| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_2
14 Aug 2015 16:34:31
   |
feld  |
Document freeradius3 vulnerability |
1.1_2
14 Aug 2015 16:08:59
|
feld |
Document gnutls vulnerabilities
No CVEs assigned yet |
1.1_2
13 Aug 2015 02:07:33
|
junovitch |
Document Froxlor database password information disclosure vulnerability
PR: 202262
Security: CVE-2015-5959
Security: 9ee72858-4159-11e5-93ad-002590263bf5
Approved by: feld (mentor) |
1.1_2
12 Aug 2015 22:16:52
|
matthew |
Document two XSS vulnerabilities in rt40, rt42. |
1.1_2
12 Aug 2015 19:32:26
|
feld |
Document py-foolscap vulnerability |
1.1_2
12 Aug 2015 09:55:11
|
jbeich |
Make libvpx-1.3.0 vulnerable by moving MFSA 2014-77 into separate entry |
1.1_2
12 Aug 2015 07:31:35
|
kwm |
Document newest flash vulnabilities.
Also list the c6_64 flash port. |
1.1_2
11 Aug 2015 19:48:30
|
jbeich |
Oops, mark bundled libvpx v1.4.0 in firefox as vulnerable again
libvpx v1.3.0-4418-g587ff64 in firefox-esr 38.x shouldn't be affected
given Mozilla hasn't backported the update there. MFSA 2015-89 says
otherwise though.
https://bugzilla.mozilla.org/show_bug.cgi?id=1178215 |
1.1_2
11 Aug 2015 19:03:36
|
jbeich |
Move libvpx vulnerability into its own entry |
1.1_2
11 Aug 2015 18:51:58
|
jbeich |
Document recent mozilla vulnerabilities |
1.1_2
10 Aug 2015 13:25:32
|
madpilot |
Document an already fixxed vulnerability in lighttpd 1.4.35 or older.
PR: 202134
Submitted by: pkubaj at riseup.net
vuxml entry submitted by: Jason Unovitch <jason.unovitch at gmail.com> |
1.1_2
10 Aug 2015 10:34:55
|
junovitch |
Document PCRE heap overflow vulnerability in '(?|' situations
PR: 202209
Security: ff0acfb4-3efa-11e5-93ad-002590263bf5
Approved by: feld (mentor) |
1.1_2
09 Aug 2015 18:38:51
|
flo |
Mention all CVEs that are fixed in 4.2.4. The release notes only mentioned
one.
Reported by: junovitch |
1.1_2
07 Aug 2015 06:51:06
|
jbeich |
Document recent mozilla vulnerabilities |
1.1_2
06 Aug 2015 19:55:05
|
flo |
Document wordpress vulnerabilities
Security: CVE-2015-2213 |
1.1_2
06 Aug 2015 15:45:40
|
lev |
Add two security issues for subversion. |
1.1_2
05 Aug 2015 22:11:06
|
junovitch |
Document Elasticsearch directory traversal attack and remote code execution
PR: 201834
Security: CVE-2015-5377
Security: fb3668df-32d7-11e5-a4a5-002590263bf5
Security: CVE-2015-5531
Security: ae8c09cb-32da-11e5-a4a5-002590263bf5
Approved by: feld (mentor) |
1.1_2
04 Aug 2015 10:56:24
|
junovitch |
Document xen-tools QEMU heap overflow flaw with certain ATAPI commands
PR: 201931
Security: CVE-2015-5154
