| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_4
27 Mar 2019 19:23:40
   |
sunpoet  |
Update Python vulnerability (d74371d2-4fee-11e9-a5cd-1df8a848de3d) |
1.1_4
27 Mar 2019 17:44:06
|
joneum |
Add entry for www/drupal7
Sponsored by: Netzkommune GmbH |
1.1_4
26 Mar 2019 18:12:24
|
sunpoet |
Document Python vulnerability |
1.1_4
22 Mar 2019 04:08:55
|
zeising |
Update the libXdmcp entry to make it clearer. |
1.1_4
21 Mar 2019 09:36:32
|
joneum |
Add entry for wordpress
Sponsored by: Netzkommune GmbH |
1.1_4
21 Mar 2019 08:15:01
|
mfechner |
Documented gitlab vulnerability. |
1.1_4
21 Mar 2019 02:03:35
|
zeising |
Add entry for x11/libXdmcp vulnerabilty.
Add entry for x11/libXdmcp vulnerabilty, insufficient entripy generating
session keys. It is unknown if this actually affects FreeBSD.
Security: CVE-2017-2625 |
1.1_4
20 Mar 2019 14:04:46
|
mfechner |
Documented security vulnerability for gitlab < 11.8.2. |
1.1_4
20 Mar 2019 11:30:19
|
joneum |
Add entry for www/gitea
PR: 236563 |
1.1_4
19 Mar 2019 20:22:21
|
jbeich |
security/vuxml: mark firefox < 66 as vulnerable |
1.1_4
19 Mar 2019 14:51:03
|
swills |
Document PowerDNS issue
PR: 236634
Reported by: Dani <i.dani@outlook.com> |
1.1_4
18 Mar 2019 18:25:00
|
sunpoet |
Document Rails vulnerability |
1.1_4
17 Mar 2019 14:16:03
|
mandree |
Record PuTTY security vulnerabilities in versions before 0.71. |
1.1_4
16 Mar 2019 23:23:16
|
sunpoet |
Document py-notebook vulnerability |
1.1_4
15 Mar 2019 21:42:03
|
sunpoet |
Document ruby-gems vulnerability |
1.1_4
12 Mar 2019 06:14:06
|
riggs |
Document CVE fixes in libsndfile-1.0.28_2
PR: 227669
Reported by: p5B2E9A8F@t-online.de |
1.1_4
08 Mar 2019 02:26:17
|
cy |
Fill in the actual URL for March 2019 ntp-4.2.8p13 NTP Release and
Security Vulnerability Announcement |
1.1_4
07 Mar 2019 19:33:24
|
brnrd |
security/vuxml: Document OpenSSL 1.1.1 vulnerability |
1.1_4
07 Mar 2019 13:32:42
|
cy |
Document crafted ull dereference ntp attack.
Security: CVE-2019-8936
Obtained from: nwtime.org |
1.1_4
06 Mar 2019 19:56:57
|
kai |
security/vuxml: Document shells/rssh < 2.3.4_2 vulnerabilities
PR: 235121
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D19473 |
1.1_4
06 Mar 2019 07:31:17
|
matthew |
Document a jQuery related XSS security fix in rt4.4.4 and rt4.2.16
Note: the release notes also mention 3 other security issues in perl
modules depended on by these packages. Of those, vulnerabilities in
the Email::Address and Email::Address::List perl modules have already
been addressed in their respective ports, while the third: HTML::Gumbo
is not currently in the ports at all. |
1.1_4
05 Mar 2019 15:00:54
|
0mp |
Document a slixmpp < 1.4.1 vulnerability
Reviewed by: krion, mat
Approved by: krion (mentor), mat (mentor)
MFH: 2019Q1 |
1.1_4
05 Mar 2019 10:23:44
|
mfechner |
Doucumented several www/gitlab-ce security vulnerabilities. |
1.1_4
05 Mar 2019 06:20:50
|
tobik |
Document www/py-gunicorn vulnerability |
1.1_4
04 Mar 2019 10:54:26
|
joneum |
Update mybb entry
Sponsored by: Netzkommune GmbH |
1.1_4
03 Mar 2019 00:03:11
|
bhughes |
security/vuxml: document Node.js February 2019 Security Releases
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
Sponsored by: Miles AS |
1.1_4
02 Mar 2019 10:29:12
|
joneum |
Document vulnerability in www/mybb
Sponsored by: Netzkommune GmbH |
1.1_4
01 Mar 2019 08:57:16
|
madpilot |
Document new asterisk vulnerability.
