| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
28 Jun 2011 00:57:09
  |
wxs  |
Add modified tag to 8a5770b4-54b5-11db-a5ae-00508d6a62df.
Noticed by: sahil@ |
1.1_1
27 Jun 2011 14:39:37
|
wxs |
Now that www/mambo is updated, fix the range in
8a5770b4-54b5-11db-a5ae-00508d6a62df. |
1.1_1
25 Jun 2011 22:48:01
|
flo |
document recent asterisk vulnerabilities |
1.1_1
24 Jun 2011 13:46:51
|
ashish |
- Document ejabberd vulnerability fixed in 2.1.8
PR: ports/158137
Submitted by: Ruslan Mahamatkhanov <cvs-src@yandex.ru>
Security:
http://vuxml.org/freebsd/01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6.html |
1.1_1
23 Jun 2011 12:36:04
|
flo |
- also mark firefox35 vulnerable |
1.1_1
21 Jun 2011 20:26:57
|
flo |
- document recent mozilla vulnerabilities [1]
- while here also document an older samba Denial of service vulnerability [2]
Security:
http://www.vuxml.org/freebsd/dfe40cff-9c3f-11e0-9bec-6c626dd55a41.html [1]
http://www.vuxml.org/freebsd/bfdbc7ec-9c3f-11e0-9bec-6c626dd55a41.html [2]
Requested by: timur [2] |
1.1_1
21 Jun 2011 17:50:00
|
culot |
Document piwik remote command execution vulnerability. |
1.1_1
20 Jun 2011 22:59:44
|
delphij |
Document dokuwiki XSS vulnerability. |
1.1_1
15 Jun 2011 19:53:02
|
nox |
Update linux-f10-flashplugin to 10.3r181.26 .
PR: ports/157900
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/55a528e8-9787-11e0-b24a-001b2134ef46.html |
1.1_1
15 Jun 2011 12:43:37
|
brix |
- Document CVE-2011-1408 in www/ikiwiki |
1.1_1
12 Jun 2011 05:15:32
|
miwi |
- Cleanup |
1.1_1
08 Jun 2011 20:49:57
|
nox |
Update to 10.3r181.22 .
PR: ports/157696
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/57573136-920e-11e0-bdc9-001b2134ef46.html |
1.1_1
07 Jun 2011 17:30:30
|
rene |
Document www/chromium vulnerabilities fixed in version 12.0.742.91
Security: CVE-2011-{1808-1819,2332,2342} |
1.1_1
07 Jun 2011 00:24:35
|
wxs |
- Document CVE-2011-1910
PR: ports/157548
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
1.1_1
06 Jun 2011 12:45:20
|
mandree |
Add CVE-2011-1947: fetchmail STARTTLS denial of service. |
1.1_1
03 Jun 2011 03:36:15
|
miwi |
- Cleanup |
1.1_1
02 Jun 2011 20:39:54
|
flo |
- document asterisk remote crash vulnerability
Security:
http://www.vuxml.org/freebsd/34ce5817-8d56-11e0-b5a2-6c626dd55a41.html |
1.1_1
02 Jun 2011 14:19:28
|
lev |
Document CVE-2011-1752, CVE-2011-1783 and CVE-2011-1921 in devel/subversion |
1.1_1
26 May 2011 13:54:08
|
wxs |
Document drupal6 multiple vulnerabilities.
Submitted by: Nick Hilliard <nick@foobar.org> |
1.1_1
25 May 2011 21:14:43
|
olgeni |
Document Erlang R14B02 ssh library vulnerability (cryptographically
weak RNG).
Security: CVE-2011-0766 |
1.1_1
25 May 2011 16:38:56
|
rene |
Document latest www/chromium vulnerabilities.
Security: CVE-2011-1801, -1804, -1806, -1807 |
1.1_1
25 May 2011 10:58:15
|
miwi |
- Cleanup Part 1
PS: wonder when pplz start to ask ports-security for review ... |
1.1_1
25 May 2011 09:44:01
|
sem |
- Document the last unbound vulnerability |
1.1_1
24 May 2011 23:51:21
|
ohauer |
- revert last change of apr-* entry
Broken build reported by wxs@ |
1.1_1
24 May 2011 22:59:52
|
ohauer |
- use apr-* and add <gt></gt> entries for all apr0/apr1 issues
(<gt> .. is needed else the parser cannot make a difference
between apr0 and apr1)
- lowercase ViewVC -> viewvc
Thanks Jun Kuriyama ( kuriyama@ ) for the notice and the patch
for the apr entries. |
1.1_1
24 May 2011 16:05:58
|
brooks |
Update the mod_pubcookie entry with an ap20 prefix. The port has alwasy
has USE_APACHE=2.0 in it so we can avoid enumarating all values of
APACHE_PKGNAMEPREFIX.