Security: da451130-365d-11e5-a4a5-002590263bf5
Approved by: delphij (mentor) |
1.1_2
03 Aug 2015 10:20:59
|
junovitch |
Correct version range for libidn entry
PR: 201780
Security: CVE-2015-2059
Security: 4caf01e2-30e6-11e5-a4a5-002590263bf5
Approved by: feld (mentor) |
1.1_2
31 Jul 2015 16:36:08
|
feld |
Document older net-snmp DoS vulnerability
Security: CVE-2014-3565 |
1.1_2
31 Jul 2015 15:57:38
|
feld |
Document net-snmp vulnerability
Security: CVE-2015-5621 |
1.1_2
31 Jul 2015 00:26:34
|
junovitch |
Reflect Chicken 4.10.0 RC2 as the minimum version with the CVE-2015-4556 fix
PR: 200980
Security: CVE-2015-4556
Security: 0da404ad-1891-11e5-a1cf-002590263bf5
Approved by: delphij (mentor) |
1.1_2
28 Jul 2015 20:23:36
|
feld |
Document bind CVE
Security: CVE-2015-5477 |
1.1_2
27 Jul 2015 18:46:48
|
bdrewery |
Document OpenSSH CVE-2015-5600 for MaxAuthTries bypass |
1.1_2
27 Jul 2015 13:06:49
|
feld |
Document logstash SSL/TLS security vulnerability (FREAK attack)
PR: 201893
Security: CVE-2015-5378
Security: c470bcc7-33fe-11e5-a4a5-002590263bf5 |
1.1_2
25 Jul 2015 12:38:02
|
rene |
Document new vulnerabilities in www/chromium < 44.0.2403.89
Obtained from: http://googlechromereleases.blogspot.nl/ |
1.1_2
24 Jul 2015 16:58:17
|
feld |
Document shibboleth DoS
Security: CVE-2015-2684 |
1.1_2
24 Jul 2015 13:57:48
|
feld |
Adjust wordpress range -- www/wordpress has PORTEPOCH
Security: c80b27a2-3165-11e5-8a1d-14dae9d210b8 |
1.1_2
24 Jul 2015 13:41:36
|
feld |
Update Wordpress entry to add CVEs
Security: c80b27a2-3165-11e5-8a1d-14dae9d210b8
Security: CVE-2015-5622
Security: CVE-2015-5623 |
1.1_2
23 Jul 2015 18:24:13
|
feld |
Document wordpress XSS
Changes: https://codex.wordpress.org/Version_4.2.3 |
1.1_2
23 Jul 2015 15:44:56
|
feld |
Document libidn out-of-bounds read issue with invalid UTF-8 input
PR: 201780
Security: CVE-2015-2059
Security: 4caf01e2-30e6-11e5-a4a5-002590263bf5 |
1.1_2
23 Jul 2015 15:39:32
|
feld |
Document buffer overflow vulnerabilities in SoX
PR: 201778
CVE: CVE-2014-8145
Security: 9dd761ff-30cb-11e5-a4a5-002590263bf5
Security: 92cda470-30cb-11e5-a4a5-002590263bf5 |
1.1_2
22 Jul 2015 22:51:34
|
olgeni |
Document CVE assignment in iPython 3.2.1 entry.
PR: 201515
Security: CVE-2015-5607
Security: 81326883-2905-11e5-a4a5-002590263bf5 |
1.1_2
22 Jul 2015 12:01:47
|
kwm |
Add gdk-pixbuf2 vulnability.
Notified by: feld@ |
1.1_2
20 Jul 2015 16:35:14
|
feld |
Adjust range for apache22
We intended to commit 2.2.31 to ports but there are some issues. We will
instead backport the CVE fix to 2.2.29_6 for now.