Security: CVE-2019-7251 |
1.1_4
27 Feb 2019 07:33:22
|
brnrd |
security/vuxml: Update OpenSSL 1.0.2r entry |
1.1_4
24 Feb 2019 19:59:26
|
kwm |
Document webkit-gtk CVE's
Security: CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, \
CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, \
CVE-2019-6234. |
1.1_4
22 Feb 2019 17:58:16
|
pi |
security/vuxml: dokument rdesktop < 1.8.4 vulnerabilities
PR: 235885, 229029 |
1.1_4
21 Feb 2019 19:49:00
|
romain |
Document sysutils/puppetserver* vulnerabilities.
PuppetServer bundles Bouncy Castle, so add affected ports to the Bouncy Castle
entry.
sysutils/puppetserver is EOL and will likely never get a fix;
sysutils/puppetserver5 may get fixed in a future release of the 5.x branch;
sysutils/puppetserver6 was fixed in the latest release.
With hat: puppet |
1.1_4
21 Feb 2019 14:45:25
|
acm |
- Add drupal8 vulnerability entry |
1.1_4
20 Feb 2019 10:13:39
|
brnrd |
security/vuxml: Document announced OpenSSL vulnerability
- To be updated with more specifics on 2019-02-26 |
1.1_4
15 Feb 2019 15:06:16
|
novel |
Document mail/msmtp certificate verification issue |
1.1_4
13 Feb 2019 11:27:36
|
cmt |
fix firefox-esr PORTEPOCH in latest entry
Submitted by: jbeich |
1.1_4
13 Feb 2019 11:09:39
|
cmt |
add more mozilla products to latest entry
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
(same CVEs as mfsa2019-04, so not creating another entry) |
1.1_4
13 Feb 2019 09:57:34
|
cmt |
document firefox vulnerabilities
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/ |
1.1_4
12 Feb 2019 15:39:34
|
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html |
1.1_4
11 Feb 2019 19:11:34
|
sunpoet |
Fix r492723 for the name of NVD report |
1.1_4
11 Feb 2019 18:59:48
|
sunpoet |
Update openjpeg status
There were 5 vulnerabilities in openjpeg and 4 of them are fixed.
The current status is described in [1] as follows:
- CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.
- CVE-2018-5785 was fixed in r480624.
- CVE-2018-6616 was fixed in r489415.
- CVE-2018-5727 is not fixed yet.
Though I keep committing fixes and updating the status, it does not show in the
"pkg audit" result. Users have to follow the link but apparently few people
would do that. Therefore, I got mails asking if the CVEs are fixed, etc.
I don't know if there's a better way to handle this condition (partly fixed over
several months). Instead of removing fixed CVEs from vuln.xml, I decided to add
a new entry (5efd7a93-2dfb-11e9-9549-e980e869c2e9) which is split from the old
entry (11dc3890-0e64-11e8-99b0-d017c2987f9a). It should be clearer for users if
they only read the "pkg audit" result.
