| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_2
06 Jan 2015 21:11:36
   |
mandree  |
Add three upstream patches to busybox 1.22.1, bumping PORTREVISION to 2.
One fixes the CVE-2014-4608 buffer overrun in LZO2,
one fixes the nc app, one fixes the zcat and related apps when accessing
files without extension.
List busybox < 1.22.1_2 as vulnerable, and add CVE Name to the vulndb.
Security: CVE-2014-4608
Security: d1f5e12a-fd5a-11e3-a108-080027ef73ec |
1.1_2
04 Jan 2015 22:54:03
|
rea |
VuXML: document multiple vulnerabilities in WordPress
CVE-2014-9033 to CVE-2014-9039. |
1.1_2
04 Jan 2015 22:25:20
|
rea |
VuXML: document heap overflow in 32-bit builds of libpng |
1.1_2
02 Jan 2015 23:24:18
|
delphij |
Document file multiple vulnerabilities. |
1.1_2
23 Dec 2014 21:24:56
|
rea |
Fix whitespace in entry for ntp (4033d826-87dd-11e4-9079-3c970e169bc2) |
1.1_2
23 Dec 2014 21:22:36
|
rea |
Document CVE-2014-9116 in mutt |
1.1_2
20 Dec 2014 00:21:31
|
delphij |
Document ntp multiple vulnerabilities. |
1.1_2
19 Dec 2014 18:05:52
|
brd |
Document git vulerability
Approved by: swills
Security: CVE-2014-9390 |
1.1_2
16 Dec 2014 22:06:32
|
cs |
OTRS security announcement |
1.1_2
16 Dec 2014 11:44:28
|
kwm |
Register portepoch in the xorg-server entry.
Submitted by: Adam McDougall <mcdouga9@egr.msu.edu>
Pointyhat to: kwm@ |
1.1_2
16 Dec 2014 10:46:58
|
tijl |
Fix version information on several subversion vulnerabilities |
1.1_2
15 Dec 2014 22:18:50
|
ohauer |
- document Subversion remote DoS |
1.1_2
14 Dec 2014 09:45:09
|
danfe |
The GLX indirect rendering support supplied on NVIDIA products is subject to
the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098)
as well as internally identified vulnerabilities (CVE-2014-8298). |
1.1_2
11 Dec 2014 20:56:22
|
delphij |
Document BIND vulnerability. |
1.1_2
11 Dec 2014 09:41:11
|
madpilot |
Document vulnerability in asterisk11. |
1.1_2
10 Dec 2014 21:31:57
|
kwm |
Document xserver security advisories. |
1.1_2
09 Dec 2014 03:05:15
|
sem |
- Remove a redundant dot |
1.1_2
09 Dec 2014 02:43:38
|
sem |
Document unbound vulnerability |
1.1_2
07 Dec 2014 12:25:30
|
kwm |
Document freetype 2 vulnability. |
1.1_2
04 Dec 2014 07:15:30
|
matthew |
The latest in a long line of phpMyAdmin security advisories: DoS and
XSS vulnerabilities.
Security: c9c46fbf-7b83-11e4-a96e-6805ca0b3d42 |
1.1_2
03 Dec 2014 11:20:52
|
beat |
Document mozilla vulnerabilities
PR: 195559
Submitted by: Jan Beich |
1.1_2
02 Dec 2014 01:38:26
|
delphij |
Document OpenVPN Denial of Service vulnerability. |
1.1_2
25 Nov 2014 21:42:43
|
naddy |
Document CVE-2014-8962 and CVE-2014-9028 in audio/flac. |
1.1_2
23 Nov 2014 10:35:07
|
madpilot |
Add CVE names for recent asterisk vulnerabilities. |
1.1_2
21 Nov 2014 11:07:00
|
madpilot |
Document multiple vulnerabilities in asterisk ports. |
1.1_2
21 Nov 2014 08:13:01
|
matthew |
Document the latest round of phpMyAdmin vulnerabilities.
