| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
04 Aug 2010 09:32:27
  |
lwhsu  |
- Fix Piwik entry's <name> tag
Pointed out by: jadawin |
1.1_1
04 Aug 2010 09:18:12
|
lwhsu |
- Add Piwik CVE-2010-2786 entry |
1.1_1
31 Jul 2010 12:00:24
|
kuriyama |
Previous vuln affects only apache-2.2.x |
1.1_1
29 Jul 2010 23:03:53
|
gabor |
- Document libmspack and cabextract vulnerability |
1.1_1
26 Jul 2010 01:42:21
|
kuriyama |
Add entry for apache. |
1.1_1
23 Jul 2010 00:37:11
|
wxs |
Document buffer overflow when parsing gitdir.
While here, tidy up a whitespace problem. |
1.1_1
21 Jul 2010 22:25:34
|
glarkin |
- Document www/codeigniter file upload class vulnerability
Approved by: secteam (timeout - 1 week)
Security: http://codeigniter.com/news/codeigniter_1.7.2_security_patch/ |
1.1_1
21 Jul 2010 12:46:17
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: remko |
1.1_1
19 Jul 2010 00:07:23
|
kwm |
Add vte as package name, instead of empty. |
1.1_1
18 Jul 2010 23:28:32
|
kwm |
Document vte title set+query attack vulnerability.
While here add the CVE numbers to the webkit-gtk2 entry I forgot in the
previous commit.
PR: ports/148678
Submitted by: Janne Snabb <snabb@epipe.com> |
1.1_1
18 Jul 2010 22:44:05
|
kwm |
Document webkit-gtk2 vulnerabilities.
Security: http://blog.kov.eti.br/?p=116 |
1.1_1
10 Jul 2010 08:34:16
|
decke |
- Document redmine vulnerabilities
Approved by: miwi (secteam)
Security: http://www.redmine.org/news/41 |
1.1_1
07 Jul 2010 09:13:02
|
nemoliu |
- Update to 3.1.1
- VuXML entry for PNG decoder security vulnerability
- License information
PR: ports/147871
Approved by: Pavel Pankov <pankov_p@mail.ru> (maintainer)
Feature safe: yes |
1.1_1
06 Jul 2010 21:39:10
|
delphij |
Add bogofilter heap underrun on malformed base64 input.
Submitted by: mandree
PR: ports/148408
Feature safe: yes |
1.1_1
06 Jul 2010 04:38:12
|
miwi |
- Cleanup a bit
Feature safe: yes |
1.1_1
05 Jul 2010 15:41:27
|
skv |
Document "bugzilla" - information disclosure.
Feature safe: yes |
1.1_1
30 Jun 2010 21:00:07
|
makc |
Document multiple vulnerabilities in irc/kvirc*
Approved by: remko@
Feature safe: yes |
1.1_1
28 Jun 2010 17:38:13
|
delphij |
Add bid reference for libpng entry.
Feature safe: yes |
1.1_1
28 Jun 2010 16:18:53
|
dinoex |
- graphics/png CVE-2010-1205
Feature safe: yes |
1.1_1
28 Jun 2010 00:46:12
|
wen |
- Document moodle -- multiple vulnerabilities
Reviewed by: delphij@, miwi@
Feature safe: yes |
1.1_1
27 Jun 2010 21:14:28
|
rene |
Document mDNSResponder -- corrupted stack crash when parsing bad resolv.conf
This only happens on a system where one has a system where
resolv.conf is writable by an untrusted user or where mdnsd is setuid
and can be tricked into opening an alternate resolv.conf.
PR: ports/147007
Submitted by: jmallett@
Approved by: tabthorpe (mentor)
Feature safe: yes |
1.1_1
25 Jun 2010 23:29:50
|
shaun |
Document opera -- Data URIs can be used to allow cross-site scripting.
Assume opera-devel is vulnerable too, although snapshots aren't
mentioned in the advisory, and it's months out of date.
