| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
07 Feb 2012 04:13:47
  |
wxs  |
Fix up 3fd040be-4f0b-11e1-9e32-0025900931f by giving a better description. |
1.1_1
06 Feb 2012 12:01:22
|
skv |
Document "bugzilla" - multiple vulnerabilities. |
1.1_1
04 Feb 2012 08:40:01
|
delphij |
Document PHP remote code vulnerability. |
1.1_1
03 Feb 2012 06:33:03
|
rm |
Add vuxml entry for mathopd directory traversal vulnerability.
PR: 164717
Submitted by: Michiel Boland <michiel at boland dot org>
Security: 6e7ad1d7-4e27-11e1-8e12-90e6ba8a36a2 |
1.1_1
02 Feb 2012 18:34:24
|
jgh |
- adjust ordering for latest apache entry
Spotted by: remko |
1.1_1
02 Feb 2012 14:02:59
|
wxs |
MITRE is spelled in all capital letters. |
1.1_1
02 Feb 2012 01:32:18
|
jgh |
document latest Apache vulnerabilities
PR: ports/164675
Reviewed by: crees, eadler
Approved by: crees (mentor) |
1.1_1
01 Feb 2012 09:46:07
|
flo |
document recent mozilla vulnerabilities |
1.1_1
31 Jan 2012 13:34:00
|
wxs |
Correct versions for sudo format string vulnerability.
Noticed by: pluknet@ |
1.1_1
30 Jan 2012 16:36:43
|
wxs |
Document sudo format string vulnerability. |
1.1_1
30 Jan 2012 03:03:39
|
wxs |
Document missing FreeBSD Security Advisories:
- SA-11:01.mountd
- SA-11:04.compress
- SA-11:09.pam_ssh
- SA-11:10.pam
Modify existing entries to document (add/adjust modified tag for all):
- SA-11:06.bind
- Add FreeBSD package and freebsdsa
- SA-11:07.chroot
- Add FreeBSD package
- SA-11:08.telnetd
- Add FreeBSD package, freebsdsa and a relevant URL |
1.1_1
29 Jan 2012 23:39:42
|
zi |
- Adjust formatting for 93688f8f-4935-11e1-89b4-001ec9578670 |
1.1_1
28 Jan 2012 13:30:39
|
zi |
- Document vulnerabilities in mail/postfixadmin (CVE-2012-0811, CVE-2012-0812) |
1.1_1
28 Jan 2012 08:01:53
|
miwi |
- Cleanup & Formating |
1.1_1
26 Jan 2012 12:32:02
|
zi |
- Document vulnerability in converters/mpack |
1.1_1
26 Jan 2012 12:17:57
|
zi |
- Document vulnerabilities in print/acroread9 (prior to 9.4.7) |
1.1_1
24 Jan 2012 11:02:34
|
rene |
- update entry fixed in chromium-16.0.912.75 (CVE-2011-3925)
- add entry for vulnerabilities fixed in chromium-16.0.912.77
Security: CVE-2011-[3924-3928] |
1.1_1
24 Jan 2012 04:18:07
|
wxs |
Fix build while chanting "I will run make validate". :(
Pointyhat to: wxs@ |
1.1_1
24 Jan 2012 04:01:02
|
wxs |
Add CVE for recent spamdyke buffer overflows. |
1.1_1
23 Jan 2012 22:02:32
|
wxs |
Document multiple vulnerabilities in wireshark, all of which have
already been fixed in our port. |
1.1_1
23 Jan 2012 21:26:01
|
wxs |
Whitespace cleanup. |
1.1_1
23 Jan 2012 21:25:21
|
wxs |
- Document buffer overflows in spamdyke. |
1.1_1
23 Jan 2012 14:08:34
|
wxs |
Fixup to please "make tidy". No need to wrap this line. |
1.1_1
23 Jan 2012 13:52:39
|
wxs |
- Add CVE for spamdyke STARTTLS plaintext injection. |
1.1_1
22 Jan 2012 14:59:21
|
sunpoet |
- Fix affected rubygem-rack version: add ,3 as PORTEPOCH=3 is restored |
1.1_1
22 Jan 2012 02:49:22
|
zi |
- Correct package range in 5c5f19ce-43af-11e1-89b4-001ec9578670
- Add databases/redis to the affected list for
91be81e7-3fea-11e1-afc7-2c4138874f7d |
1.1_1
21 Jan 2012 01:38:36
|
zi |
- Fix formatting/topic in 91be81e7-3fea-11e1-afc7-2c4138874f7d
Reviewed by: wxs |
1.1_1
20 Jan 2012 21:43:40
|
zi |
- Document security vulnerability in security/openssl (CVE-2012-0050) |
1.1_1
20 Jan 2012 19:24:00
|
jgh |
fix uuid on latest tomcat vulnerability
Approved by: crees, rene (implicit) |
1.1_1
20 Jan 2012 18:41:16
|
delphij |
- Fix modified date;
- Add more ruby variants. |
1.1_1
20 Jan 2012 18:28:10
|
delphij |
Update 91be81e7-3fea-11e1-afc7-2c4138874f7d to cover ruby+no-pthreads as
well.