Pointy hat: brooks |
1.1_1
24 May 2011 06:19:13
|
simon |
Unbreak VuXML web build by changing "ap*-" to "ap-" in package name for
1ca8228f-858d-11e0-a76c-000743057ca2 / mod_pubcookie -- Empty
Authentication Security Advisory.
While the new one is likely not correct, this fixes the build until
somebody can put in the right thing. |
1.1_1
24 May 2011 05:55:10
|
delphij |
Fix build. |
1.1_1
23 May 2011 23:04:41
|
brooks |
Partially address several years of neglect of pubcookie. Indicate the
security issues in two two ports.
I've not use pubcookie in several year and given the lack of complaint
about the deprication of mod_pubcookie, I doubt anyone else uses it from
ports. The mod_pubcookie port has already expired and I've set a two
week expriation for pubcookie-login-server. If not maintainer
appears I will send both to the Attic on June 6th.
While I'm here, address the use of CONF_FILES and CONF_DIRS in
pubcookie-login-server to avoid getting in the way of progress. [0]
PR: ports/157164 [0]
Security: vuxml:115a1389-858e-11e0-a76c-000743057ca2
vuxml:1ca8228f-858d-11e0-a76c-000743057ca2 |
1.1_1
23 May 2011 22:22:44
|
ohauer |
- add entry for ViewVC < 1.1.11
- add entry for apr1 (CVE-2011-1928)
- correct version in previous apr1 entry
- run tidy |
1.1_1
23 May 2011 21:17:51
|
nox |
Update to 10.3r181.14 .
PR: ports/156996
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/d226626c-857f-11e0-95cc-001b2134ef46.html |
1.1_1
23 May 2011 10:58:03
|
mandree |
Document Opera Frameset unload code injection vulnerability. |
1.1_1
23 May 2011 09:58:16
|
delphij |
Document pure-ftpd multiple vulnerabilities prior to 1.0.32. |
1.1_1
14 May 2011 17:48:33
|
rea |
mail/exim: document CVE-2011-1764 and CVE-2011-1407
Both vulnerabilities are in the DKIM code and were fixed in 4.76.
Approved-by: erwin (mentor)
Feature-safe: yes |
1.1_1
13 May 2011 23:33:17
|
ohauer |
- document Apache APR DoS vulnerabilities |
1.1_1
13 May 2011 15:06:00
|
glarkin |
- Document www/zend-framework (potential SQL injection when using PDO_MySQL)
Security: http://framework.zend.com/security/advisory/ZF2011-02 |
1.1_1
12 May 2011 23:46:14
|
wxs |
Document mediawiki multiple vulnerabilities.
PR: ports/156914
Submitted by: Ryan Steinmetz <rpsfa@rit.edu> |
1.1_1
12 May 2011 20:13:50
|
rene |
Document CVE-2011-1799 and CVE-2011-1800 for www/chromium |
1.1_1
12 May 2011 18:09:28
|
wxs |
Incorporate changes recommended by the tidy target. While here, properly
label dc9f8335-2b3b-11e0-a91b-00e0815b8da8. |
1.1_1
09 May 2011 13:11:11
|
sahil |
Document CVE-2011-1720: Postfix memory corruption error. |
1.1_1
30 Apr 2011 09:25:16
|
rene |
Document www/chromium vulnerabilities fixed in version 11.0.696.57
Security: CVE-2011-[1303-1305, 1434-1452, 1454-1456] |
1.1_1
29 Apr 2011 06:26:34
|
flo |
Document mozilla -- multiple vulnerabilities |
1.1_1
21 Apr 2011 22:41:45
|
flo |
- document recent asterisk vulnerabilities
- fix topic in RT entry |
1.1_1
17 Apr 2011 20:31:01
|
jsa |
Document VideoLAN-SA-1103. Heap corruption in MP4 demultiplexer in VLC. |
1.1_1
17 Apr 2011 18:32:15
|
nox |
Update to 10.2r159.1 .
