 |
1.1_5
21 Apr 2021 08:11:40
|
Rene Ladan (rene) |
Document new vulnerabilities in www/chromium < 90.0.4430.85
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html |
1.1_5
20 Apr 2021 19:28:14
|
Bryan Drewery (bdrewery) |
Another openssh version fix for CVE-2021-28041.
Reported by: leres |
1.1_5
20 Apr 2021 19:26:54
|
Li-Wen Hsu (lwhsu) |
Document Jenkins Security Advisory 2021-04-20
Sponsored by: The FreeBSD Foundation |
1.1_5
20 Apr 2021 15:37:57
|
Bryan Drewery (bdrewery) |
Fix openssh version in entry for CVE-2021-28041
Reported by: leres |
1.1_5
20 Apr 2021 10:00:41
|
Bernard Spil (brnrd) |
security/vuxml: Add MySQL vulns |
1.1_5
20 Apr 2021 03:49:20
|
Don Lewis (truckman) |
security/vuxml: Document OpenOffice vulnerability CVE-2021-30245 |
1.1_5
19 Apr 2021 04:11:34
|
Kevin Bowling (kbowling) |
devel/maven: update to 3.8.1
This is not just a bugfix as it contains three features that cause a change of
default behavior (external HTTP insecure URLs are now blocked by default): your
builds may fail when using this new Maven release, if you use now blocked
repositories. Please check and eventually fix before upgrading.
Changes http://maven.apache.org/docs/3.8.1/release-notes.html
PR: 255161
Approved by: Jonathan Chen <jonc@chen.org.nz> (maintainer)
Security: CVE-2021-26291
CVE-2020-13956 |
1.1_5
17 Apr 2021 16:31:10
|
Brad Davis (brd) |
Document sysutils/consul vulnerabilities |
1.1_5
15 Apr 2021 22:55:36
|
Mateusz Piotrowski (0mp) |
Document accountsservice vulnerability |
1.1_5
15 Apr 2021 14:46:59
|
Mateusz Piotrowski (0mp) |
Document textproc/mdbook vulnerability |
1.1_5
15 Apr 2021 14:32:58
|
Matthias Fechner (mfechner) |
Document gitlab vulnerabilities. |
1.1_5
15 Apr 2021 13:51:53
|
Rene Ladan (rene) |
Document new vulnerabilities in www/chromium < 90.0.4430.72 |
1.1_5
14 Apr 2021 17:47:31
|
Rene Ladan (rene) |
Document new vulnerabilities in www/chromium < 89.0.4389.128
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html |
1.1_5
13 Apr 2021 15:50:29
|
Emmanuel Vadot (manu) |
security/vuxml: Document xorg-server vuln |
1.1_5
12 Apr 2021 18:29:50
|
Adam Weinberger (adamw) |
security/vuxml: Add entry for gitea < 1.14.0
PR: 254976
Submitted by: Stefan Bethke |
1.1_5
12 Apr 2021 02:04:57
|
Steve Wills (swills) |
security/vuxml: Document syncthing issue |
1.1_5
10 Apr 2021 07:13:03
|
Thomas Zander (riggs) |
security/vuxml: Document information disclosure vulnerability in python.