Security: CVE-2015-3183 |
1.1_2
20 Jul 2015 15:00:23
|
feld |
Document PCRE buffer overflow
PR: 201188
Security: CVE-2015-5073 |
1.1_2
20 Jul 2015 14:52:06
|
feld |
Fix moodle reference URL
PR: 201675
Security: 43891162-2d5e-11e5-a4a5-002590263bf5 |
1.1_2
20 Jul 2015 14:35:40
|
feld |
Document Cacti Multiple XSS and SQL injection vulnerabilities
PR: 201702
Security: CVE-2015-4634
Security: 0bfda05f-2e6f-11e5-a4a5-002590263bf5 |
1.1_2
18 Jul 2015 23:43:42
|
feld |
Document php-phar vulnerabilities
Add missing modified date to zenphoto entry
Security: CVE-2015-5589
Security: CVE-2015-5590 |
1.1_2
18 Jul 2015 23:26:24
|
feld |
zenphoto was assigned CVEs
Security: 5c399624-2bef-11e5-86ff-14dae9d210b8 |
1.1_2
18 Jul 2015 23:16:05
|
feld |
Document recent Moodle security advisories
Security: CVE-2015-3272
Security: CVE-2015-3273
Security: CVE-2015-3274
Security: CVE-2015-3275
Security: 43891162-2d5e-11e5-a4a5-002590263bf5
PR: 201675 |
1.1_2
18 Jul 2015 22:09:11
|
feld |
package name is mariadb100, not mariadb10
Security: 36bd352d-299b-11e5-86ff-14dae9d210b8 |
1.1_2
18 Jul 2015 20:21:08
|
feld |
MySQL SSL Downgrade affects the client not the server
Remove mention of MySQL & friends that are not getting patched:
We will update their packages with a pkg-message to notify users
Security: 36bd352d-299b-11e5-86ff-14dae9d210b8 |
1.1_2
17 Jul 2015 20:41:31
|
feld |
Add missing <cvename> to apache entry
Security: 29083f8e-2ca8-11e5-86ff-14dae9d210b8 |
1.1_2
17 Jul 2015 17:30:35
|
feld |
Add missing apache22 packages for other "workers"
Security: 29083f8e-2ca8-11e5-86ff-14dae9d210b8 |
1.1_2
17 Jul 2015 17:26:54
|
feld |
Apache 2.2.31 is now public, fixing CVE-2015-3183
Security: CVE-2015-3183 |
1.1_2
17 Jul 2015 16:49:44
|
feld |
CVE now assigned to squid
Security: 150d1538-23fa-11e5-a4a5-002590263bf5
Security: CVE-2015-5400 |
1.1_2
17 Jul 2015 07:52:18
|
kwm |
Update flash entry.
Fixed version was released for CVE-2015-5122, CVE-2015-5123. |
1.1_2
16 Jul 2015 19:40:32
|
feld |
Correct range for libav
I was led to believe that 11.5 and 12.0 releases existed and included
the fix. They have not yet been issued by upstream. We will backport the
fix and bump PORTREVISION.
Security: a928960a-2bdc-11e5-86ff-14dae9d210b8 |
1.1_2
16 Jul 2015 19:22:20
|
feld |
Document zenphoto vulnerabilities
No CVE assigned yet |
1.1_2
16 Jul 2015 19:01:12
|
feld |
Document groovy vulnerability
Security: CVE-2015-3253 |
1.1_2
16 Jul 2015 17:13:27
|
feld |
Document libav vulnerability
Security: CVE-2015-5479 |
1.1_2
16 Jul 2015 06:08:45
|
jbeich |
Document recent multiple mozilla vulnerabilities |
1.1_2
15 Jul 2015 23:24:38
|
mandree |
Add PolarSSL < 1.2.14 issues.