Security: a5d4a82a-7153-11e4-88c7-6805ca0b3d42 |
1.1_2
20 Nov 2014 21:30:30
|
rakuco |
Add note about CVE-2014-8600 in kde4-runtime and kwebkitpart. |
1.1_2
20 Nov 2014 08:42:28
|
madpilot |
Document yii vulnerability CVE-2014-4672. |
1.1_2
18 Nov 2014 18:32:22
|
rene |
Document new vulnerabilities in www/chromium < 39.0.2171.65
Obtained
from: http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html |
1.1_2
17 Nov 2014 21:27:59
|
rakuco |
Fix version check for the entry added in r372686.
4.11.14 is not in ports yet, the fix was backported to 4.11.13 so we are
safe with 4.11.13_1. |
1.1_2
17 Nov 2014 21:00:00
|
rakuco |
Add entry for CVE-2014-8651 in x11/kde4-workspace. |
1.1_2
13 Nov 2014 10:38:17
|
antoine |
Cleanup plist |
1.1_2
11 Nov 2014 18:35:06
|
kwm |
document dbus CVE-2014-7824 |
1.1_2
07 Nov 2014 22:07:54
|
rea |
ftp/wget: document CVE-2014-4877, path traversal in recursive FTP mode |
1.1_2
05 Nov 2014 22:18:26
|
makc |
VuXML: fix spelling for the latest entry
Noticed by: ports-secteam (rea) |
1.1_2
05 Nov 2014 14:49:09
|
makc |
VuXML: document CVE-2014-8483 for irc/konversation-kde4
Approved by: ports-secteam (zi) |
1.1_2
31 Oct 2014 15:38:01
|
rea |
VuXML: document remote Perl code execution in TWiki
Crafted GET parameter "debugenableplugins" can be used to trigger
code execution,
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 |
1.1_2
31 Oct 2014 11:09:18
|
rea |
VuXML: document vulnerability in Jenkins
CVE-2014-3665, remote code execution on master servers that can
be initiated by (untrusted) slaves,
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30 |
1.1_2
29 Oct 2014 21:51:18
|
rakuco |
Add entry for libssh's CVE-2014-0017. |
1.1_2
24 Oct 2014 01:58:14
|
zi |
- Document recent vulnerabilities in libpurple/pidgin |
1.1_2
22 Oct 2014 08:54:59
|
matthew |
Document cross site scripting vulnerabilities in phpMyAdmin
Security: 25b78f04-59c8-11e4-b711-6805ca0b3d42 |
1.1_2
21 Oct 2014 13:58:33
|
madpilot |
Document asterisk susceptibility to the POODLE vulnerability,
described in CVE-2014-3566. |
1.1_2
18 Oct 2014 12:52:27
|
kwm |
Document libxml2 denial of service |
1.1_2
17 Oct 2014 14:34:14
|
xmj |
Add linux-c6-openssl to OpenSSL entry from 2014-10-15.
Approved by: swills (mentor) |
1.1_2
16 Oct 2014 18:19:57
|
flo |
Document critical SQL Injection Vulnerability in www/drupal7 |
1.1_2
16 Oct 2014 10:34:50
|
beat |
- Mark libxul as vulnerable too
Submitted by: Jan Beich |
1.1_2
15 Oct 2014 17:59:37
|
delphij |
Document OpenSSL multiple vulnerabilities. |
1.1_2
15 Oct 2014 11:46:04
|
beat |
Document mozilla vulnerabilities
PR: 194356
Submitted by: Jan Beich |
1.1_2
09 Oct 2014 13:17:26
|
feld |
Convert USE_PYTHON_RUN to new USES syntax;
Appease the angry DEVELOPER=YES god
Approved by: mat |
1.1_2
09 Oct 2014 13:09:52
|
feld |
Add entry for foreman-proxy
Obtained from: mmoll |
1.1_2
08 Oct 2014 08:32:05
|
rene |
Document new vulnerabilities in www/chromium < 38.0.2125.101
Obtained
from: http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html
MFH: 2014Q4 |
1.1_2
06 Oct 2014 19:09:35
|
ohauer |
- document bugzilla security issues |
1.1_2
02 Oct 2014 21:14:31
|
bdrewery |
Fix rsyslog entry for pkgname matching |
1.1_2
02 Oct 2014 19:59:02
|
matthew |
www/rt42 < 4.2.8 is vulnerable to shellshock related exploits through
its SMIME integration.
