| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_5
07 Dec 2020 23:53:41
   |
mfechner  |
Document gitlab-ce vulnerabilities. |
1.1_5
06 Dec 2020 22:01:12
|
swills |
Document consul issue
PR: 251418
Submitted by: brd |
1.1_5
05 Dec 2020 11:43:31
|
rene |
Document new vulnerabilities in www/chromium < 87.0.4280.88 |
1.1_5
04 Dec 2020 17:26:41
|
zi |
- Unbreak build after previous commit |
1.1_5
04 Dec 2020 16:56:32
|
adamw |
security/vuxml: Add entry for gitea < 1.13.0
PR: 251577
Submitted by: maintainer |
1.1_5
02 Dec 2020 10:03:15
|
philip |
security/vuxml: add FreeBSD SA-20:32.rtsold |
1.1_5
02 Dec 2020 10:03:10
|
philip |
security/vuxml: add FreeBSD SA-20:31.icmp6 |
1.1_5
01 Dec 2020 19:37:28
|
zeising |
vuxml: document xorg-server vulnerabilities
Document new vulnerabilities in xorg-server and sub ports:
CVE-2020-14360 and CVE-2020-25712
These issues can lead to privileges elevations for authorized clients
on systems where the X server is running privileged. |
1.1_5
27 Nov 2020 00:34:50
|
brd |
vuxml: Add entry for nomad < 0.12.6 |
1.1_5
22 Nov 2020 15:48:55
|
adamw |
vuxml: Add entry for gitea < 1.12.6 |
1.1_5
21 Nov 2020 22:14:16
|
bhughes |
security/vuxml: document Node.js November 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/
Sponsored by: Miles AS |
1.1_5
21 Nov 2020 14:41:33
|
riggs |
Document CVE-2020-28896 for mutt 2.0.2.
PR: 251278
Submitted by: dereks@lifeofadishwasher.com
Security: CVE-2020-28896 |
1.1_5
16 Nov 2020 11:13:15
|
fluffy |
VuXML: document mozjpeg and libjpeg-turbo recent vulnerabilities
PR: 250190
Submitted by: daniel.engberg.lists@pyret.net |
1.1_5
14 Nov 2020 21:02:17
|
pi |
security/vuxml: add entries for databases/mantis
PR: 251141
Submitted by: Zoltan Alexanderson Besse <zab@zltech.eu> |
1.1_5
12 Nov 2020 21:26:35
|
dmgk |
security/vuxml: Document lang/go vulnerabilities |
1.1_5
12 Nov 2020 06:14:51
|
rhurlin |
security/vuxml: New entry for sysutils/py-salt vulnerabilities
There are three security vulnerabilities described for sysutils/py-salt
in version 3002[1]: CVE-2020-16846, CVE-2020-17490, and VE-2020-25592.
[1] https://docs.saltstack.com/en/latest/topics/releases/3002.1.html
It is planned to update the port sysutils/py-salt soon, see PR 251013
Reported by: michael.glaus@hostpoint.ch (in PR 251013)
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D27189 |
1.1_5
10 Nov 2020 23:56:31
|
truckman |
Document vulnerability in editors/openoffice-4 < 4.1.8 and openoffice-devel
CVE-2020-13958 Unrestricted actions leads to arbitrary code execution
in crafted documents
A vulnerability in Apache OpenOffice scripting events allows an
attacker to construct documents containing hyperlinks pointing to
an executable on the target users file system. These hyperlinks can
be triggered unconditionally. In fixed versions no internal protocol
may be called from the document event handler and other hyperlinks
require a control-click.