See PR #201603 for a remedy. |
1.1_2
15 Jul 2015 21:10:53
|
tijl |
Latest libxml2 vulnerability also affects linux-*-libxml2 |
1.1_2
15 Jul 2015 20:10:39
|
tijl |
Document linux-*-libxml2 vulnerabilities |
1.1_2
15 Jul 2015 19:40:05
|
tijl |
Document linux-c6-flac vulnerabilities |
1.1_2
15 Jul 2015 15:50:00
|
feld |
- Document multiple security issues for libwmf
PR: 201513
Security: CVE-2004-0941
Security: CVE-2007-0455
Security: CVE-2007-2756
Security: CVE-2007-3472
Security: CVE-2007-3473
Security: CVE-2007-3477
Security: CVE-2009-3546
Security: CVE-2015-4695
Security: CVE-2015-4696
Security: CVE-2015-0848
Security: CVE-2015-4588
Security: ca139c7f-2a8c-11e5-a4a5-002590263bf5 |
1.1_2
15 Jul 2015 15:19:54
|
feld |
Reference another URL for tidy's CVE
PR: 200631
Security: bd1ab7a5-0e01-11e5-9976-a0f3c100ae18 |
1.1_2
15 Jul 2015 14:03:17
|
feld |
CVEs have been assigned for tidy
Security: bd1ab7a5-0e01-11e5-9976-a0f3c100ae18
Security: CVE-2015-5522
Security: CVE-2015-5523 |
1.1_2
15 Jul 2015 13:40:32
|
feld |
Document multiple apache24 vulnerabilities
Security: CVE-2015-3183
Security: CVE-2015-3185
Security: CVE-2015-0253
Security: CVE-2015-0228 |
1.1_2
15 Jul 2015 13:19:58
|
kwm |
Fix typo in flash security bulletin. |
1.1_2
15 Jul 2015 12:46:08
|
tijl |
- Update url of latest Flash plugin advisory
- Document libXfont vulnerabilities in linux-*-xorg-libs |
1.1_2
14 Jul 2015 12:14:02
|
tijl |
Use the correct package name for linux-*-flashplugin
Reported by: pluknet |
1.1_2
14 Jul 2015 08:48:55
|
kwm |
Use correct <tag> to mark all versions vulnerable. |
1.1_2
14 Jul 2015 08:39:51
|
kwm |
Add newest flash vulnerabilities CVE-2015-5122 and CVE-2015-5123.
No fixed version of flash available yet. |
1.1_2
13 Jul 2015 21:05:39
|
feld |
Document php sqlite3 use-after-free vulnerability
Change previous entry title to be hyphenated |
1.1_2
13 Jul 2015 21:00:47
|
feld |
Document php spl use-after-free vulnerability
No CVE assigned yet |
1.1_2
13 Jul 2015 20:55:39
|
feld |
Document PHP arbitrary code execution. No CVE assigned yet.
Fix missing blockquote URL in previous entry |
1.1_2
13 Jul 2015 20:53:37
|
feld |
php 5.4 package name is php5, not php54
Security: 36bd352d-299b-11e5-86ff-14dae9d210b8 |
1.1_2
13 Jul 2015 20:46:04
|
feld |
Document CVE-2015-3152 "BACKRONYM" vulnerability
PHP resolved in recent releases
MySQL has fixed in 5.7 branch and did not backport to older branches
MariaDB resolved in 5.5.44 and 10.0.20
Percona has not included a fix in any release (5.1, 5.5, or 5.6)
Security: CVE-2015-3152 |
1.1_2
13 Jul 2015 13:25:37
|
feld |
hadoop2 and oozie ports fetch a version of tomcat that is vulnerable
Security: 25e0593d-13c0-11e5-9afb-3c970e169bc2
Security: CVE-2014-0230
Security: CVE-2014-7810 |
1.1_2
13 Jul 2015 08:39:08
|
olgeni |
Document CSRF remote execution vulnerability for devel/ipython (CVE pending).
PR: 201515
Submitted by: Jason Unovitch |
1.1_2
13 Jul 2015 04:21:15
|
feld |
Document freeradius vulnerability
PR: 201059
Security: CVE-2015-4680 |
1.1_2
13 Jul 2015 04:08:32
|
feld |
Correct range for non-devel version of v8
PR: 201450
Security: 864e6f75-2372-11e5-86ff-14dae9d210b8 |
1.1_2
12 Jul 2015 22:30:25
|
feld |
CVE-2015-5380 also affects v8 and v8-devel
PR: 201450
Security: 864e6f75-2372-11e5-86ff-14dae9d210b8
Security: CVE-2015-5380 |
1.1_2
12 Jul 2015 20:00:10
|
feld |
Advisory URL was identical; remove duplicate |
1.1_2
12 Jul 2015 19:58:28
|
feld |
PowerDNS discovered the fix for CVE-2015-1868 was not complete in the
previous releases.
Security: 64e6006e-f009-11e4-98c6-000c292ee6b8
Security: CVE-2015-5470 |
1.1_2
12 Jul 2015 19:40:33
|
feld |
Add note on how to use the new html functionality |
1.1_2
12 Jul 2015 19:40:07
|
feld |
Add ability to produce html files for vuxml entries
This will allow committers to test complex vuxml entries before
submission.