Security: 81e2b308-4a6c-11e4-b711-6805ca0b3d42 |
1.1_2
02 Oct 2014 19:30:56
|
brd |
- Update the rsyslog entry to reflect the new versions
Reviewed by: bdrewery |
1.1_2
02 Oct 2014 01:06:43
|
bdrewery |
Update Jenkins entry 549a2771-49cc-11e4-ae2c-c80aa9043978 to be readable. |
1.1_2
02 Oct 2014 00:54:30
|
bdrewery |
Update grammar of DoS in Jenkins entry |
1.1_2
02 Oct 2014 00:53:43
|
bdrewery |
Fix Jenkins entry to note that XSS is an issue, not as compiler |
1.1_2
02 Oct 2014 00:46:54
|
bdrewery |
Document Jenkins vulnerabilities
Security: CVE-2014-3661
Security: CVE-2014-3662
Security: CVE-2014-3663
Security: CVE-2014-3664
Security: CVE-2014-3680
Security: CVE-2014-3681
Security: CVE-2014-3666
Security: CVE-2014-3667
Security: CVE-2013-2186
Security: CVE-2014-1869
Security: CVE-2014-3678
Security: CVE-2014-3679 |
1.1_2
01 Oct 2014 22:57:16
|
bdrewery |
Fix bash entries to also mark bash-static vulnerable |
1.1_2
01 Oct 2014 22:30:59
|
bdrewery |
Document CVE-2014-6277 and CVE-2014-6278 for bash. |
1.1_2
01 Oct 2014 22:12:11
|
bdrewery |
- Document CVE-2014-7187 fixed in bash-4.3.27_1 |
1.1_2
01 Oct 2014 21:25:46
|
matthew |
Document the latest phpMyAdmin vulnerability.
- while here fix the '>' breakage in the rsyslogd entry.
Security: 3e8b7f8a-49b0-11e4-b711-6805ca0b3d42 |
1.1_2
01 Oct 2014 03:40:04
|
bdrewery |
Document CVE-2014-7186 for bash |
1.1_2
30 Sep 2014 20:09:33
|
brd |
- Document sysutils/rsyslog vulnerabilities CVE-2014-3634
Reviewed by: bdrewery@ |
1.1_2
29 Sep 2014 23:34:30
|
bdrewery |
Document shells/fish vulnerabilities |
1.1_2
26 Sep 2014 17:34:27
|
xmj |
Add linux-c6-nss-3.15.1 package to the NSS vulnerability report.
Approved by: swills (mentor) |
1.1_2
26 Sep 2014 17:05:38
|
xmj |
Add linux_base-c6-6.5 package to the bash vulnerability report.
Approved by: swills (mentor) |
1.1_2
25 Sep 2014 16:22:07
|
bdrewery |
The 2nd bash issue was reassigned to CVE-2014-7169:
http://seclists.org/oss-sec/2014/q3/685
Reported by: jkim |
1.1_2
25 Sep 2014 15:44:01
|
bdrewery |
Update bash entry for CVE-2014-3659
Security: CVE-2014-3659
Security: ca44b64c-4453-11e4-9ea1-c485083ca99c |
1.1_2
25 Sep 2014 13:29:38
|
rea |
VuXML entry 48108fb0-751c-4cbb-8f33-09239ead4b55: expanded details
Reviewed by: des@ |
1.1_2
25 Sep 2014 12:48:21
|
xmj |
www/linux-*-flashplugin11: Fix multiple security vulnerabilities
Adobe has discovered multiple security vulnerabilities in Flash
linux-*-flashplugin-11.2r202.400. Ugrade the two Linux ports to
version .406, which fixes these.
While there, assign www/linux-c6-flashplugin11 to emulation@
in order to match r369160.
PR: 193904
Differential Revision: https://reviews.freebsd.org/D831
Submitted by: Jung-uk Kim
Approved by: koobs (mentor)
MFH: 2014Q3
Security: ca44b64c-4453-11e4-9ea1-c485083ca99c |
1.1_2
25 Sep 2014 07:45:16
|
des |
fix |
1.1_2
25 Sep 2014 07:43:17
|
des |
Add entry for the NSS signature forgery bug.
