| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_2
14 Feb 2016 02:59:02
   |
junovitch  |
Document cross-site scripting vulnerabilities in Horde Groupware
Security: CVE-2015-8807
Security: CVE-2016-2228
Security: https://vuxml.FreeBSD.org/freebsd/3aa8b781-d2c4-11e5-b2bd-002590263bf5.html |
1.1_2
14 Feb 2016 01:55:27
|
junovitch |
Fix dnscrypt-proxy reference URL (ihttps -> https) |
1.1_2
13 Feb 2016 22:35:55
|
girgen |
Document security problems in PostgreSQL
Security: CVE-2016-0773, CVE-2016-0766 |
1.1_2
13 Feb 2016 22:28:41
|
junovitch |
Reflect QEMU DoS vulnerabilities now fixed in qemu-sbruno/qemu-user-static
PR: 205813
Security: CVE-2015-8345
Security: CVE-2015-8567
Security: CVE-2015-8568
Security: CVE-2015-8613
Security: CVE-2015-8619
Security: CVE-2015-8701
Security: https://vuxml.FreeBSD.org/freebsd/1384f2fd-b1be-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/62ab8707-b1bc-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/9ad8993e-b1ba-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/b3f9f8ef-b1bb-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/b56fe6bb-b1b1-11e5-9728-002590263bf5.html |
1.1_2
10 Feb 2016 13:08:13
|
kwm |
Document feb 8, 2016 flash vulnerabilities.
Security: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,
CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,
CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,
CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,
CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,
CVE-2016-0984, CVE-2016-0985 |
1.1_2
10 Feb 2016 00:10:40
|
feld |
Document dns/dnscrypt-proxy vulnerability
PR: 206938 |
1.1_2
10 Feb 2016 00:07:45
|
feld |
Fix vuxml to pass `make validate`
An errant newline from the last entry caused "Error 1" |
1.1_2
09 Feb 2016 23:11:37
|
rene |
Document new vulnerabilities in www/chromium < 48.0.2564.109
Obtained
from: http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_9.html |
1.1_2
09 Feb 2016 20:30:42
|
feld |
Update graphics/graphite2 vulnerability details
I found a more comprehensive blog entry by Talos |
1.1_2
09 Feb 2016 20:23:33
|
feld |
Document graphics/graphite2 vulnerability
Security: CVE-2016-1521 |
1.1_2
09 Feb 2016 17:07:04
|
feld |
Fix duplicate "reports" in last entry |
1.1_2
09 Feb 2016 17:01:02
|
feld |
Document net-mgmt/xymon-server vulnerabilities
MFH: 2016Q1
Security: CVE-2016-2054
Security: CVE-2016-2055
Security: CVE-2016-2056
Security: CVE-2016-2057
Security: CVE-2016-2058 |
1.1_2
09 Feb 2016 10:55:58
|
miwi |
- Document php -- pcre vulnerability |
1.1_2
09 Feb 2016 10:39:56
|
rakuco |
Document multiple vulnerabilities in graphics/py-imaging and graphics/py-pillow.
Security: CVE-2016-0740
Security: CVE-2016-0775 |
1.1_2
06 Feb 2016 11:23:58
|
riggs |
Document remote denial of service in ffmpeg before 2.8.6 and
mencoder / mplayer before 1.2.r20151219_3 |
1.1_2
05 Feb 2016 20:04:05
|
junovitch |
Update version of net/samba36 package to reflect it is still unpatched
PR: 206808
Reported by: Marcin Gryszkalis <mg@fork.pl>
Security: CVE-2015-5252
Security: CVE-2015-5296
Security: CVE-2015-5299
Security: https://vuxml.FreeBSD.org/freebsd/ef434839-a6a4-11e5-8275-000c292e4fd8.html |
1.1_2
05 Feb 2016 16:32:09
|
kwm |
Document shotwell failure to validate TLS certificates.
PR: 206807 |
1.1_2
04 Feb 2016 11:03:33
|
kwm |
Document webkit CVE-2014-1748.
If people look at the announcement, CVE-2014-3192 is already fixed. This
CVE was against chromium, and the same code in 2.4.9 is in webkit trunk
so I assume it already fixed.
CVE-2013-6663 is for webkit < 2.4.0, and the rest of the CVE's are for
apple products without any attached patches.