Spotted by: Kevin Oberman <kob6558 gmail.com> |
1.1_1
20 Jan 2012 00:14:42
|
flo |
- document asterisk remote crash vulnerability |
1.1_1
19 Jan 2012 19:51:53
|
jgh |
Document recent vulnerability of Apache Tomcat Server.
Approved by: rene (mentor) |
1.1_1
19 Jan 2012 18:33:42
|
delphij |
Sigh, should have used <lt> instead of <gt>.
Pointy hat to: delphij |
1.1_1
19 Jan 2012 18:27:36
|
delphij |
php52-exif no longer vulnerable to CVE-2011-4566 as of 5.2.17_6 |
1.1_1
19 Jan 2012 09:16:00
|
knu |
Fix the version range for ruby. The stock version is affected. |
1.1_1
19 Jan 2012 09:13:30
|
knu |
There was no patch release in rubygem-rack 1.3.5_*, so just say < 1.3.6. |
1.1_1
19 Jan 2012 07:32:11
|
sunpoet |
- Fix affected rubygem-rack version: it should be _3 for PORTREVISION=3 |
1.1_1
17 Jan 2012 09:53:13
|
danfe |
Fix CVE URL in recent OpenTTD entry. |
1.1_1
17 Jan 2012 08:36:56
|
danfe |
Unexpand (convert leading spaces to tabs when possible). |
1.1_1
17 Jan 2012 08:31:38
|
danfe |
Document recent vulnerability of OpenTTD game server.
Reported by: Ilya Arkhipov |
1.1_1
16 Jan 2012 09:57:28
|
knu |
PHP5 had its own entry for this vulnerability, so remove this.
Pointed out by: ohauer |
1.1_1
16 Jan 2012 03:23:44
|
knu |
Add node < 0.6.7 (for V8). |
1.1_1
16 Jan 2012 03:20:39
|
knu |
Add v8 < 3.8.5 (CVE-2011-5037). |
1.1_1
16 Jan 2012 03:16:01
|
knu |
Add PHP < 5.3.9 (CVE-2011-4885). |
1.1_1
16 Jan 2012 03:03:49
|
knu |
Add Multiple implementations denial-of-service via hash algorithm collision.
Currently only JRuby, Ruby, and Rack are mentioned. More to follow. |
1.1_1
14 Jan 2012 10:01:38
|
mm |
Add missing URL reference to last commit |
1.1_1
14 Jan 2012 09:46:31
|
mm |
Add relevant FFmpeg vulnerabilities from Ubuntu USN-1320-1 |
1.1_1
14 Jan 2012 04:36:22
|
miwi |
- clean up |
1.1_1
14 Jan 2012 02:47:41
|
zi |
- Document vulnerabilities in security/openssl
-- CVE-2011-4108, CVE-2011-4109, CVE-2011-4576
-- CVE-2011-4577, CVE-2011-4619, CVE-2012-0027 |
1.1_1
13 Jan 2012 12:10:37
|
zi |
- Document vulnerability in net/isc-dhcp42-server (CVE-2011-4868) |
1.1_1
12 Jan 2012 21:56:20
|
delphij |
Document PowerDNS DoS vulnerability.