[1] https://www.vuxml.org/freebsd/11dc3890-0e64-11e8-99b0-d017c2987f9a.html |
1.1_4
11 Feb 2019 00:11:41
|
feld |
Document FreeBSD-SA-19:02.fd |
1.1_4
11 Feb 2019 00:10:59
|
feld |
Document FreeBSD-SA-19:01.syscall |
1.1_4
10 Feb 2019 18:02:38
|
tcberner |
Document kf5-kauth vulnerability. |
1.1_4
08 Feb 2019 01:12:26
|
osa |
Update versions range for recent unit vulnerability. |
1.1_4
08 Feb 2019 01:04:53
|
osa |
Document unit vulnerability. |
1.1_4
07 Feb 2019 23:14:47
|
sunpoet |
Document curl vulnerability |
1.1_4
06 Feb 2019 09:10:47
|
mfechner |
Document gitlab-ce vulnerability. |
1.1_4
05 Feb 2019 14:52:23
|
ler |
mail/dovecot: update reporter for latest vuln |
1.1_4
05 Feb 2019 14:39:13
|
ler |
mail/dovecot: Suitable client certificate can be used to login as other user
update vuxml |
1.1_4
02 Feb 2019 21:55:47
|
sunpoet |
Document typo3 vulnerability
PR: 235187, 235188 |
1.1_4
02 Feb 2019 01:26:48
|
jrm |
security/vuxml: Document Gitea < 1.7.1 vulnerabilities
PR: 235399
Submitted by: stb@lassitu.de (www/gitea maintainer) |
1.1_4
31 Jan 2019 19:36:16
|
matthew |
Document vulnerability addressed by release 0.06 of p5-Email-Address-List
Unfortunately there is very little real description of the
vulnerability available, other than what is in the changelog. Even
the CVE number only leads to a page saying the number is reserved. |
1.1_4
31 Jan 2019 17:42:14
|
mfechner |
Documented multiple vulnerabilities for www/gitlab-ce. |
1.1_4
30 Jan 2019 11:37:56
|
bhughes |
security/vuxml: document vulnerabilities in net/turnserver
Sponsored by: Miles AS |
1.1_4
29 Jan 2019 17:18:59
|
jbeich |
security/vuxml: mark firefox < 65 as vulnerable |
1.1_4
28 Jan 2019 16:53:42
|
swills |
Document powerdns-recursor issue
PR: 235113
Submitted by: Ralf van der Enden <tremere@cainites.net> |
1.1_4
27 Jan 2019 19:58:21
|
sunpoet |
Update py-requests entry
Reference: https://lists.freebsd.org/pipermail/svn-ports-head/2019-January/198601.html |
1.1_4
27 Jan 2019 15:14:56
|
brnrd |
security/vuxml: Document recent MySQL vulnerabilities
- 5.5 branch see https://mariadb.com/kb/en/library/mariadb-5563-release-notes/ |
1.1_4
27 Jan 2019 09:58:17
|
tcberner |
security/vuxml: Document security/botan2 vulnerability
PR: 234938
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) |
1.1_4
27 Jan 2019 09:19:40
|
matthew |
Document PMASA-2019-1 and PMSA-2019-2 security advisories: Arbitrary
file disclosure and SQL injection attacks. |
1.1_4
26 Jan 2019 10:54:50
|
joneum |
Add entry for www/gitea
PR: 235140
Sponsored by: Netzkommune GmbH |
1.1_4
26 Jan 2019 09:49:39
|
koobs |
security/vuxml: Add libzmq4 -- Remote Code Execution Vulnerability
PR: 230575 |
1.1_4
23 Jan 2019 16:03:33
|
zi |
- Add package name validation |
1.1_3
23 Jan 2019 15:10:38
|
zi |
Fix invalid package name in previous commit for
4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2 |
1.1_3
23 Jan 2019 14:37:44
|
joneum |
Add entry for www/apache24
Sponsored by: Netzkommune GmbH |
1.1_3
23 Jan 2019 12:48:45
|
lev |
Add CVE-2018-11803 for www/mod_dav_svn. |
1.1_3
22 Jan 2019 12:32:18
|
gjb |
Attempt to fix vuxml build.