PR: 205683
Obtained from: http://webkitgtk.org/security/WSA-2015-0002.html |
1.1_2
04 Feb 2016 10:35:32
|
koobs |
security/vuxml: Add CVE-2016-1494 for security/py-rsa
PR: 206746
Reported by: Sevan Janiyan <venture37 geeklan co.uk> |
1.1_2
04 Feb 2016 09:25:09
|
madpilot |
Document new asterisk ports vulnerabilities. |
1.1_2
03 Feb 2016 17:16:58
|
feld |
Document py-salt vulnerability
Security: CVE-2016-1866 |
1.1_2
02 Feb 2016 22:44:11
|
sunpoet |
- Document Ruby on Rails multiple vulnerabilities |
1.1_2
02 Feb 2016 11:05:10
|
kwm |
Document that the linux curl ports are still vulnerable.
Submitted by: xmj@ |
1.1_2
01 Feb 2016 22:05:51
|
feld |
Document net/socat vulnerability |
1.1_2
01 Feb 2016 07:37:59
|
jbeich |
Document recent Mozilla vulnerabilities
PR: 206637
Submitted by: Christoph Moench-Tegeder <cmt@burggraben.net> |
1.1_2
01 Feb 2016 02:42:40
|
junovitch |
Document multiple vulnerabilities in gdcm
PR: 206590
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2015-8396
Security: CVE-2015-8397
Security: https://vuxml.FreeBSD.org/freebsd/e00d8b94-c88a-11e5-b5fe-002590263bf5.html |
1.1_2
31 Jan 2016 10:00:14
|
miwi |
- Fix x11/linux-c6-xorg-libs entry as fixed
- Also fix modify date
Reported by: Terry Kennedy <TERRY@glaver.org> |
1.1_2
30 Jan 2016 18:42:17
|
miwi |
- Mark linux-c6* entys as fixed |
1.1_2
30 Jan 2016 16:53:28
|
brnrd |
ftp/curl: Fix vuxml version check
Reviewed by: Erandir, miwi (ports-secteam)
Approved by: miwi (ports-secteam) |
1.1_2
30 Jan 2016 05:37:11
|
feld |
vuxml: fix version range for nginx which has a PORTEPOCH |
1.1_2
30 Jan 2016 05:29:48
|
feld |
Document www/nginx vulnerabilities
Security: CVE-2016-0742
Security: CVE-2016-0746
Security: CVE-2016-0747 |
1.1_2
29 Jan 2016 16:53:05
|
feld |
Document www/typo3 and www/typo3-lts vulnerabilities
PR: 206723 |
1.1_2
29 Jan 2016 16:44:04
|
feld |
vuxml: Fix owncloud discovery date |
1.1_2
29 Jan 2016 16:43:37
|
feld |
Document www/nghttp2 vulnerability
PR: 206727
Security: CVE-2015-8659 |
1.1_2
29 Jan 2016 16:36:38
|
feld |
vuxml: Fix openssl entry so `make validate` doesn't throw errors |
1.1_2
29 Jan 2016 16:35:58
|
feld |
Document www/owncloud vulnerabilities
PR: 206724
Security: CVE-2016-1498
Security: CVE-2016-1499
Security: CVE-2016-1500 |
1.1_2
29 Jan 2016 15:38:48
|
feld |
vuxml: radicale entry needs python prefixes for packagename
PR: 206717 |
1.1_2
29 Jan 2016 15:33:37
|
feld |
Document www/radicale vulnerabilities
Security: CVE-2015-8747
Security: CVE-2015-8748 |
1.1_2
28 Jan 2016 22:45:10
|
matthew |
Add 9 security advisories for phpMyAdmin:
[Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
[Security] Unsafe generation of CSRF token, see PMASA-2016-2
[Security] Multiple XSS vulnerabilities, see PMASA-2016-3
[Security] Insecure password generation in JavaScript, see PMASA-2016-4
[Security] Unsafe comparison of CSRF token, see PMASA-2016-5
[Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
[Security] XSS vulnerability in normalization page, see PMASA-2016-7
[Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8
[Security] XSS vulnerability in SQL editor, see PMASA-2016-9 |
1.1_2
28 Jan 2016 21:00:55
|
lx |
vuxml for prosody CVE-2016-0756.