Feature safe: yes |
1.1_1
24 Jun 2010 12:54:49
|
niels |
- Cancelled movemail symlink vulnerability (doesnt affect our ports)
- Added entry for multiple vulnerabilities in cacti 0.8.7f
- Updated ziproxy entry to satisfy "make tidy"
Approved by: itetcu (mentor, implicit)
Feature safe: yes |
1.1_1
23 Jun 2010 18:01:10
|
beat |
- Document mozilla -- multiple vulnerabilities
Feature safe: yes
Approved by: delphij |
1.1_1
18 Jun 2010 00:38:36
|
delphij |
vuln 4e8344a3-ca52-11de-8ee8-00215c6a37bb has been fixed with
php4-gd-4.4.9_4.
Requested by: Michael Gmelin <mg bindone de> |
1.1_1
16 Jun 2010 12:42:09
|
erwin |
Fix typo in previous revision. |
1.1_1
16 Jun 2010 12:13:30
|
miwi |
- Cleanup, Formating |
1.1_1
16 Jun 2010 09:31:35
|
dinoex |
add CVE-2009-2347 tiff |
1.1_1
15 Jun 2010 19:46:47
|
nox |
Document linux-flashplugin -- multiple vulnerabilities.
Reviewed by: tmclaugh |
1.1_1
14 Jun 2010 03:04:22
|
miwi |
- Cleanup / Whitespace fixes |
1.1_1
12 Jun 2010 17:22:38
|
erwin |
Remove empty package in previous revision. |
1.1_1
12 Jun 2010 16:44:34
|
dinoex |
- report FAX3 decoder buffer overrun |
1.1_1
03 Jun 2010 00:10:57
|
wxs |
Document sudo secure path vulnerability. We are not vulnerable to this by
default but a user could build sudo with SUDO_SECURE_PATH defined or turn
it on in sudoers. |
1.1_1
02 Jun 2010 11:24:45
|
pav |
- Update to 3.0.1
PR: ports/147195
Submitted by: Pavel Pankov <pankov_p@mail.ru> (maintainer) |
1.1_1
02 Jun 2010 06:20:29
|
wen |
- Document two mediawiki security vulnerabilities
Approved by: delphij@(ports-security override) |
1.1_1
14 May 2010 18:28:43
|
decke |
- Document multiple redmine vulnerabilities
Approved by: miwi (secteam), beat (co-mentor)
Security: http://www.redmine.org/news/39 |
1.1_1
13 May 2010 09:12:02
|
niels |
Updated tomcat entry (CVE-2010-1157) with fixed version information.
This makes sure that the correct older versions are marked vulnerable
Approved by: itetcu (mentor, implicit)
Security:
http://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html |
1.1_1
12 May 2010 09:46:13
|
niels |
- Added 109 missing CVE names to 60 VuXML entries
- Fixed Tomcat55 entry to mark current PORTREVISION vulnerable
PR: ports/146418
Approved by: itetcu (mentor, implicit)
Security: http://people.freebsd.org/~niels/vuxml/ |
1.1_1
07 May 2010 19:53:26
|
niels |
Added wireshark (DoS) and piwik (XSS) issues
Approved by: itetcu (mentor, implicit)
Security: http://www.wireshark.org/security/wnpa-sec-2010-03.html
Security: http://www.wireshark.org/security/wnpa-sec-2010-04.html
Security: http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/ |
1.1_1
06 May 2010 19:44:56
|
niels |
Added spamass-milter remote command execution vulnerability
Approved by: itetcu (mentor, implicit)
Security: CVE-2010-1132
Security:
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html |
1.1_1
05 May 2010 19:12:37
|
niels |
- Added mediawiki and lxr vulnerabilities
- Fixed vlc topic format (lower case, portname first)
PR: ports/146337
Approved by: itetcu (mentor, implicit)
Security:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
Security:
http://sourceforge.net/mailarchive/message.php?msg_name=E1NS2s4-0001PE-F2%403bkjzd1.ch3.sourceforge.com |
1.1_1
04 May 2010 20:46:06
|
niels |
Added 38 missing CVE names to 24 VuXML entries
(256 CVE names to go)
Approved by: itetcu (mentor, implicit)
Security: http://people.freebsd.org/~niels/vuxml/ |
1.1_1
02 May 2010 15:32:40
|
niels |
Added 34 missing CVE names to 24 VuXML entries
(294 CVE names to go)
Approved by: miwi (secteam)
Security: http://people.freebsd.org/~niels/vuxml/ |
1.1_1
02 May 2010 00:52:40
|
sylvio |
- VideoLAN has released 1.0.6 to address serveral vulnerabilities they discoverd
while working towards the 1.1.0 release. These vulnerabilities could potentially
allow for a specially crafted file to execute code.
