| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
10 Mar 2013 19:04:01
   |
rea  |
Perl 5.x: fix CVE-2013-1667
Feature safe: wholeheartedly hope so |
1.1_1
10 Mar 2013 04:03:12
|
miwi |
- Fix previous entry |
1.1_1
10 Mar 2013 00:13:00
|
marcus |
Belatedly add an entry for libpurple's recent vulnerabilities. |
1.1_1
08 Mar 2013 22:27:39
|
flo |
- update thunderbird, firefox-esr, linux-thunderbird and linux-firefox to
17.0.4
- update firefox to 19.0.2
- add vuln.xml entry
Security: 630c8c08-880f-11e2-807f-d43d7e0c7c02 |
1.1_1
08 Mar 2013 09:06:27
|
rene |
Document a vulnerability in chromium < 25.0.1364.160
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
1.1_1
06 Mar 2013 15:57:00
|
culot |
- Document vulnerabilities in typo3.
Security: b9a347ac-8671-11e2-b73c-0019d18c446a
Obtained from:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/ |
1.1_1
06 Mar 2013 00:19:09
|
rene |
Document vulnerabilities in www/chromium < 25.0.1364.152
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
1.1_1
03 Mar 2013 20:17:59
|
zi |
- Document recent vulerability in security/stunnel (CVE-2013-1762)
Security: c97219b6-843d-11e2-b131-000c299b62e1 |
1.1_1
02 Mar 2013 20:07:42
|
ohauer |
- document apache22 issues
- tim trailing tabs |
1.1_1
01 Mar 2013 02:08:31
|
wxs |
Document two sudo problems. |
1.1_1
28 Feb 2013 01:46:41
|
swills |
- Update to 0.9.14 to fix CVE-2013-1756
Security: aa7764af-0b5e-4ddc-bc65-38ad697a484f |
1.1_1
27 Feb 2013 13:40:47
|
eadler |
Update to 11.2r202.273
Security: http://www.vuxml.org/freebsd/dbdac023-80e1-11e2-9a29-001060e06fd4.html |
1.1_1
26 Feb 2013 17:27:07
|
sunpoet |
- Update affected ettercap versions: CVE-2012-0722 was fixed in
0.7.5.2-Assimilation |
1.1_1
26 Feb 2013 01:38:58
|
bdrewery |
- Document 3 OTRS vulnerabilities from 2012
- CVE-2012-4751
- CVE-2012-4600
- CVE-2012-2582 |
1.1_1
24 Feb 2013 18:21:03
|
swills |
- Document Ruby REXML DoS |
1.1_1
24 Feb 2013 17:51:49
|
swills |
- Document rubygem-ruby_parser issue |
1.1_1
24 Feb 2013 14:23:46
|
pclin |
- Document Django 2013-02-21 vulnerabilty
Approved by: araujo (mentor) |
1.1_1
22 Feb 2013 23:49:45
|
rene |
Document vulnerabilities in www/chromium < 25.0.1364.97
Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates |
1.1_1
22 Feb 2013 20:28:22
|
cy |
Document security/krb5 1.11 and prior null pointer dereference in the
KDC PKINIT code [CVE-2013-1415].
Security: CVE-2013-1415 |
1.1_1
22 Feb 2013 08:07:27
|
remko (src,doc committer) |
Convert the ! back into a 1.
Noticed by: crees |
1.1_1
21 Feb 2013 21:38:16
|
remko (src,doc committer) |
Add the latest two FreeBSD Security Advisories. |
1.1_1
21 Feb 2013 07:11:50
|
flo |
Document drupal7 Denial of service |
1.1_1
20 Feb 2013 13:58:20
|
rm |
- add an entry for net/nss-pam-ldapd stack-based buffer overflow
According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11,
but since we never had this version in the ports tree, mark everything
< 0.8.12 as vulnerable.