PR: 206707
Submitted by: Anton Shestakov |
1.1_2
28 Jan 2016 15:20:11
|
dinoex |
- report OpenSSL 1.0.2e vulnerability
MFH: 2016Q1 |
1.1_2
27 Jan 2016 16:01:39
|
brnrd |
security/vuxml: Document cURL vulnerability
Reviewed by: feld (ports-secteam, mentor), koobs (mentor)
Approved by: feld (ports-secteam, mentor)
Security: CVE-2016-0755
Security: https://vuxml.FreeBSD.org/freebsd/8b27f1bc-c509-11e5-a95f-b499baebfeaf.html
Differential Revision: D5091 |
1.1_2
26 Jan 2016 04:18:34
|
junovitch |
Document Wordpress cross site scripting vulnerability
Security: CVE-2016-1564
Security: https://vuxml.FreeBSD.org/freebsd/fb754341-c3e2-11e5-b5fe-002590263bf5.html |
1.1_2
26 Jan 2016 03:13:32
|
junovitch |
Document recent privoxy security vulnerabilities
While here, catch up on the prior release's advisories for completeness
PR: 206504
Security: CVE-2016-1982
Security: CVE-2016-1983
Security: https://vuxml.FreeBSD.org/freebsd/a763a0e7-c3d9-11e5-b5fe-002590263bf5.html |
1.1_2
26 Jan 2016 01:36:25
|
junovitch |
Document potential privilege escalation via symlink misconfiguration in sudo
PR: 206592
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2015-5602
Security: https://vuxml.FreeBSD.org/freebsd/2e8cdd36-c3cc-11e5-b5fe-002590263bf5.html |
1.1_2
22 Jan 2016 19:21:17
|
feld |
Document graphics/imlib2 vulnerabilities
PR: 206372
Security: CVE-2014-9762
Security: CVE-2014-9763
Security: CVE-2014-9764 |
1.1_2
22 Jan 2016 17:20:08
|
feld |
Recent BIND vulnerabilities are supposed to be in separate entries |
1.1_2
21 Jan 2016 21:49:22
|
rene |
Document new vulnerabilities in www/chromium < 48.0.2564.82
PR: 206474
Submitted by: Christoph Moench-Tegeder
Obtained
from: http://googlechromereleases.blogspot.de/2016/01/stable-channel-update_20.html |
1.1_2
21 Jan 2016 09:30:59
|
delphij |
Document NTP multiple vulnerabilities. |
1.1_2
20 Jan 2016 23:41:20
|
junovitch |
Document cgit -- multiple vulnerabilities
PR: 206417
Security: CVE-2016-1899
Security: CVE-2016-1900
Security: CVE-2016-1901
Security: https://vuxml.FreeBSD.org/freebsd/62c0dbbd-bfce-11e5-b5fe-002590263bf5.html |
1.1_2
20 Jan 2016 16:32:35
|
feld |
Document bind vulnerabilities
Security: CVE-2015-8704
Security: CVE-2015-8705 |
1.1_2
19 Jan 2016 16:52:06
|
pawel |
Document claws-mail CVE
Security: CVE-2015-8614 |
1.1_2
19 Jan 2016 08:35:48
|
sunpoet |
- Fix libproxy range |
1.1_2
18 Jan 2016 23:50:10
|
junovitch |
Document several vulnerabilities in libarchive
PR: 200176
Reported by: Sevan Janiyan <venture37@geeklan.co.uk>
Security: CVE-2013-0211
Security: CVE-2015-2304
Security: https://vuxml.FreeBSD.org/freebsd/7c63775e-be31-11e5-b5fe-002590263bf5.html |
1.1_2
18 Jan 2016 14:04:44
|
junovitch |
Document go information disclosure vulnerability
Security: CVE-2015-8618
Security: https://vuxml.FreeBSD.org/freebsd/6809c6db-bdeb-11e5-b5fe-002590263bf5.html |
1.1_2
18 Jan 2016 06:16:38
|
riggs |
Correct vulerable package version entries for ffmpeg entry in r406293 |
1.1_2
17 Jan 2016 18:06:31
|
feld |
Document isc-dhcpd CVE
Security: CVE-2015-8605 |
1.1_2
17 Jan 2016 11:33:11
|
rakuco |
Document CVE-2012-4504 in net/libproxy and its slave ports.
Security: CVE-2012-4504 |
1.1_2
17 Jan 2016 10:27:35
|
riggs |
Document usage of vulnerable ffmpeg prior to 2.8.5 in mplayer/mencoder |
1.1_2
17 Jan 2016 10:12:17
|
riggs |
Document zero day remote vulnerability in ffmpeg 2.0.0 - 2.8.4
PR: 206282 |
1.1_2
15 Jan 2016 17:47:33
|
bdrewery |
Fix OpenSSH version ranges.
