| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_2
06 Jul 2015 13:08:08
   |
kwm  |
Use correct end tag.
Submitted by: dvl@ |
1.1_2
06 Jul 2015 12:54:13
|
feld |
Add iojs as affected package
Security: 864e6f75-2372-11e5-86ff-14dae9d210b8 |
1.1_2
06 Jul 2015 03:39:37
|
feld |
Correct bitcoin range for CVE-2015-3641 |
1.1_2
06 Jul 2015 03:30:24
|
feld |
Document ansible vulnerabilities
PR: 201359 |
1.1_2
06 Jul 2015 03:21:32
|
feld |
Document bitcoin CVE-2015-3641 |
1.1_2
06 Jul 2015 00:23:35
|
feld |
add node-devel as affected package
confirmed source code of node 0.11.16 is also vulnerable |
1.1_2
06 Jul 2015 00:09:55
|
feld |
add www/node denial of service vulnerability
no known CVE has been assigned |
1.1_2
03 Jul 2015 19:17:29
|
feld |
cups-filters CVE-2015-3279 |
1.1_2
03 Jul 2015 14:43:09
|
tijl |
Fix range for linux-c6-openssl |
1.1_2
01 Jul 2015 13:56:04
|
kwm |
Record libxml2 vulnability
Security: CVE-2015-1819 |
1.1_2
01 Jul 2015 13:22:46
|
feld |
Correct version range for netpbm CVE-2015-3885 |
1.1_2
01 Jul 2015 00:09:32
|
delphij |
Document games/wesnoth authentication information disclosure vulnerability.
PR: 201105
Submitted by: Jason Unovitch |
1.1_2
30 Jun 2015 23:56:40
|
amdmi3 |
- Document CVE-2015-3258 (cups-filters buffer overflow vulnerability)
PR: 201134
Submitted by: cyberbotx@cyberbotx.com
Differential Revision: |
1.1_2
30 Jun 2015 20:56:29
|
delphij |
Document ntp remote control message DoS vulnerability. |
1.1_2
26 Jun 2015 19:13:31
|
nox |
Document qemu pcnet guest to host escape vulnerability - CVE-2015-3209
PR: 201064
Submitted by: koobs
Security: https://vuxml.FreeBSD.org/freebsd/acd5d037-1c33-11e5-be9c-6805ca1d3bb1.html |
1.1_2
26 Jun 2015 04:35:46
|
delphij |
Document CVE-2014-3120, CVE-2014-6439, CVE-2015-1427, CVE-2015-3337,
and CVE-2015-4165 (various Elasticsearch vulnerabilities).
PR: ports/201008
Submitted by: Jason Unovitch |
1.1_2
24 Jun 2015 20:35:40
|
delphij |
Split CVE-2015-4152 to its own entry as the affected port is logstash only.
While there also document CVE-2014-4326 (already fixed) for logstash.
PR: ports/201001
Submitted by: Jason Unovitch |
1.1_2
24 Jun 2015 20:17:20
|
delphij |
Add entry for logstash-forwarder/logstash.
PR: ports/201065
Submitted by: Jason Unovitch |
1.1_2
24 Jun 2015 18:54:36
|
jbeich |
Aggressively mark more consumers of bundled dcraw as vulnerable
ljpeg_start() originates from dcraw, no need to list every package with
copy of it at the expense of readability. |
1.1_2
24 Jun 2015 09:01:07
|
xmj |
Document linux-*-flashplugin11 CVE.
Reported by: kwm
Reviewed by: kwm
Security: d02f6b01-1a3f-11e5-8bd6-c485083ca99c
Security: CVE-2015-3113
Sponsored by: Perceivon Hosting Inc. |
1.1_2
23 Jun 2015 00:15:19
|
delphij |
Fix entry date. |
1.1_2
23 Jun 2015 00:13:58
|
delphij |
Document rubygem-bson DoS and possible injection vulnerability.
PR: 201061
Submitted by: Jason Unovitch |
1.1_2
22 Jun 2015 23:39:35
|
delphij |
Document 3 vulnerabilities with PHP that affected 4 extensions.
PR: 200926
Submitted by: Jason Unovitch |
1.1_2
22 Jun 2015 23:22:24
|
delphij |
Reflect version range change after r390340. While I'm there, also fix
the CVE-2015-4556 entry because it's not yet fixed in the ports tree and
add a reference to the PR while there.
PR: 200980
Submitted by: Vitaly Magerya (with changes suggested by Jason Unovitch) |
1.1_2
22 Jun 2015 22:28:05
|
olgeni |
Document vulnerabilities in devel/ipython < 3.2.0. |
1.1_2
22 Jun 2015 19:23:46
|
rene |
Document new vulnerabilities in www/chromium < 43.0.2357.130
Obtained
from: http://googlechromereleases.blogspot.nl/2015/06/chrome-stable-update.html |
1.1_2
22 Jun 2015 07:13:46
|
delphij |
Document rubygem-paperclip validation bypass vulnerabilitiy.