PR: 176293
Submitted by: pluknet |
1.1_1
20 Feb 2013 07:16:31
|
flo |
Fix up the latest gecko update by:
- reapplying the workaround for svn:eol-style and svn:keywords
- fixing version matching in vuln.xml, 17.0.3 is NOT vulnerable |
1.1_1
20 Feb 2013 06:16:01
|
ohauer |
- update bugzilla ports to latest version
Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0
branch and the 3.6 branch, respectively. 4.0.10 contains several
useful bug fixes and 3.6.13 contains only security fixes.
Security: CVE-2013-0785
CVE-2013-0786 |
1.1_1
19 Feb 2013 23:53:08
|
flo |
- update firefox to 19.0
- update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3
- update linux-seamonkey to 2.16
- update nspr to 4.9.5
- update nss to 3.14.3
- add DuckDuckGo search plugin to firefox [1]
- mark kompozer deprecated
- clang fixes for www/libxul19 [2]
Security: http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html
Submitted by: DuckDuckGo [1], dim [2]
In collaboration with: Jan Beich <jbeich@tormail.org> |
1.1_1
19 Feb 2013 00:19:14
|
zi |
- Fix version range for recent ruby vulnerabilities
(d3e96508-056b-4259-88ad-50dc8d1978a6 and c79eb109-a754-45d7-b552-a42099eb2265)
due to missing port epoch in package range
Submitted by: Matthias Andree <mandree@FreeBSD.org> |
1.1_1
17 Feb 2013 19:58:29
|
eadler |
Combine ranges into one entry to prevent false positives |
1.1_1
17 Feb 2013 16:47:06
|
swills |
- Document rubygem-rack issue |
1.1_1
17 Feb 2013 16:33:19
|
swills |
- Document activemodel issue |
1.1_1
17 Feb 2013 10:28:54
|
lwhsu |
Document Jenkins Security Advisory 2013-02-16 |
1.1_1
16 Feb 2013 17:03:28
|
rm |
- add entry for dns/poweradmin
PR: 175704
Submitted by: Edmondas Girkantas <eg@fbsd.lt> (maintainer of dns/poweradmin) |
1.1_1
16 Feb 2013 14:41:44
|
swills |
- Document ruby json issue |
1.1_1
16 Feb 2013 04:29:14
|
swills |
- Document vulnerability in rdoc |
1.1_1
08 Feb 2013 19:18:41
|
eadler |
Update flash to the latest version
PR: ports/175159
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1
08 Feb 2013 08:44:15
|
miwi |
- Fix whitespaces |
1.1_1
07 Feb 2013 02:10:29
|
eadler |
Fix vuxml build |
1.1_1
06 Feb 2013 20:06:18
|
dinoex |
- report openssl vulnerabilities |
1.1_1
01 Feb 2013 22:42:55
|
flo |
- update databases/mariadb-server to 5.3.12 [1]
- update databases/mariadb55-server 5.5.29 [2]
PR: ports/175764 [1]
PR: ports/175767 [2]
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer) [1]
Submitted by: Alexandr Kovalenko <never@nevermind.kiev.ua> (maintainer) [2]
Security: 8c773d7f-6cbb-11e2-b242-c8600054b392 |
1.1_1
01 Feb 2013 08:50:40
|
dinoex |
- report opera 12.12 vulnerabilities |
1.1_1
30 Jan 2013 18:34:03
|
pawel |
Document devel/upnp vulnerabilities |
1.1_1
29 Jan 2013 20:02:38
|
delphij |
Document wordpress multiple vulnerabilities. |
1.1_1
25 Jan 2013 09:37:56
|
cs |
Fix last entry: version 2.3.4 is also affected |
1.1_1
25 Jan 2013 02:08:57
|
wxs |
Fix whitespace in previous commit. |
1.1_1
25 Jan 2013 01:26:37
|
cs |
XSS vulnerability in py-django-cms |
1.1_1
23 Jan 2013 12:52:49
|
rene |
Document vulnerabilities in www/chromium < 24.0.1312.56
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1
20 Jan 2013 20:58:13
|
flo |
- update www/drupal6 to 6.28
- update www/drupal7 to 7.19
Security: http://www.vuxml.org/freebsd/1827f213-633e-11e2-8d93-c8600054b392.html
Approved by: portmgr (beat) |
1.1_1
16 Jan 2013 19:16:10
|
rea |
VuXML: add newly-allocated CVE for SQUID-2012:1
New CVE was allocated for the underfixed DoS and added possible
infinite loop in Squid 3.2 and 3.1. |
1.1_1
16 Jan 2013 19:13:32
|
rea |
VuXML: document buffer overflow in ettercap (CVE-2013-0722)
Reviewed by: simon@ |
1.1_1
16 Jan 2013 19:11:43
|
rea |
VuXML: document recent security manager bypass in Java 7.x
Reviewed by: glewis@, simon@ |
1.1_1
16 Jan 2013 07:39:28
|
delphij |
Properly limit the match for PHP 5.3.x and 5.2.x versions.