A special thanks to hrs for responding to my plea for this feature
Submitted by: hrs |
1.1_2
11 Jul 2015 17:29:03
|
bapt |
- Add xen-tools to the list of packages fixed in existing
XSA-135 / CVE-2015-3209 entry
PR: 201416
Submitted by: Jason Unovitch <jason.unovitch@gmail.com> |
1.1_2
11 Jul 2015 17:21:35
|
bapt |
Document all recent xen-kernel and xen-tools security issues
PR: 201416
Submitted by: Jason Unovitch <jason.unovitch@gmail.com> |
1.1_2
11 Jul 2015 10:14:06
|
bapt |
Document a few pivotx vulnerabilities |
1.1_2
10 Jul 2015 13:53:59
|
feld |
Update squid entry to reflect new range of affected versions
Still waiting on CVE assignment
PR: 201374
Security: 150d1538-23fa-11e5-a4a5-002590263bf5 |
1.1_2
10 Jul 2015 00:31:39
|
delphij |
Document wpa_supplicant WPS_NFC option payload length validation
vulnerability
PR: 201432
Submitted by: Jason Unovitch |
1.1_2
09 Jul 2015 23:13:28
|
delphij |
Document OpenSSL alternative chains certificate forgery vulnerability. |
1.1_2
09 Jul 2015 16:42:33
|
lwhsu |
- Correct the version range of www/py-django-devel |
1.1_2
09 Jul 2015 15:59:12
|
feld |
document django vulnerabilities
Security: 37ed8e9c-2651-11e5-86ff-14dae9d210b8
Security: CVE-2015-5143
Security: CVE-2015-5144
Security: CVE-2015-5145 |
1.1_2
09 Jul 2015 15:23:24
|
feld |
node and iojs vuln now has a CVE assigned
Security: 864e6f75-2372-11e5-86ff-14dae9d210b8
Security: CVE-2015-5380 |
1.1_2
08 Jul 2015 18:58:39
|
tijl |
Document Adobe Flash Plugin vulnerability (CVE-2015-5119) |
1.1_2
08 Jul 2015 17:26:05
|
feld |
Fix other no-op formatting mistakes for the roundcube entry
Security: 038a5808-24b3-11e5-b0c8-bf4d8935d4fa |
1.1_2
08 Jul 2015 17:05:01
|
feld |
Fix formatting by adding some breaks
Security: 038a5808-24b3-11e5-b0c8-bf4d8935d4fa |
1.1_2
08 Jul 2015 01:20:37
|
delphij |
Make version range closer to reality -- this should be a no-op (use of P2
and P1 without PORTREVISION is intentional). |
1.1_2
07 Jul 2015 22:14:06
|
delphij |
-base options for dns/bind have been gone now. Cover them with <gt>0</gt>
for this entry so that existing users gets warned.
Noticed by: mat |
1.1_2
07 Jul 2015 21:53:00
|
delphij |
Document BIND remote resolver DoS vulnerability when DNSsec validation
is enabled. |
1.1_2
07 Jul 2015 15:05:13
|
feld |
cups-filters mentions wrong CVE in some places
incorrect: CVE-2015-3259
correct: CVE-2015-3279
Add mailing list post that clarifies this
Security: bf1d9331-21b6-11e5-86ff-14dae9d210b8 |
1.1_2
07 Jul 2015 14:54:13
|
feld |
Document haproxy information leak
Security: CVE-2015-3281 |
1.1_2
07 Jul 2015 14:35:40
|
feld |
Document roundcube vulnerabilities
Security: CVE-2015-5381
Security: CVE-2015-5383 |
1.1_2
07 Jul 2015 02:45:24
|
feld |
Document SQL Injection in turnserver
PR: 201231 |
1.1_2
06 Jul 2015 17:31:21
|
feld |
Document recent squid vulnerabilities
PR: 201374 |
As an Amazon Associate I earn from qualifying purchases.