Security:
http://www.freebsd.org/ports/portaudit/32b05547-6913-11e0-bdc4-001b2134ef46.html |
1.1_1
17 Apr 2011 10:59:05
|
flo |
Document multiple vulnerabilities in RT www/rt36 and www/rt38 |
1.1_1
14 Apr 2011 22:14:58
|
rene |
Document www/chromium vulnerabilities
Security: CVE-2011-1301, CVE-2011-1302 |
1.1_1
14 Apr 2011 21:08:30
|
simon |
Unbreak file format:
- Place <vuxml> tag at the start of the file.
- Close topic tags.
Pointy hat to: cy |
1.1_1
14 Apr 2011 19:51:41
|
cy |
Add the following for security/krb5:
MITKRB5-SA-2011-001 - kpropd denial of service
MITKRB5-SA-2011-002 - KDC denial of service attacks
MITKRB5-SA-2011-003 - KDC vulnerable to double-free when PKINIT enabled
MITKRB5-SA-2011-004 - kadmind invalid pointer free() |
1.1_1
14 Apr 2011 07:43:06
|
kwm |
Document a root exploit via rogue hostname in xrdb. |
1.1_1
13 Apr 2011 11:01:09
|
bapt |
Limit affected mupdf version to <0.8
Submitted by: tobez@ (irc) |
1.1_1
12 Apr 2011 17:52:28
|
skv |
Document "otrs" - several XSS attacks possible. |
1.1_1
12 Apr 2011 15:36:44
|
erwin |
Fix typo
Submitted by: Dan Langille <dan@langille.org> |
1.1_1
10 Apr 2011 21:39:37
|
wxs |
Document isc-dhcp41-client and isc-dhcp31-client vulnerabilities.
PR: ports/156246
Submitted by: Douglas Thrift <douglas@douglasthrift.net> |
1.1_1
09 Apr 2011 01:41:36
|
wxs |
Add CVE entry for recent tinyproxy vulnerability. |
1.1_1
08 Apr 2011 07:39:58
|
pav |
- tinyproxy |
1.1_1
01 Apr 2011 18:03:50
|
sem |
Document two quagga DoS vulnerabilities |
1.1_1
29 Mar 2011 13:50:13
|
kwm |
Add a missing </p>.
Pointed out by: jadawin@ |
1.1_1
29 Mar 2011 13:38:24
|
kwm |
Document gdm privilege escalation vulnerability |
1.1_1
26 Mar 2011 20:13:47
|
rene |
Document vulnerabilities before Chromium 10.0.648.204
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
1.1_1
25 Mar 2011 11:09:07
|
ale |
Add entries for php5-exif and php5-zip before 5.3.6 release.
PR: ports/155922
Submitted by: Chris Tandiono <christandiono@tbp.berkeley.edu> |
1.1_1
24 Mar 2011 18:40:35
|
nox |
Update to 10.2r153.
Security:
http://www.freebsd.org/ports/portaudit/501ee07a-5640-11e0-985a-001b2134ef46.html
PR: ports/155874
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> |
1.1_1
24 Mar 2011 00:56:30
|
beat |
- Document mozilla -- update to HTTPS certificate blacklist |
1.1_1
19 Mar 2011 06:10:04
|
sahil |
Document CVE-2011-0411: Postfix "STARTTLS" Plaintext
Injection Vulnerability.
Reviewed by: miwi (secteam) |
1.1_1
17 Mar 2011 17:42:19
|
glarkin |
- Documented integer overflow in hiawatha web server
Submitted by: C-S <c-s@c-s.li> |
1.1_1
17 Mar 2011 00:03:10
|
delphij |
Document asterisk multiple vulnerabilities. |
1.1_1
14 Mar 2011 18:34:08
|
rene |
Mark chromium-9.0.597.107 and chromium-10.0.648.127 as vulnerable. |
1.1_1
14 Mar 2011 16:46:27
|
miwi |
- Cleanup a bit |
1.1_1
14 Mar 2011 16:25:12
|
miwi |
- Add correct infos to the avahi issus
- Add url to original advisory |
1.1_1
14 Mar 2011 16:14:06
|
kwm |
Fix date in avahi entry. |
1.1_1
14 Mar 2011 16:04:07
|
kwm |
Add avahi denial of services attack. |
1.1_1
10 Mar 2011 15:01:11
|
wxs |
Fix discovery for mailman XSS vulnerabilities.