PR: 200979
Submitted by: Jason Unovitch |
1.1_2
22 Jun 2015 07:02:21
|
delphij |
Document lang/chicken vulnerabilities CVE-2014-9651 and CVE-2015-4556.
PR: 200980
Submitted by: Jason Unovitch |
1.1_2
22 Jun 2015 06:44:55
|
delphij |
Document cacti multiple vulnerabilities (affects < 0.8.8c) and
multiple XSS/SQL injection vulnerabilities (affects < 0.8.8d).
PR: 200963
Submitted by: Jason Unovitch |
1.1_2
20 Jun 2015 12:11:57
|
kuriyama |
Add p5-Dancer vuln. |
1.1_2
19 Jun 2015 00:13:25
|
delphij |
Document Drupal multiple vulnerabilities. |
1.1_2
17 Jun 2015 21:40:52
|
delphij |
Document two vulnerabilities of cURL. |
1.1_2
17 Jun 2015 17:35:59
|
sunpoet |
- Make it compatible with Python 3.x
Approved by: delphij |
1.1_2
17 Jun 2015 17:24:31
|
sunpoet |
- Document Ruby on Rails multiple vulnerabilities |
1.1_2
17 Jun 2015 17:18:39
|
delphij |
Modify a5f160fa-deee-11e4-99f8-080027ef73ec so it covers ja-mailman too.
Submitted by: Yasuhito FUTATSUKI |
1.1_2
17 Jun 2015 00:24:46
|
delphij |
Document testdisk multiple vulnerabilities.
PR: ports/200250
Submitted by: Jason Unovitch |
1.1_2
16 Jun 2015 00:44:02
|
delphij |
Document Tomcat multiple vulnerabilities. |
1.1_2
12 Jun 2015 14:10:38
|
brd |
Add ossec-hids-* vulnerabilities.
PR: 200801
Submitted by: Jason Unovitch <jason.unovitch@gmail.com>
Approved by: swills (mentor) |
1.1_2
12 Jun 2015 02:12:37
|
zi |
- Add vulnerability information for additional ports affected by openssl CVEs in
8305e215-1080-11e5-8ba2-000c2980a9f3 |
1.1_2
11 Jun 2015 21:35:49
|
zi |
- Document recent vulnerabilities in security/openssl |
1.1_2
11 Jun 2015 15:53:37
|
xmj |
Document 13 Flash vulnerabilities.
Affected: www/linux-*-flashplugin11. |
1.1_2
10 Jun 2015 18:09:20
|
delphij |
Document libzmq4 V3 protocol handler protocol downgrade vulnerability.
PR: 200502
Submitted by: Jason Unovitch |
1.1_2
10 Jun 2015 17:34:21
|
delphij |
Document pgbouncer remote denial of service vulnerability.
PR: 200537
Submitted by: Jason Unovitch |
1.1_2
09 Jun 2015 23:17:10
|
delphij |
Document cups multiple vulnerabilities. |
1.1_2
09 Jun 2015 08:23:29
|
delphij |
Document two strongswan vulnerabilities.
PR: 200721
Submitted by: Jason Unovitch (with changes: wrapped long line and changed
CVE-2015-3991's coverage to cover only < 5.3.1 to reflect
the reality). |
1.1_2
08 Jun 2015 22:33:12
|
delphij |
Document redis EVAL Lua sandbox escape vulnerability. |
1.1_2
08 Jun 2015 17:30:48
|
thierry |
Add an entry for www/tidy-* heap-buffer-overflow.
PR: ports/200631
Submitted by: Walter Hop |
1.1_2
07 Jun 2015 21:07:35
|
delphij |
Fix typo and remove PHP from pcre vulnerabilities, as the bundled pcre
is not used. |
1.1_2
07 Jun 2015 20:53:12
|
delphij |
Document fixed version of pcre in e69af246-0ae2-11e5-90e4-d050996490d0. |
1.1_2
06 Jun 2015 18:21:17
|
sunpoet |
- Update VuXML
PR: 200196
Submitted by: Jason Unovitch <jason.unovitch@gmail.com> |
1.1_2
05 Jun 2015 23:54:02
|
zi |
- Re-add PHP removed in previous commit
- Update pcre to use lt instead of gt |
1.1_2
05 Jun 2015 15:42:31
|
zi |
- Make version matching on the pcre vuln a little more sane
- Remove PHP as the vulnerability appears to be in devel/pcre, not php |
1.1_2
04 Jun 2015 18:18:33
|
delphij |
Document two recent pcre vulnerabilities that can be triggered by
specifically crafted *patterns* and would lead to stack or heap
overflow. |
1.1_2
04 Jun 2015 00:35:59
|
osa |
Update information for graphics/libraw.