<https://www.openoffice.org/security/cves/CVE-2020-13958.html> |
1.1_5
09 Nov 2020 17:08:12
|
tcberner |
Prefer graphics/ligvrsvg2-rust over graphics/librsvg2
- switch to the more modern version of librsvg2 on architectures
supporting rust
- this will fix some graphical issues on these architectures
PR: 250276
Exp-run by: antoine
Submitted by: tobik
Differential Revision: https://reviews.freebsd.org/D18878 |
1.1_4
09 Nov 2020 14:05:41
|
lwhsu |
Fix CVE name for 07c7ae7a-224b-11eb-aa6e-e0d55e2a8bf9
Sponsored by: The FreeBSD Foundation |
1.1_4
09 Nov 2020 05:28:06
|
tcberner |
Document vulnerability in textproc/raptor2
From [1], [2], [3]:
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML
writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
[2] https://www.debian.org/security/2020/dsa-4785
[3] https://www.openwall.com/lists/oss-security/2017/06/07/1
PR: 250971
Security: CVE-2017-18926 |
1.1_4
08 Nov 2020 12:47:38
|
dbaio |
security/vuxml: Document www/py-notebook issue
Fix open redirect vulnerability GHSA-c7vm-f5p4-8fqh (CVE to be assigned). |
1.1_4
07 Nov 2020 17:40:34
|
brnrd |
security/vuxml: Document addl. MariaDB vulns |
1.1_4
05 Nov 2020 22:38:13
|
madpilot |
Document asterisk vulnerabilities. |
1.1_4
03 Nov 2020 19:50:03
|
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.183
Obtained
from: https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html |
1.1_4
02 Nov 2020 20:23:35
|
mfechner |
Document gitlab vulnerabilities. |
1.1_4
02 Nov 2020 19:07:13
|
joneum |
Add entry for wordpress
Sponsored by: Netzkommune GmbH |
1.1_4
31 Oct 2020 21:26:52
|
timur |
Add an entry about recent Samba vulnerabilities
Security: CVE-2020-14318
CVE-2020-14323
CVE-2020-14383 |
1.1_4
31 Oct 2020 02:38:09
|
fluffy |
security/vuxml: Document stack overflow in tmux
PR: 250737 |
1.1_4
28 Oct 2020 10:25:25
|
fernape |
security/vuxml: Add entry for multimedia/motion
Follow up commit for 553525.
For some reason, "Use MHD function for url decoding" actually means fixing
CVE-2020-26566
PR: 250660 |
1.1_4
22 Oct 2020 08:38:22
|
tcberner |
print/freetype2: document vulnerability
PR: 250375
Security: CVE-2020-15999 |
1.1_4
21 Oct 2020 17:32:05
|
brnrd |
security/vuxml: Document 2020Q4 MySQL vulnerabilities |
1.1_4
21 Oct 2020 08:22:19
|
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.111
Obtained
from: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html |
1.1_4
19 Oct 2020 09:24:05
|
dch |
security/vuxml: add powerdns-recursor
PR: 250318
Submitted by: Ralf van der Enden <tremere@cainites.net>
Reported by: michael.glaus@hostpoint.ch
Sponsored by: SkunkWerks, GmbH |
1.1_4
18 Oct 2020 15:38:26
|
brnrd |
security/vuxml: Document MariaDB vulnerabilities |
1.1_4
17 Oct 2020 14:17:23
|
dbaio |
security/vuxml: Update entry date for the last issue added (r552574) |
1.1_4
17 Oct 2020 13:50:26
|
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 249948
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Security: CVE-2020-26891 |
1.1_4
17 Oct 2020 13:08:24
|
joneum |
Add entry for drupal7
Sponsored by: Netzkommune GmbH |
1.1_4
13 Oct 2020 22:35:45
|
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html |
1.1_4
10 Oct 2020 18:01:51
|
sunpoet |
Document rails vulnerability |
1.1_4
09 Oct 2020 05:32:21
|
pi |
security/vuxml: add CVEs for www/payara
- CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw
via either loc/con parameters
- CVE-2019-12086 A Polymorphic Typing issue was discovered in
FasterXML jackson-databind 2.x before 2.9.9
- some more
PR: 250207
Submitted by: Dmytro Bilokha <dmytro@posteo.net> |
1.1_4
07 Oct 2020 21:21:58
|
leres |
security/vuxml: Mark zeek < 3.0.11 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.11
A memory leak in multipart MIME code has potential for remote
exploitation and cause for Denial of Service via resource exhaustion.
While we're here fix missing cite for "zeek < 3.0.10" entry. |
1.1_4
07 Oct 2020 10:53:24
|
rene |
Document new vulnerabilities in www/chromium < 86.0.4240.75
Obtained
from: https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html |
1.1_4
05 Oct 2020 17:25:55
|
sunpoet |
Document libexif vulnerability |
1.1_4
04 Oct 2020 06:03:48
|
tcberner |
vuxml: fix version check in r551354 |
1.1_4
04 Oct 2020 05:49:10
|
tcberner |
vuxml: document deskutils/kdeconnect-kde vulnerability
KDE Project Security Advisory
=============================
Title: KDE Connect: packet manipulation can be exploited in a Denial
of Service attack
Risk Rating: Important
CVE: CVE-2020-26164
Versions: kdeconnect <= 20.08.1
Author: Albert Vaca Cintora <albertvaka@gmail.com>
Date: 2 October 2020
Overview
========
(Only the first 15 lines of the commit message are shown above  ) |
1.1_4
03 Oct 2020 17:21:33
|
tcberner |
vuxml: document vulnerability in devel/upnp
Security: CVE-2020-13848 |
1.1_4
02 Oct 2020 07:30:37
|
mfechner |
Document gitlab vulnerabilities. |
1.1_4
30 Sep 2020 20:29:18
|
thierry |
Add recent tt-rss issues.