Sponsored by: The FreeBSD Foundation |
1.1_3
22 Jan 2019 10:44:39
|
koobs |
security/vuxml: Add www/py-requests: Information disclosure vulnerability |
1.1_3
20 Jan 2019 01:05:17
|
ler |
security/vuxml: Document joomla 3 vulnerabilities. |
1.1_3
19 Jan 2019 20:37:47
|
acm |
- Add drupal7 and drupal8 vulnerability entry |
1.1_3
18 Jan 2019 22:39:08
|
danilo |
Document helm security advisory |
1.1_3
17 Jan 2019 00:14:17
|
mfechner |
Documented gitlab security vulnerability. |
1.1_3
16 Jan 2019 17:43:06
|
lwhsu |
Document Jenkins Security Advisory 2019-01-16
Sponsored by: The FreeBSD Foundation |
1.1_3
15 Jan 2019 12:20:44
|
swills |
Document py-matrix-synapse issue
PR: 234828
Submitted by: Sascha Biberhofer <ports@skyforge.at> (with slight editing) |
1.1_3
10 Jan 2019 18:59:32
|
dbaio |
security/vuxml: Document irc/irssi issue
Security: CVE-2019-5882
PR: 234798 |
1.1_3
06 Jan 2019 19:30:25
|
riggs |
Document out-of-bounds vulnerability in net/uriparser < 0.9.1
Reported by: sebastian@pipping.org (via e-mail) |
1.1_3
06 Jan 2019 16:55:56
|
swills |
Document gitea issue
PR: 234659
Submitted by: stb@lassitu.de |
1.1_3
05 Jan 2019 23:00:55
|
sunpoet |
Update openjpeg status |
1.1_3
05 Jan 2019 13:20:35
|
cpm |
Document new vulnerability in www/chromium < 71.0.3578.98
Obtained
from: https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html |
1.1_3
05 Jan 2019 13:10:56
|
cpm |
Document new vulnerabilities in www/chromium < 71.0.3578.80
Obtained
from: https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html |
1.1_3
05 Jan 2019 08:09:07
|
wen |
- Documented security vulnerability of Django |
1.1_3
02 Jan 2019 09:03:39
|
mfechner |
Documented several gitlab-ce security vulnerabilities.
Approved by: mentors (implicit) |
1.1_3
26 Dec 2018 21:05:54
|
swills |
Document gitea issue |
1.1_3
26 Dec 2018 16:09:58
|
rodrigo |
Add entry for archivers/rpm4 security isssue on 4.14.2 |
1.1_3
26 Dec 2018 16:04:59
|
tijl |
Update handbrake entries now that 1.2.0 has been released.
PR: 234322
Submitted by: Nei Teng You Yi Lang <naito.yuichiro@gmail.com> (maintainer) |
1.1_3
22 Dec 2018 07:42:42
|
mfechner |
Documented security vulnerability for gitlab-ce.
Approved by: mentors (implicit) |
1.1_3
20 Dec 2018 14:50:07
|
girgen |
Add vuxml entry for shibboleth-sp |
1.1_3
20 Dec 2018 09:38:19
|
dch |
Document databases/couchdb2 and databases/couchdb vulnerability
Approved by: jrm (mentor)
Security: CVE-2018-17188
Security: see http://docs.couchdb.org/en/stable/cve/2018-17188.html
Differential Revision: https://reviews.freebsd.org/D18498 |
1.1_3
20 Dec 2018 01:15:53
|
leres |
Mark bro < 2.6.1 as vulnerable as per:
https://www.bro.org/download/NEWS.bro.html
The issue is a remote code execution vulnerability in the bundled
sqlite ("Magellan").
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D18615 |
1.1_3
19 Dec 2018 21:15:26
|
feld |
Document FreeBSD-SA-18:15.bootpd |
1.1_3
15 Dec 2018 15:03:45
|
joneum |
Document wordpress issues
Sponsored by: Netzkommune GmbH |
1.1_3
14 Dec 2018 13:29:12
|
tijl |
HTML encode < and > and fix the formatting of the latest typo3 entry. |
1.1_3
14 Dec 2018 13:22:01
|
tijl |
Add Mbed TLS Security Advisory 2018-03.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
Security: CVE-2018-19608 |
1.1_3
14 Dec 2018 11:57:19
|
joneum |
Add entry for typo3-8 and typo3-9
PR: 233935 233936
Sponsored by: Netzkommune GmbH |
1.1_3
14 Dec 2018 11:20:35
|
mfechner |
Document gitlab-ce vulnerability.
Approved by: mentors (implicit) |
1.1_3
12 Dec 2018 10:24:15
|
matthew |
Revert r487286 -- PHP70 is still present in the 2018Q4 quarterly branch.
Reported by: mat |
1.1_3
12 Dec 2018 09:16:04
|
matthew |
PHP 70 was EoL'd and is no longer in the ports.
Reported by: joneum |
1.1_3
12 Dec 2018 07:18:56
|
matthew |
Document three more security advisories from phpMyAdmin |
1.1_3
11 Dec 2018 17:50:04
|
jbeich |
security/vuxml: update to 1.1_3 |
As an Amazon Associate I earn from qualifying purchases.