PR: 200194 |
1.1_2
02 Jun 2015 09:44:26
|
marino |
security/vuxml: multiple vulnerabilities of wpa_supplicant and hostapd
Security: CVE-2015-4141
Security: CVE-2015-4142
Security: CVE-2015-4143
Security: CVE-2015-4144
Security: CVE-2015-4145
Security: CVE-2015-4146
PR: 200568 |
1.1_2
02 Jun 2015 02:50:04
|
jbeich |
Document recent ffmpeg0 vulnerabilities |
1.1_2
01 Jun 2015 19:37:58
|
riggs |
Add entry for vulnerable versions of avidemux2 and avidemux26
PR: 200507
Submitted by: venture37@geeklan.co.uk |
1.1_2
01 Jun 2015 18:44:14
|
mmoll |
security/vuxml: add www/rubygem-rest-client vulnerabilities
PR: 200504
Differential Revision: https://reviews.freebsd.org/D2699
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
Approved by: ports-secteam (delphij, eadler)
Security: CVE-2015-1820
Security: CVE-2015-3448 |
1.1_2
01 Jun 2015 07:24:49
|
delphij |
- Add kodi to 57325ecf-facc-11e4-968f-b888e347c638 [1]
- Update entry dates for newly added entry.
PR: 200200 [1]
Submitted by: Jason Unovitch [1] |
1.1_2
01 Jun 2015 05:59:00
|
delphij |
Reflect CVE-2015-2060 and CVE-2014-9556.
PR: ports/198955
Submitted by: Jason Unovitch |
1.1_2
31 May 2015 16:07:52
|
lwhsu |
- Document django vulnerability CVE-2015-3982 |
1.1_2
31 May 2015 08:08:17
|
delphij |
Extend 57325ecf-facc-11e4-968f-b888e347c638 to cover rawstudio as well.
PR: 200199
Submitted by: Jason Unovitch |
1.1_2
29 May 2015 22:20:31
|
delphij |
Document the issue with proxychains-ng which uses current directory when
searching for its own shared library (CVE-2015-3887).
PR: 200511
Submitted by: Jason Unovitch |
1.1_2
28 May 2015 19:47:25
|
delphij |
Document wireshark multiple vulnerabilities. |
1.1_2
28 May 2015 17:46:26
|
delphij |
Document krb5 requires_preauth bypass in PKINIT-enabled KDC. |
1.1_2
26 May 2015 22:15:06
|
delphij |
Retrofit document cURL multiple vulnerabilities. |
1.1_2
24 May 2015 07:29:09
|
delphij |
Document cassandra remote code execution vulnerability.
PR: 199091
Submitted by: Jason Unovitch <jason unovitch gmail com> |
1.1_2
24 May 2015 07:23:40
|
delphij |
Fix version range for previous commit. |
1.1_2
24 May 2015 07:19:10
|
delphij |
Extend CVE-2015-3456 to cover xen-tools (4.5.0-4.5.0_5: we didn't supported
the feature in earlier version of this port) and VirtualBox cases as well.
PR: 200311 |
1.1_2
24 May 2015 03:43:25
|
xmj |
document possible vulnerabilities in sysutils/py-salt
PR: 200172
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk> |
1.1_2
23 May 2015 18:25:51
|
pi |
Add entry for mail/davmail.
PR: 198297
Submitted by: Jason Unovitch <jason.unovitch@gmail.com>
Approved by: <john.c.prather@gmail.com> (maintainer (timeout)) |
1.1_2
23 May 2015 08:38:18
|
mandree |
Document dnsmasq and -devel vulnerabilities (CVE-2015-3294 and one other in rc). |
1.1_2
22 May 2015 22:49:13
|
delphij |
Document PCRE and PHP multiple vulnerabilities. |
1.1_2
22 May 2015 22:15:22
|
delphij |
Correct PR number.
Submitted by: jason.unovitch gmail.com |
1.1_2
22 May 2015 19:06:28
|
girgen |
Record some minor PostgreSQL sercurity problems.
"This update fixes three security vulnerabilities reported in PostgreSQL over
the past few months. Nether of these issues is seen as particularly urgent.
However, users should examine them in case their installations are vulnerable."
URL: http://www.postgresql.org/about/news/1587/ |
1.1_2
22 May 2015 07:04:28
|
delphij |
Pass full path to the vuln.xml file to extra-validation.py. Without this,
if .OBJDIR differs from .CURDIR, the validation would fail.
PR: 193923
Reported by: jbeich |
1.1_2
20 May 2015 19:21:07
|
delphij |
Document CVE-2015-3306 proftpd mod_copy unauthenticated copying of files
vulnerability. |
1.1_2
19 May 2015 19:27:39
|
brd |
Document vulnerability in security/ipsec-tools.