PR: 249472
Submitted by: Derek Schrock (tt-rss's maintainer)
MFC after: 1 day
Security: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 |
1.1_4
28 Sep 2020 11:23:28
|
pi |
security/vuxml: Add CVE-2020-1945: Apache Ant insecure temporary file
vulnerability
PR: 248098
Submitted by: mikael |
1.1_4
28 Sep 2020 09:42:55
|
pi |
security/vuxml: add entry dns/powerdns below 4.3.1
- CVE-2020-17482
PR: 249560
Submitted by: Ralf van der Enden <tremere@cainites.net>
Relnotes: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html |
1.1_4
26 Sep 2020 13:10:26
|
zeising |
vuxml: Update pango entry for CVE-2019-1010238
Update the pango entry for CVE-2019-1010238.
Since the fix to pango wasn't applied properly the first time around, the
pango version with the fix needed to be bumpt in the vuxml entry. |
1.1_4
22 Sep 2020 19:00:08
|
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.121
Obtained
from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html |
1.1_4
22 Sep 2020 17:23:51
|
tcberner |
security/vuxml: document libxml2 vulnerabilities
PR: 249386 |
1.1_4
21 Sep 2020 21:07:57
|
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 249375
Submitted by: Denis Kasak <dkasak@termina.org.uk>
Submitted by: Sascha Biberhofer <ports@skyforge.at> (earlier version) |
1.1_4
20 Sep 2020 11:36:50
|
fluffy |
- Document python35 multiple vulnerabilities
PR: 249187 |
1.1_4
20 Sep 2020 00:36:02
|
timur |
Add an entry about CVE-2020-1472 - Unauthenticated domain takeover via netlogon
("ZeroLogon")
Security: CVE-2020-1472 |
1.1_4
19 Sep 2020 12:22:27
|
brnrd |
security/vuxml: Document Nextcloud 19.0.1 vuln |
1.1_4
18 Sep 2020 09:26:23
|
mandree |
www/webkit2-gtk3: Multiple Vulnerabilities (vuxml entry)
PR: 247892
Submitted by: rob2g2 <spam123@bitbert.com>
Security: CVE-2020-9802
Security: CVE-2020-9803
Security: CVE-2020-9805
Security: CVE-2020-9806
Security: CVE-2020-9807
Security: CVE-2020-9843
Security: CVE-2020-9850
Security: CVE-2020-13753 |
1.1_4
16 Sep 2020 20:47:51
|
bhughes |
security/vuxml: document Node.js September 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Sponsored by: Miles AS |
1.1_4
16 Sep 2020 06:44:34
|
philip |
security/vuxml: add FreeBSD SA-20:30.ftpd |
1.1_4
16 Sep 2020 06:44:29
|
philip |
security/vuxml: add FreeBSD SA-20:29.bhyve_svm |
1.1_4
16 Sep 2020 06:44:24
|
philip |
security/vuxml: add FreeBSD SA-20:28.bhyve_vmcs |
1.1_4
16 Sep 2020 06:44:19
|
philip |
security/vuxml: add FreeBSD SA-20:27.ure |
1.1_4
12 Sep 2020 12:11:03
|
sunpoet |
Document rails vulnerability |
1.1_4
10 Sep 2020 00:10:25
|
leres |
security/vuxml: Mark zeek < 3.0.10 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.10
Memory leak has potential for remote DOS via resource exhaustion. |
1.1_4
09 Sep 2020 16:01:10
|
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.102
Obtained
from: https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop.html |
1.1_4
07 Sep 2020 18:04:21
|
delphij |
Sigh, fix previous entry as it's already documented, combine the information
into previous entry. |
1.1_4
07 Sep 2020 18:02:55
|
delphij |
Document mpd multiple vulnerabilities. |
1.1_4
06 Sep 2020 20:03:11
|
eugen |
Document remotely exploitable crash in the mpd5.
Reported by: chennan at SourceForge
Obtained from: http://mpd.sourceforge.net/doc5/mpd4.html#4 |
1.1_4
06 Sep 2020 10:49:32
|
tijl |
Document Mbed TLS 2020-09-1 and 2020-09-2.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 |
1.1_4
06 Sep 2020 10:22:45
|
tijl |
Document GNUTLS-SA-2020-09-04.
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 |
1.1_4
05 Sep 2020 21:44:38
|
sunpoet |
Update jasper vulnerability |
1.1_4
05 Sep 2020 21:35:39
|
sunpoet |
Document Django vulnerability |
1.1_4
04 Sep 2020 21:08:41
|
adamw |
security/vuxml: Fix gnupg version range specification
Thanks to swills for pointing me to the error here.