PR: 254780
Reported by: yasu@utahime.org
Security: CVE-2021-3426 |
1.1_5
10 Apr 2021 06:31:41
|
Thomas Zander (riggs) |
security/vuxml: Document 2 vulnerabilities in ftp/curl
Security: CVE-2021-22876
CVE-2021-22890
PR: 254772
Reported by: yasu@utahime.org |
1.1_5
09 Apr 2021 22:08:57
|
Adam Weinberger (adamw) |
security/vuxml: Add entry for gitea < 1.13.7
PR: 254930
Submitted by: Stefan Bethke |
1.1_5
08 Apr 2021 04:36:09
|
Neel Chauhan (nc) |
Document multiple vulnerabilities in security/clamav
PR: 254861
Submitted by: Yasuhiro Kimura <yasu AT utahime DOT org> |
1.1_5
08 Apr 2021 00:43:00
|
Li-Wen Hsu (lwhsu) |
Document Jenkins Security Advisory 2021-04-07
Sponsored by: The FreeBSD Foundation |
1.1_5
07 Apr 2021 18:58:57
|
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js April 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/ |
1.1_5
07 Apr 2021 16:10:15
|
Lewis Cook (lcook) |
security/vuxml: Document upnp stack overflow vulnerability
Approved by: fernape (mentor)
Differential Revision: https://reviews.freebsd.org/D29618 |
1.1_5
07 Apr 2021 11:24:15
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:10.jail_mount |
1.1_5
07 Apr 2021 11:24:14
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:09.accept_filter |
1.1_5
07 Apr 2021 11:24:14
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:08.vm |
1.1_5
07 Apr 2021 11:24:14
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA to CVE-2021-3449/50
Note that FreeBSD 12.2 prior to FreeBSD 12.2-RELEASE-p5 was vulnerable
to CVE-2021-3449 and CVE-2021-3450. Reference FreeBSD-SA-21:07.openssl. |
1.1_5
06 Apr 2021 14:31:13
|
Mathieu Arnold (mat) |
all: Remove all other $FreeBSD keywords. |
1.1_5
06 Apr 2021 14:31:07
|
Mathieu Arnold (mat) |
Remove # $FreeBSD$ from Makefiles. |
1.1_5
06 Apr 2021 13:53:57
|
Koichiro Iwao (meta) |
security/vuxml: Document XML round-trip vulnerability of REXML in Ruby
Document XML round-trip vulnerability of REXML in Ruby.
PR: 254793
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Security: CVE-2021-28965 |
1.1_5
06 Apr 2021 08:49:52
|
Rene Ladan (rene) |
Add vuln-flat.xml to the ignore list and remove the one committed by accident |
1.1_5
06 Apr 2021 08:46:51
|
Rene Ladan (rene) |
Document new vulnerabilities in www/chromium < 89.0.4389.114
Obtained from:
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html |
1.1_5
06 Apr 2021 08:01:53
|
Matthias Fechner (mfechner) |
Document gitlab-ce vulnerabilities. |
1.1_5
28 Mar 2021 21:37:55
  |
mandree |
security/linux-c7-nettle: mark vulnerable, too
See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254355#c14
PR: 254355
Reported by: Graham Perrin <grahamperrin@gmail.com> |
1.1_5
28 Mar 2021 03:20:57
|
timur |
Add entry about recent Samba4* vulnerabilities:
CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by
sending easily crafted DNs as part of a bind request. More serious heap
corruption is likely also possible.
CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP
server may crash the LDAP server.
Security: CVE-2020-27840
CVE-2021-20277 |
1.1_5
27 Mar 2021 11:12:22
|
mandree |
vuln.xml: mention nettle < 3.7.2 ECDSA verify bugs
Security: 80f9dbd3-8eec-11eb-b9e8-3525f51429a0 |
1.1_5
26 Mar 2021 08:09:29
|
brnrd |
security/vuxml: Document High OpenSSL vulnerabilities
* While here, fix incorrect year in ec04f3d0-8cd9-11eb-bb9f-206a8a720317 |
1.1_5
24 Mar 2021 20:02:59
|
cy |
security/vuxml: Document spamassassin CVE-2020-1946
PR: 254526
Security: https://s.apache.org/ng9u9
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946 |
1.1_5
24 Mar 2021 03:15:10
|
adamw |
security/vuxml: Add entry for gitea < 1.13.6
PR: 254515
Submitted by: maintainer |
1.1_5
21 Mar 2021 18:30:58
|
adamw |
security/vuxml: Add entry for gitea < 1.13.5
PR: 254468
Submitted by: maintainer |
1.1_5
18 Mar 2021 20:52:08
|
bdrewery |
OpenSSH CVE-2021-28041 fixed in 8.4.p1_4,1.
Also add flavored package names. |
1.1_5
18 Mar 2021 19:30:13
|
bdrewery |
Document OpenSSH CVE-2021-28041
PR: 254258
Submitted by: Yasuhiro Kimura |
1.1_5
18 Mar 2021 14:05:02
|
mfechner |
Document gitlab vulnerability. |
As an Amazon Associate I earn from qualifying purchases.