Noticed by: remko |
1.1_1
15 Jan 2013 22:06:19
|
delphij |
Apply version ranges of php53 and php52 to php5 as well. |
1.1_1
11 Jan 2013 14:11:28
|
zi |
- Fix discovery date on nagios vulnerability (CVE-2012-6096) |
1.1_1
11 Jan 2013 09:53:42
|
rea |
www/squid3x: upgrade to 3.1.23 and 3.2.6
Squid 3.1.23 is effectively Squid 3.1.22_2 with the final fix for
CVE-2012-5643 applied.
Squid 3.2.6 also received that abovementioned fix, but in comparison
with 3.2.5 from ports it has another change that fixes handling the
"tcp_outgoing_tos" directive for BSD-like systems, including FreeBSD,
http://bugs.squid-cache.org/show_bug.cgi?id=3731
VuXML entry for SQUID:2012-1 (aka CVE-2012-5643) was also updated to
reflect the proper version specifications from the updated advisory,
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Approved by: Thomas-Martin Seck <tmseck@web.de>
Security: http://portaudit.freebsd.org/c37de843-488e-11e2-a5c9-0019996bc1f7.html
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid31/3.1.23
QA page: http://codelabs.ru/fbsd/ports/qa/www/squid32/3.2.6 |
1.1_1
11 Jan 2013 01:16:14
|
zi |
- Document vulnerability in net-mgmt/nagios (CVE-2012-6096) |
1.1_1
11 Jan 2013 00:32:48
|
rene |
Document vulnerabilities in www/chromium < 24.0.1312.52
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1
09 Jan 2013 23:28:20
|
flo |
- update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2
- update firefox-esr, thunderbird-esr and libxul to 10.0.12
- update linux-seamonkey to 2.15
Security: http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html |
1.1_1
09 Jan 2013 15:03:02
|
sem |
Fix <topic> style: common dash style, remove softvare versions |
1.1_1
09 Jan 2013 03:53:16
|
swills |
- Update rubygem-rails to 3.2.11
- Update ports require by rubygem-rails
- Add vuxml entry for rails security issues
Security: ca5d3272-59e3-11e2-853b-00262d5ed8ee
Security: b4051b52-58fa-11e2-853b-00262d5ed8ee |
1.1_1
08 Jan 2013 23:46:02
|
zi |
- Properly copy namespace attributes/resolve make validate issues
Reviewed by: simon@, eadler@
Approved by: zi (with ports-secteam hat) |
1.1_1
08 Jan 2013 05:18:15
|
lwhsu |
Document Jenkins 2013-01-04 Security Advisory |
1.1_1
06 Jan 2013 20:37:24
|
rea |
VuXML: extend entry for MoinMoin vulnerabilities fixed in 1.9.6
Use more verbose descriptions from CVE entries and trim citation
from CHANGES to the relevant parts. |
1.1_1
06 Jan 2013 18:14:24
|
lwhsu |
Document Django 2012-12-10 vulnerabilty |
1.1_1
06 Jan 2013 13:24:39
|
rea |
VuXML: fix r309982
Use proper tags for CVE identifiers. I should run 'make validate'
_every_ time before committing.
Pointyhat to: rea |
1.1_1
06 Jan 2013 13:10:10
|
rea |
VuXML for MoinMoin issues: add CVE references |
1.1_1
05 Jan 2013 12:54:28
|
crees |
Freetype 2.4.8 vulnerabilities were already documented.