PR: 193906
MFH: 2014Q3
Security: CVE-2014-1568 |
1.1_2
25 Sep 2014 07:34:52
|
rene |
Document new vulnerability in www/chromium < 37.0.2062.124
Obtained from: http://googlechromereleases.blogspot.nl/
MFH: 2014Q3 |
1.1_2
24 Sep 2014 21:22:02
|
rakuco |
Add entry for net/krfb (CVE-2014-6055). |
1.1_2
24 Sep 2014 18:07:12
|
delphij |
Document bash remote code execution vulnerability. |
1.1_2
18 Sep 2014 19:53:09
|
madpilot |
Document new asterisk11 vulnerability.
MFH: 2014Q3 |
1.1_2
18 Sep 2014 13:20:58
|
madpilot |
Document new squid vulnerability.
PR: 193737
Submitted by: timp87 at gmail.com
MFH: 2014Q3 |
1.1_2
17 Sep 2014 11:04:33
|
kwm |
Document new dbus vulnabilities.
MFH: 2014Q3 |
1.1_2
16 Sep 2014 17:35:34
|
osa |
Document nginx security advisory (CVE-2014-3616). |
1.1_2
13 Sep 2014 21:18:57
|
matthew |
Document the latest phpMyAdmin vulnerability
Security: cc627e6c-3b89-11e4-b629-6805ca0b3d42 |
1.1_2
11 Sep 2014 14:09:44
|
brd |
Document CVE-2014-5284 affecting security/ossec-hids-* < 2.8.1.
Reviewed by: zi@ |
1.1_2
09 Sep 2014 21:27:25
|
rene |
Document new vulnerabilities in www/chromium < 37.0.2062.120
Obtained from: http://googlechromereleases.blogspot.nl/
MFH: 2014Q3 |
1.1_2
05 Sep 2014 14:45:48
|
tijl |
Document trafficserver vulnerability
MFH: 2014Q3 |
1.1_2
03 Sep 2014 20:16:29
|
ohauer |
- update vid f927e06c-1109-11e4-b090-20cf30e32f6d
(httpd-2.2.29 was released today)
MFH: 2014Q3 |
1.1_2
26 Aug 2014 16:36:41
|
rene |
Document new vulnerabilities in www/chromium < 37.0.2062.94
Obtained from: http://googlechromereleases.blogspot.nl
MFH: 2014Q3 |
1.1_2
21 Aug 2014 19:46:21
|
zi |
- Document buffer overrun in sysutils/file |
1.1_2
21 Aug 2014 17:13:16
|
lwhsu |
Add missing <package> tag |
1.1_2
21 Aug 2014 17:09:59
|
lwhsu |
Document Django 2014-08-20 vulnerabilty
Reviewed by: koobs |
1.1_2
18 Aug 2014 21:11:32
|
flo |
Record PHP 5.3 vulnerabilities |
1.1_2
17 Aug 2014 19:48:04
|
matthew |
Document the latest phpMyAdmin security advisories.
XSS in view operations page
and
Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts
and table relations pages
Security: fbb01289-2645-11e4-bc44-6805ca0b3d42 |
1.1_2
13 Aug 2014 06:43:35
|
rene |
Document new vulnerabilities in www/chromium < 36.0.1985.143
Submitted by: Carlos Jacobo Puga Media <cpm@fbsd.es>
Obtained from: http://googlechromereleases.blogspot.nl/
MFH: 2014Q3 |
1.1_2
11 Aug 2014 20:19:41
|
ohauer |
- fix package name s/subversion18/subversion/
Thanks to jkim@ for the notice! |
1.1_2
11 Aug 2014 19:06:37
|
zi |
- INSERT URL HERE |
1.1_2
11 Aug 2014 18:52:33
|
ohauer |
- document serf CVE-2014-3504
MFH: 2014Q3 |
1.1_2
11 Aug 2014 18:42:38
|
ohauer |
- document subversion CVE-2014-3522, CVE-2014-3528
MFH: 2014Q3 |
1.1_2
10 Aug 2014 03:07:54
|
osa |
Fix typo.
Found by: rene |
1.1_2
09 Aug 2014 18:26:53
|
osa |
Document nginx vulnerability. |
1.1_2
06 Aug 2014 23:12:58
|
delphij |
Document OpenSSL multiple vulnerabilities. |
As an Amazon Associate I earn from qualifying purchases.