Reported by: sunpoet |
1.1_2
15 Jan 2016 15:22:44
|
miwi |
- Document h2o -- directory traversal vulnerability
PR: 206193 |
1.1_2
14 Jan 2016 19:34:26
|
bdrewery |
Document OpenSSH CVE-2016-0777 and CVE-2016-0778.
Submitted by: brnrd |
1.1_2
14 Jan 2016 00:25:59
|
junovitch |
Document two vulnerabilities in Prosody
PR: 206150
Reported by: Anton Shestakov <av6@dwimlabs.net>
Security: CVE-2016-1232
Security: CVE-2016-1231
Security: https://vuxml.FreeBSD.org/freebsd/842cd117-ba54-11e5-9728-002590263bf5.html |
1.1_2
13 Jan 2016 23:57:53
|
junovitch |
Document Kibana 4.x XSS vulnerabilty
PR: 205961
PR: 205962
PR: 205963
Security: https://vuxml.FreeBSD.org/freebsd/a7a4e96c-ba50-11e5-9728-002590263bf5.html |
1.1_2
12 Jan 2016 14:50:44
|
rakuco |
Add entry for CVE-2015-8607 in devel/p5-PathTools.
Security: CVE-2015-8607 |
1.1_2
11 Jan 2016 11:07:43
|
miwi |
- php -- multiple vulnerabilities |
1.1_2
09 Jan 2016 13:42:06
|
rakuco |
Add entry for CVE-2015-8557 in textproc/py-pygments. |
1.1_2
08 Jan 2016 18:49:51
|
feld |
Add openjdk7 to the existing java vuxml entry
PR: 204268 |
1.1_2
08 Jan 2016 18:44:02
|
feld |
Document polkit vulnerabilities
PR: 204235
Security: CVE-2015-4625
Security: CVE-2015-3218
Security: CVE-2015-3255
Security: CVE-2015-3256 |
1.1_2
08 Jan 2016 18:23:26
|
feld |
Document net/librsync collision vulnerability
PR: 204237
Security: CVE-2014-8242 |
1.1_2
08 Jan 2016 17:55:40
|
feld |
Document fixed version of graphics/exact-image
Security: CVE-2015-3885 |
1.1_2
08 Jan 2016 17:25:40
|
feld |
Document devel/m6811-binutils is also vuln to older CVEs
PR: 198815
Security: CVE-2014-8501
Security: CVE-2014-8502
Security: CVE-2014-8503 |
1.1_2
08 Jan 2016 06:16:20
|
delphij |
Document ntp remote denial of service vulnerability. |
1.1_2
08 Jan 2016 01:31:32
|
junovitch |
Document two dhcpcd vulnerabilities
PR: 206015
Security: CVE-2016-1504
Security: CVE-2016-1503
Security: https://vuxml.FreeBSD.org/freebsd/df587aa2-b5a5-11e5-9728-002590263bf5.html |
1.1_2
07 Jan 2016 11:53:14
|
tijl |
Fix Polar SSL version in r405428 |
1.1_2
07 Jan 2016 11:45:21
|
tijl |
Document mbedTLS/PolarSSL SLOTH vulnerability
Security: https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released |
1.1_2
06 Jan 2016 07:30:43
|
delphij |
Correct version range in kea entry.
Submitted by: Brian Martin <bmartin tenable.com> |
1.1_2
06 Jan 2016 00:49:39
|
junovitch |
Document Xen Security Advisories (XSAs 159, 160, 162, 165, 166)
PR: 205841
Security: CVE-2015-8555
Security: CVE-2015-8341
Security: CVE-2015-8339
Security: CVE-2015-8340
Security: https://vuxml.FreeBSD.org/freebsd/6aa2d135-b40e-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/e839ca04-b40d-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/5d1d4473-b40d-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/bcad3faa-b40c-11e5-9728-002590263bf5.html |
1.1_2
05 Jan 2016 15:00:53
|
rakuco |
Document CVE-2015-8665 and CVE-2015-8683 in graphics/tiff. |
1.1_2
05 Jan 2016 14:27:32
|
miwi |
- Cleanup empty lines |
1.1_2
05 Jan 2016 13:46:12
|
ehaupt |
Another fix caused by r405285. Use package name in topic instead of origin. |
1.1_2
05 Jan 2016 13:30:52
|
ehaupt |
Fix package name.