While here, correct pkgname
Noticed by: kwm |
1.1_1
05 Jan 2013 11:29:01
|
crees |
Mark moinmoin vulnerable
Security: http://www.debian.org/security/2012/dsa-2593
document freetype vulnerabilities
Security: CVE-2012-(1126-1144) |
1.1_1
04 Jan 2013 07:30:10
|
erwin |
Bump copyright to 2013. |
1.1_1
03 Jan 2013 19:46:51
|
flo |
Add correct version numbers to the recent asterisk entry
Pointy hat to: flo |
1.1_1
03 Jan 2013 19:41:31
|
flo |
- update net/asterisk to 1.8.19.1
- update net/asterisk10 to 10.11.1
- update net/asterisk11 to 10.1.2
- add vuln.xml entry
Security: f7c87a8a-55d5-11e2-a255-c8600054b392 |
1.1_1
02 Jan 2013 12:28:47
|
crees |
Note charybdis and ircd-ratbox vulnerabilities
PR: ports/174878
Security: http://www.ratbox.org/ASA-2012-12-31.txt |
1.1_1
30 Dec 2012 23:13:04
|
anders |
Separate entries for Puppet 2.6 and 2.7. |
1.1_1
30 Dec 2012 20:10:42
|
cs |
Add OTRS vulnerabilities |
1.1_1
29 Dec 2012 19:53:47
|
rea |
VuXML entries for Tomcat: split into three distinct ones
They affect different Tomcat versions from 7.x branch, so don't let
users of VuXML be fooled on the affected software for each vulnerability.
Feature safe: yes |
1.1_1
28 Dec 2012 18:17:22
|
rea |
VuXML: add entry for DoS in Squid's cachemgr.cgi
Feature safe: yes
Submitted by: Thomas-Martin Seck <tmseck@web.de> |
1.1_1
18 Dec 2012 16:34:14
|
bdrewery |
Remove invalid entry |
1.1_1
18 Dec 2012 16:28:57
|
dinoex |
- add entry for opera 12.11 |
1.1_1
14 Dec 2012 09:09:16
|
delphij |
Fix typo.
Noticed by: mandree |
1.1_1
14 Dec 2012 03:51:08
|
jgh |
- add url block in references for 1657a3e6-4585-11e2-a396-10bf48230856 |
1.1_1
14 Dec 2012 00:41:42
|
delphij |
Update linux-f10-flashpulgin11 to 11.2r202.258 to address multiple
vulnerabilities that could cause a crash and potentially allow an
attacker to take control of the affected system.
Submitted by: Tsurutani Naoki <turutani scphys kyoto-u ac jp> |
1.1_1
12 Dec 2012 11:33:17
|
rene |
Document vulnerabilities in www/chromium < 23.0.1271.97
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates |
1.1_1
05 Dec 2012 23:52:36
|
zi |
- Fix recent vulnerability entry for www/tomcat[67]
Reported by: Victor Balada Diaz <victor@bsdes.net>
Feature safe: yes |
1.1_1
05 Dec 2012 18:47:24
|
zi |
- Document recent vulnerabilities in www/tomcat6 and www/tomcat7
Requested by: Victor Balada Diaz <victor@bsdes.net>
Feature safe: yes |
1.1_1
05 Dec 2012 07:46:03
|
erwin |
Update to the latest patch level from ISC:
BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
vulnerable to a software defect that allows a crafted query to
crash the server with a REQUIRE assertion failure. Remote
exploitation of this defect can be achieved without extensive
effort, resulting in a denial-of-service (DoS) vector against
affected servers.
Security: 2892a8e2-3d68-11e2-8e01-0800273fe665
CVE-2012-5688
Feature safe: yes |
1.1_1
03 Dec 2012 22:49:43
|
mandree |
Add URL for recent bogofilter heap vuln', CVE-2012-5468, aka. vuln vid=
f524d8e0-3d83-11e2-807a-080027ef73ec
Feature safe: yes |
1.1_1
03 Dec 2012 20:16:21
|
mandree |
Update bogofilter to new upstream release 1.2.3.