PR: 249110
Reported by: jjuanino gmail |
1.1_4
04 Sep 2020 05:25:46
|
lwhsu |
Fix format |
1.1_4
04 Sep 2020 02:13:17
|
adamw |
vuxml: Add entry for gnupg 2.2.21 - 2.2.22 |
1.1_4
03 Sep 2020 01:00:50
|
philip |
security/vuxml: add FreeBSD SA-20:26.dhclient |
1.1_4
03 Sep 2020 01:00:46
|
philip |
security/vuxml: add FreeBSD SA-20:25.sctp |
1.1_4
03 Sep 2020 01:00:36
|
philip |
security/vuxml: add FreeBSD SA-20:24.ipv6 |
1.1_4
02 Sep 2020 19:39:19
|
mfechner |
Document gitlab vulnerabilities. |
1.1_4
01 Sep 2020 19:28:26
|
dmgk |
security/vuxml: Document lang/go vulnerability |
1.1_4
28 Aug 2020 05:15:49
|
tcberner |
security/vuxml: document vulnerability in ark |
1.1_4
27 Aug 2020 20:50:21
|
leres |
security/vuxml: Mark php72, php73, and php74 vulnerable as per:
https://www.php.net/ChangeLog-7.php#PHP_7_4
https://www.php.net/ChangeLog-7.php#PHP_7_3
https://www.php.net/ChangeLog-7.php#PHP_7_2
The phar_parse_zipfile function had [a] use-after-free vulnerability
because of [a] mishandling of the actual_alias variable.
Security: CVE-2020-7068 |
1.1_4
26 Aug 2020 18:01:43
|
rene |
Document new vulnerabilities in www/chromium < 85.0.4183.83 |
1.1_4
25 Aug 2020 19:00:36
|
sunpoet |
Document jasper vulnerability |
1.1_4
25 Aug 2020 17:26:32
|
zeising |
vuxml: Document xorg-server and libX11 vulns
Document newly announced vulnerabilities in libX11 and xorg-server. |
1.1_4
25 Aug 2020 13:12:31
|
mfechner |
Updated entry for gitlab to clarify that the previously reported version does
not fix the problem.
Please also see this upstream issue:
https://gitlab.com/gitlab-org/gitlab/-/issues/233881 |
1.1_4
22 Aug 2020 10:08:38
|
mandree |
vuln.xml: add chrony < 3.5.1 pidfile symlink vulnerability
Security: 719f06af-e45e-11ea-95a1-c3b8167b8026
Security: CVE-2020-14367 |
1.1_4
20 Aug 2020 18:12:46
|
freqlabs |
security/vuxml: Document sysutils/openzfs-kmod issues
PR: 248787
Reported by: Andrew Walker
Reviewed by: wg
Approved by: wg (ports)
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D26121 |
1.1_4
20 Aug 2020 11:54:31
|
dmgk |
security/vuxml: Document textproc/elasticsearch6 vulnerability
PR: 248761
Submitted by: Juraj Lutter <juraj@lutter.sk> (maintainer) |
1.1_4
20 Aug 2020 10:39:16
|
zeising |
vuxml: Document dns/adns security issues
Document several securiy issues in dns/adns.
While here, fix whitespace in adjacent entries, as reported by make
validate. |
1.1_4
19 Aug 2020 17:29:51
|
lme |
Document icingaweb2 vulnerability |
1.1_4
19 Aug 2020 16:26:33
|
sunpoet |
Document curl vulnerability |
1.1_4
19 Aug 2020 15:59:56
|
wen |
- Update a cvename entry |
1.1_4
19 Aug 2020 15:30:09
|
wen |
- Document python37 and python36 multiple vulnerabilities
PR: 248751
Submitted by: mwalker@carbonhouse.com |
1.1_4
19 Aug 2020 08:24:45
|
zeising |
vuxml: Document security/trousers issues
Reapply r545263, but do it properly this time.
Document security issues in security/trousers. |
1.1_4
19 Aug 2020 03:30:06
|
gjb |
Revert r545263, which excludes the package name, version(s) affected,
and includes "INSERT BLOCKQUOTE URL HERE" for a URL, suggesting the
'make validate' target was clearly not executed. |
1.1_4
18 Aug 2020 23:17:17
|
zeising |
vuxml: Document security issues in security/trousers |
1.1_4
18 Aug 2020 19:36:51
|
rene |
Document new vulnerability in www/chromium < 84.0.4147.135 |
1.1_4
17 Aug 2020 20:10:04
|
flo |
Document ceph vulnerability
PR: 248673
Submitted by: Willem Jan Withagen <wjw@digiware.nl> |
As an Amazon Associate I earn from qualifying purchases.