Notified by: gjb |
1.1_2
05 Jan 2016 13:06:05
|
ehaupt |
Document CVE-2015-7696, CVE-2015-7697
PR: 165091
Submitted by: brnrd |
1.1_2
05 Jan 2016 12:58:32
|
rakuco |
Document CVE-2015-8369 in net-mgmt/cacti. |
1.1_2
04 Jan 2016 18:13:08
|
hrs |
Document CVE-2015-8373. |
1.1_2
03 Jan 2016 22:34:44
|
rene |
Document a buffer overflow in www/mini_httpd < 1.23
Obtained from: http://acme.com/updates/archive/192.html |
1.1_2
03 Jan 2016 15:21:12
|
junovitch |
Extend VuXML entry for QEMU DoS in AMD PC-Net II NIC support to cover Xen
PR: 205841
Security: CVE-2015-7504
Security: https://vuxml.FreeBSD.org/freebsd/405446f4-b1b3-11e5-9728-002590263bf5.html |
1.1_2
03 Jan 2016 02:25:00
|
junovitch |
Document recent QEMU denial of service vulnerabilities
PR: 205813
PR: 205814
Security: CVE-2015-8701
Security: CVE-2015-8666
Security: CVE-2015-8619
Security: CVE-2015-8613
Security: CVE-2015-8567
Security: CVE-2015-8568
Security: CVE-2015-8558
Security: CVE-2015-7549
Security: CVE-2015-8504
Security: CVE-2015-7504
Security: CVE-2015-7512 (Only the first 15 lines of the commit message are shown above  ) |
1.1_2
02 Jan 2016 13:23:55
|
junovitch |
Document several older QEMU vulnerabilities
Security: CVE-2015-7295
Security: CVE-2015-5278
Security: CVE-2015-5279
Security: CVE-2015-6855
Security: CVE-2015-6815
Security: CVE-2015-5239
Security: https://vuxml.FreeBSD.org/freebsd/42cbd1e8-b152-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/6aa3322f-b150-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/bbc97005-b14e-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/10bf8eed-b14d-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/8a560bcf-b14b-11e5-9728-002590263bf5.html |
1.1_2
01 Jan 2016 20:50:22
|
junovitch |
Document several older QEMU vulnerabilities
Security: CVE-2015-3214
Security: CVE-2015-5158
Security: CVE-2015-5225
Security: CVE-2015-5745
Security: https://vuxml.FreeBSD.org/freebsd/2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28.html
Security: https://vuxml.FreeBSD.org/freebsd/21e5abe3-b0c6-11e5-8d13-bc5ff45d0f28.html
Security: https://vuxml.FreeBSD.org/freebsd/a267cd6c-b0c4-11e5-8d13-bc5ff45d0f28.html
Security: https://vuxml.FreeBSD.org/freebsd/aea8d90e-b0c1-11e5-8d13-bc5ff45d0f28.html |
1.1_2
31 Dec 2015 14:57:33
|
feld |
Document lang/mono vulnerability
Security: CVE-2009-0689 |
1.1_2
29 Dec 2015 18:55:03
|
kwm |
Document latest flash vulnabilities.
Security: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634,
CVE-2015-8635, CVE-2015-8636, CVE-2015-8638,
CVE-2015-8639, CVE-2015-8640, CVE-2015-8641,
CVE-2015-8642, CVE-2015-8643, CVE-2015-8644,
CVE-2015-8645, CVE-2015-8646, CVE-2015-8647,
CVE-2015-8648, CVE-2015-8649, CVE-2015-8650,
CVE-2015-8651 |
1.1_2
29 Dec 2015 17:02:04
|
feld |
Document assigned CVE to irc/inspircd
Security: CVE-2015-8702 |
1.1_2
29 Dec 2015 13:36:04
|
feld |
Document irc/inspircd DoS
No CVE assigned yet |
1.1_2
28 Dec 2015 18:21:17
|
jbeich |
Document recent ffmpeg vulnerabilities |
1.1_2
28 Dec 2015 18:18:46
|
jbeich |
Document NSS vulnerability fixed by ports r404007
PR: 205652
Reported by: Christoph Moench-Tegeder <cmt@burggraben.net> |
1.1_2
26 Dec 2015 12:59:19
|
matthew |
Document the latest phpMyAdmin security advisory. |
1.1_2
25 Dec 2015 15:57:54
|
rakuco |
Add an entry for CVE-2015-0860 in archivers/dpkg. |
1.1_2
24 Dec 2015 17:09:18
|
miwi |
- Adjust latest py*-django entry
Discussed with: feld |
As an Amazon Associate I earn from qualifying purchases.