PR: ports/164066
Submitted by: Ralf van der Enden <tremere cainites.net> |
1.1_1
11 Jan 2012 18:32:21
|
delphij |
Document PHP multiple vulnerabilities. |
1.1_1
09 Jan 2012 18:13:37
|
rene |
Document a untrusted local library exploit in games/torcs.
Security: CVE-2010-3384 |
1.1_1
09 Jan 2012 02:26:53
|
wxs |
Document spamdyke STARTTLS plaintext injection vulnerability. |
1.1_1
07 Jan 2012 23:44:17
|
simon |
Remove HTML entity from a VuXML entry as they are not allowed in
VuXML, only Unicode charecter entities are allowed.
This should fix the portaudit build.
If anyone care enough to insert the correct umlaut, feel free to fix. |
1.1_1
06 Jan 2012 18:35:42
|
rene |
Add new vulnerabilities for www/chromium.
Security: CVE-2011-[3919,3921-3922] |
1.1_1
05 Jan 2012 18:52:28
|
delphij |
Fix build. |
1.1_1
05 Jan 2012 17:29:25
|
ohauer |
- document bugzilla and bugzilla3 security issues |
1.1_1
03 Jan 2012 23:50:36
|
delphij |
Document wordpress xss vulnerability.
Feature safe: yes |
1.1_1
30 Dec 2011 01:05:34
|
cy |
Add additional MITKRB5 reference.
Security: MITKRB5-SA-2011-008
Feature safe: yes |
1.1_1
29 Dec 2011 14:26:25
|
remko |
Fix build by adding a reference to the original URL. |
1.1_1
29 Dec 2011 13:04:24
|
crees |
Document XSS vulnerability in net-mgmt/zabbix-frontend
PR: ports/163691
Obtained from: https://support.zabbix.com/browse/ZBX-4015
Security: ZBX-4015 |
1.1_1
28 Dec 2011 12:24:32
|
mm |
Document remote DoS vulnerability in lighttpd HTTP authentication
Security: CVS-2011-4362 |
1.1_1
27 Dec 2011 04:00:15
|
eadler |
- Fix most of the duplicate words in vuxml, a few affect 'blockquotes' but that
should be okay as no information is lost. |
1.1_1
26 Dec 2011 23:23:29
|
wxs |
Don't wrap a couple of lines. No other entries wrap these lines, so when
in Rome... |
1.1_1
26 Dec 2011 23:00:58
|
wxs |
Whitespace cleanup in a BIND topic. |
1.1_1
26 Dec 2011 22:42:26
|
wxs |
Fix the build. Missing a quote on the blockquote citation and a missing </p>. |
1.1_1
26 Dec 2011 21:51:03
|
cy |
Document CVE-2011-4862 (FreeBSD-SA-11:08.telnetd) as it affects krb5-appl too.
Security: CVE-2011-4862, FreeBSD-SA-11:08.telnetd
Feature safe: yes |
1.1_1
23 Dec 2011 20:37:32
|
delphij |
Add vuxml entry for proftpd chroot vulnerability.
Feature safe: yes |
1.1_1
22 Dec 2011 12:11:17
|
zi |
- Document recent vulnerabilities in databases/phpmyadmin (PMASA-2011-19 and
PMASA-2011-20) |
1.1_1
21 Dec 2011 12:40:43
|
beat |
- Also fix SeaMonkey version range |
1.1_1
21 Dec 2011 11:28:37
|
beat |
- Fix cvename in latest mozilla vulnerability |
1.1_1
21 Dec 2011 07:48:50
|
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1
19 Dec 2011 13:15:50
|
sem |
unbound DoS vulnerability |
1.1_1
18 Dec 2011 14:24:38
|
miwi |
- Cleanup
* correct line limit
* sort cvename |
1.1_1
18 Dec 2011 13:30:50
|
zi |
- Correct package name in previous commit
Reported by: crees@ |
1.1_1
18 Dec 2011 13:07:02
|
zi |
- Document vulnerabilities in www/typo3 and www/typo345 |
1.1_1
14 Dec 2011 04:07:06
|
zi |
- Document security/krb5 vulnerability as described in MITKRB5-SA-2011-007 |
1.1_1
14 Dec 2011 03:52:28
|
zi |
- Add CVE for recent asterisk vulnerabilities
Feature safe: yes |
1.1_1
13 Dec 2011 20:35:32
|
delphij |
Document Opera multiple vulnerabilities.