Security update to fix a heap corruption bug with invalid base64 input,
reported and fixed by Julius Plenz, FU Berlin, Germany.
Feature safe: yes
Security: CVE-2012-5468
Security: f524d8e0-3d83-11e2-807a-080027ef73ec |
1.1_1
30 Nov 2012 09:13:32
|
rene |
Document vulnerabilities in www/chromium < 23.0.1271.95
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
1.1_1
29 Nov 2012 20:33:20
|
ohauer |
www/yahoo-ui
- fix CVE-2012-5881
security/vuxml
- adjust version (we have only 2.8.2 in the tree)
Feature safe: yes
Approved by: glarkin (maintainer) explicit |
1.1_1
28 Nov 2012 14:37:24
|
wxs |
Fix date in yahoo-ui entry.
Noticed by: dvl@
Feature safe: yes |
1.1_1
27 Nov 2012 20:09:35
|
ohauer |
- document www/yahoo-ui security issue and mark port forbidden [1]
pet portlint (maintainer is already notified)
- adjust CVE entries for bugzilla (CVE-2012-5475 was rejected) [2]
Feature safe: yes
Security: CVE-2012-5881 [1][2]
CVE-2012-5882 [1][2]
CVE-2012-5883 [2]
Approved by: glarkin (implicit) [1] |
1.1_1
27 Nov 2012 10:02:25
|
rene |
Describe new vulnerabilities in www/chromium < 23.0.1271.91
Obtained
from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe: yes |
1.1_1
25 Nov 2012 15:42:23
|
flo |
- Update backports patch to 20121114
- Bump PORTREVISION
Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function
Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len
- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer (Only the first 15 lines of the commit message are shown above  ) |
1.1_1
25 Nov 2012 04:02:29
|
wxs |
Add entries for the following advisories:
FreeBSD-SA-12:08.linux
FreeBSD-SA-12:07.hostapd
FreeBSD-SA-12:06.bind
Feature safe: yes |
1.1_1
22 Nov 2012 20:27:45
|
dinoex |
- opera -- execution of arbitrary code
Feature safe: yes |
1.1_1
21 Nov 2012 14:35:31
|
mm |
Document new vulnerability in www/lighttpd 1.4.31
Feature safe: yes |
1.1_1
20 Nov 2012 23:01:15
|
flo |
- Update firefox and thunderbird to 17.0
- Update seamonkey to 2.14
- Update ESR ports and libxul to 10.0.11
- support more h264 codecs when using GSTREAMER with YouTube
- Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024 [1]
- Buildsystem is not python 3 aware, use python up to 2.7 [2]
PR: ports/173679 [1]
Submitted by: swills [1], demon [2]
In collaboration with: Jan Beich <jbeich@tormail.org>
Security: d23119df-335d-11e2-b64c-c8600054b392
Approved by: portmgr (beat)
Feature safe: yes |
1.1_1
18 Nov 2012 12:51:26
|
jase |
- Fix copy and paste error in latest weechat entry
(81826d12-317a-11e2-9186-406186f3d89d)
Feature safe: yes |
1.1_1
18 Nov 2012 12:46:40
|
jase |
- Document new vulnerability in irc/weechat and irc/weechat-devel
Feature safe: yes |
1.1_1
14 Nov 2012 19:29:42
|
ohauer |
- bugzilla security updates to version(s)
3.6.11, 4.0.8, 4.2.4
Summary
=======
The following security issues have been discovered in Bugzilla:
* Confidential product and component names can be disclosed to
unauthorized users if they are used to control the visibility of
a custom field.
* When calling the 'User.get' WebService method with a 'groups'
argument, it is possible to check if the given group names exist
or not. (Only the first 15 lines of the commit message are shown above ) |
1.1_1
13 Nov 2012 18:17:13
|
jase |
- Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c)
- Document assigned CVE Identifier
- Document workaround for vulnerable versions
Feature safe: yes |
As an Amazon Associate I earn from qualifying purchases.