PR: 200334
Approved by: bdrewery (mentor) |
1.1_2
19 May 2015 17:48:07
|
rene |
Document new vulnerabilities in www/chromium < 43.0.2357.65
Obtained
from: http://googlechromereleases.blogspot.nl/2015/05/stable-channel-update_19.html |
1.1_2
19 May 2015 07:54:29
|
delphij |
Document ClamAV multiple vulnerabilities. |
1.1_2
17 May 2015 15:48:13
|
mmoll |
security/vuxml: Add CVE-2015-3900 entry for devel/ruby-gems
PR: 200264
Differential Revision: https://reviews.freebsd.org/D2572
Approved by: mat (mentor)
Security: CVE-2015-3900 |
1.1_2
17 May 2015 10:06:10
|
nox |
Document qemu "VENOM" vulnerability - CVE-2015-3456
PR: 200255
PR: 200256
PR: 200257
Submitted by: venture37@geeklan.co.uk
Security: http://vuxml.FreeBSD.org/freebsd/2780e442-fc59-11e4-b18b-6805ca1d3bb1.html |
1.1_2
16 May 2015 10:00:59
|
makc |
Document Quassel IRC vulnerability CVE-2015-3427 |
1.1_2
15 May 2015 22:31:30
|
truckman |
Correct entry for apache-openoffice-* / libreoffice CVE-2015-1774 so
that apache-openoffice-4.1.1_9 is not incorrectly flagged as vulnerable.
Approved by: mat (mentor, implicit) |
1.1_2
15 May 2015 12:02:57
|
mmoll |
security/vuxml: document vulnerability in rubygem-redcarpet <3.2.3
PR: 200195
Differential Revision: https://reviews.freebsd.org/D2548
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
Approved by: mat (mentor) |
1.1_2
15 May 2015 07:12:20
|
rodrigo |
security/vuxml: Add CVE-2015-3885 entry for graphics/ufraw
PR: 200197 |
1.1_2
13 May 2015 18:51:23
|
matthew |
Record two new phpMyAdmin security vulnerabilities |
1.1_2
13 May 2015 14:39:01
|
xmj |
Document multiple vulnerabilities in www/linux-*-flashplugin11.
Security: CVE-2015-3044
Security: CVE-2015-3077
Security: CVE-2015-3078
Security: CVE-2015-3079
Security: CVE-2015-3080
Security: CVE-2015-3081
Security: CVE-2015-3082
Security: CVE-2015-3083
Security: CVE-2015-3084
Security: CVE-2015-3085
Security: CVE-2015-3086
Security: CVE-2015-3087
Security: CVE-2015-3088
Security: CVE-2015-3089
Security: CVE-2015-3090
Security: CVE-2015-3091
Security: CVE-2015-3092
Security: CVE-2015-3093 |
1.1_2
12 May 2015 18:24:57
|
jbeich |
VuXML: document recent mozilla vulnerabilities |
1.1_2
12 May 2015 10:48:17
|
koobs |
security/vuxml: Add CVE-2015-0971 entry for security/suricata |
1.1_2
11 May 2015 18:12:03
|
delphij |
Revert r385940,r385932,r385864:
The usage of * is actually valid, as pointed out at the FreeBSD porter's
handbook:
https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html
Which denotes "the smallest version number" (in other words, * < 0).
Requested by: many
Pointy hat to: delphij |
1.1_2
10 May 2015 20:24:26
|
rakuco |
Add entry for CVE-2015-3146 in security/libssh. |
1.1_2
10 May 2015 12:12:31
|
ohauer |
- fix a second postfix entry
PR: 200089 (followup) |
1.1_2
10 May 2015 08:28:44
|
delphij |
Correct version range.
PR: 200089 |
1.1_2
09 May 2015 08:20:45
|
delphij |
* is not valid for version number, replace all instances with 0 and bump
modification date.
Submitted by: Chris Nehren <cnehren tenable com> (version number part) |
1.1_2
08 May 2015 18:42:31
|
jbeich |
VuXML: update sqlite3 entry with verbose descriptions. CVE-2015-341[4-6]
PR: 199483 |
1.1_2
07 May 2015 23:56:04
|
truckman |
Document HWP filter vulnerability in editors/libreoffice < 4.3.7 and
editors/openoffice < 4.1.2, CVE-2015-1774.
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D2475 |
1.1_2
07 May 2015 09:21:40
|
kwm |
Document current and previous wordpress vulnabilities. |
1.1_2
02 May 2015 00:59:18
|
delphij |
Fix version range of two ancient items.
Submitted by: Chris Nehren <cnehren tenable com> |
1.1_2
01 May 2015 15:05:36
|
brd |
Add entry for powerdns and powerdns-recursor.
Approved by: bdrewery (mentor) |
As an Amazon Associate I earn from qualifying purchases.