Requested by: tabthorpe
Feature safe: yes |
1.1_1
13 Dec 2011 20:17:29
|
rene |
Document vulnerabilities fixed in Chromium 16.0.912.63
Security: CVE-2011-[3903-3917] |
1.1_1
13 Dec 2011 17:45:46
|
mandree |
Add cvename tag with content CVE-2011-4607 for PuTTY password 'vulnerability'.
Feature safe: yes
Submitted by: eadler |
1.1_1
13 Dec 2011 17:34:52
|
zi |
- Correct package name for asterisk18
Feature safe: yes |
1.1_1
12 Dec 2011 19:57:18
|
mandree |
Update PuTTY to new upstream security and bug fix release 0.62,
and add a new VuXML entry.
Changelog:
http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html
Security: bbd5f486-24f1-11e1-95bc-080027ef73ec
Feature safe: yes |
1.1_1
09 Dec 2011 01:52:43
|
zi |
- Document asterisk vulnerabilities
Feature safe: yes |
1.1_1
07 Dec 2011 23:49:09
|
zi |
- Document vulnerabilities in isc-dhcp: CVE-2011-4539
Feature safe: yes |
1.1_1
01 Dec 2011 21:03:31
|
dougb |
Update to version 3.4.8
This is the formal release of the fix to CVE-2011-4634, but there are
no code differences from the preliminary fixes released in 3.4.8-rc1
except for the updated version number.
PMSA-2011-18 has now been published; vuxml entry attached.
PR: ports/163001
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Feature safe: yes |
1.1_1
30 Nov 2011 09:31:36
|
pav |
- Add a link to a nice documentation in PH
Suggested by: dougb
Feature safe: yes |
1.1_1
30 Nov 2011 08:45:12
|
pav |
- Add a quick guide to adding a new entry to this unfriendly file
Feature safe: yes |
1.1_1
19 Nov 2011 15:13:49
|
dinoex |
- mark 1.3.41+2.8.31_4 as not vulnerable
Feature safe: yes |
1.1_1
18 Nov 2011 22:38:17
|
cs |
hiawatha -- memory leak in PreventSQLi routine
Approved by: glarkin@ (mentor)
Feature safe: yes |
1.1_1
18 Nov 2011 20:20:27
|
delphij |
Bump modified date for previous commit.
Feature safe: yes |
1.1_1
18 Nov 2011 20:13:50
|
dougb |
The long-term URL for the latest BIND vulnerability is up at ISC,
so adjust accordingly.
Feature safe: yes |
1.1_1
17 Nov 2011 10:08:18
|
rene |
Mark chromium-15.0.874.120 vulnerable.
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security: CVE-2011-3900
Feature safe: yes |
1.1_1
16 Nov 2011 23:59:35
|
dougb |
Add an entry for the BIND DOS vulnerability announced today
Feature safe: yes |
1.1_1
14 Nov 2011 23:27:03
|
ohauer |
- document apache13 CVE-2011-3368
Feature safe: yes |
1.1_1
14 Nov 2011 03:25:46
|
miwi |
- Fix previous entry
Feature safe: yes |
1.1_1
14 Nov 2011 03:14:11
|
rakuco |
Add note about CVE-2011-2725 for ark in kdeutils4.
Approved by: avilla (mentor, implicit)
Feature safe: yes |
1.1_1
13 Nov 2011 22:28:09
|
ohauer |
- document apache apr-0.9 reimplementation of apr_fnmatch()
Feature safe: yes |
As an Amazon Associate I earn from qualifying purchases.