Noticed by: erwin@
Pointyhat to: wxs@ |
1.1_1
10 Mar 2011 14:31:36
|
wxs |
Document mail/mailman XSS vulnerabilities. |
1.1_1
07 Mar 2011 21:31:26
|
decke |
- Document redmine -- XSS vulnerability |
1.1_1
05 Mar 2011 12:21:44
|
lev |
Document subversion -- remote HTTP DoS vulnerability
Obtained from http://subversion.apache.org/security/CVE-2011-0715-advisory.txt |
1.1_1
01 Mar 2011 23:05:08
|
beat |
- Document mozilla -- multiple vulnerabilities |
1.1_1
01 Mar 2011 18:15:40
|
rene |
Document Chromium versions 9.0.597.[84,94,107]
Obtained from:
http://googlechromereleases.blogspot.com/search/label/Stable%20updates |
1.1_1
25 Feb 2011 18:39:16
|
delphij |
Add two OpenLDAP security by-pass vulnerabilities. |
1.1_1
25 Feb 2011 14:01:15
|
mandree |
Fix broken linux-sun-jdk vulndb entries.
VuXML: 18e5428f-ae7c-11d9-837d-000e0c2e438a
VuXML: c93e4d41-75c5-11dc-b903-0016179b2dd5
PR: ports/154918 |
1.1_1
23 Feb 2011 14:43:41
|
miwi |
- Cleanup previous entry |
1.1_1
22 Feb 2011 21:30:19
|
flo |
- add asterisk -- Exploitable Stack and Heap Array Overflows |
1.1_1
20 Feb 2011 05:04:28
|
delphij |
Document PivotX administrator password reset vulnerability. |
1.1_1
15 Feb 2011 08:18:21
|
miwi |
- Update lastest tomcat entry (tomcat6/7 have the same problem)
Note: Please ask for review at ports-security@ THX! |
1.1_1
15 Feb 2011 08:00:38
|
wen |
- Document tomcat vulnerability |
1.1_1
11 Feb 2011 22:23:48
|
delphij |
Document two phpMyAdmin vulnerabilities. |
1.1_1
11 Feb 2011 21:39:03
|
nox |
Update to 10.2r152.
PR: ports/154630
Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:
http://www.freebsd.org/ports/portaudit/4a3482da-3624-11e0-b995-001b2134ef46.html
Feature safe: yes |
1.1_1
11 Feb 2011 19:59:48
|
delphij |
Document mupdf PDF handling remote code execution vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:51:21
|
delphij |
Document rubygem-mail Remote Arbitrary Shell Command Injection Vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:48:03
|
delphij |
Document plone remote security bypass vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:40:12
|
delphij |
Document exim local privilege escalasion vulnerability.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
11 Feb 2011 19:36:45
|
delphij |
Document OpenOffice multiple vulnerabilities.
Submitted by: Tim Zingelman <tez netbsd.org> |
1.1_1
10 Feb 2011 16:44:00
|
miwi |
- Cleanup previous commit |
1.1_1
10 Feb 2011 10:41:58
|
kwm |
Document multiple webkit-gtk2 security vulnabilities, fixed in 1.2.7. |
1.1_1
10 Feb 2011 00:44:26
|
delphij |
Document awstat multiple vulnerability.
Notified by: Tim Zingelman <tez netbsd.org> |
1.1_1
10 Feb 2011 00:28:17
|
delphij |
Document Opera multiple vulnerabilities.
Notified by: Tim Zingelman <tez netbsd.org> |
1.1_1
09 Feb 2011 21:37:55
|
delphij |
Document multiple vulnerabilities in Django.
Notified by: Jesco Freund <jesco.freund my-universe.com> |
1.1_1
09 Feb 2011 05:36:33
|
miwi |
- S/seriuos/serious |
1.1_1
09 Feb 2011 05:23:00
|
miwi |
- Document mediawiki - multiple vulnerabilites |
1.1_1
09 Feb 2011 04:53:13
|
miwi |
- Add chinese/wordpress-zh_CN and chinese/wordpress-zh_TW to the previous
wordpress entry |
1.1_1
05 Feb 2011 04:37:18
|
miwi |
- While here drop MD5 Support
Feature safe: yes |
As an Amazon Associate I earn from qualifying purchases.