PR: ports/146099
Submitted by: Joseph S. Atkinson <jsa@wickedmachine.net> (maintainer) |
1.1_1
30 Apr 2010 04:25:33
|
dinoex |
- fix version for apache+mod_ssl |
1.1_1
30 Apr 2010 04:24:30
|
dinoex |
- fix info for apache+mod_ssl |
1.1_1
28 Apr 2010 21:09:45
|
makc |
Mark kdebase3 as safe now. |
1.1_1
27 Apr 2010 05:46:00
|
niels |
- Documented multiple Joomla! vulnerabilities
- Added new reference to the recent cacti issue
Approved by: remko (secteam)
Security: http://developer.joomla.org/security/ |
1.1_1
24 Apr 2010 21:14:58
|
niels |
Documented vulnerabilities in moodle, tomcat55, tomcat66 and cacti
PR: ports/146021
PR: ports/146022
Approved by: remko (secteam)
Security: http://seclists.org/bugtraq/2010/Apr/200
Security: http://docs.moodle.org/en/Moodle_1.9.8_release_notes
Security: http://www.bonsai-sec.com/en/research/vulnerability.php |
1.1_1
23 Apr 2010 18:16:18
|
niels |
Documented emacs movemail vulnerability and marked the seperate
mail/movemail port vulnerable to an old format string vulnerability.
Approved by: remko (secteam)
Security: http://www.ubuntu.com/usn/USN-919-1 |
1.1_1
21 Apr 2010 20:19:12
|
niels |
Added krb5 double free vulnerability
Approved by: remko (secteam)
Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
Security: CVE-2010-1320 |
1.1_1
20 Apr 2010 21:03:51
|
niels |
Documented the following vulnerabilities:
- png: libpng decompression denial of service
- e107: code execution and XSS vulnerabilities
- pidgin: multiple remote denial of service vulnerabilities
- fetchmail: denial of service vulnerability
PR: ports/145885
PR: ports/145857
Approved by: remko (secteam)
Security: CVE-2010-0996
Security: CVE-2010-0997
Security: CVE-2010-1167
Security: CVE-2010-0277
Security: CVE-2010-0420
Security: CVE-2010-0423
Security: CVE-2010-0205 |
1.1_1
19 Apr 2010 19:06:23
|
niels |
Documented the following vulnerabilities:
- curl: libcurl buffer overflow vulnerability
- irssi: multiple vulnerabilities
- ejabberd: queue overload denial of service vulnerability
Approved by: remko (secteam)
Security: http://curl.haxx.se/docs/adv_20100209.html
Security: http://support.process-one.net/browse/EJAB-1173
Security: http://xforce.iss.net/xforce/xfdb/57790
Security: http://xforce.iss.net/xforce/xfdb/57791 |
1.1_1
19 Apr 2010 07:13:42
|
niels |
- Added three krb5 vulnerabilities
- Fixed indent on mahara entry
- Fixed title of KDM entry
Approved by: remko (secteam)
Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt |
1.1_1
18 Apr 2010 19:00:29
|
niels |
Document mahara sql injection vulnerability
Approved by: remko (secteam)
Security: http://www.debian.org/security/2010/dsa-2030 |
1.1_1
16 Apr 2010 02:25:07
|
wxs |
Correct CVE entry. The advisory from Todd[0] says CVE 2010-0426, which is
the entry assigned to the original sudoedit vulnerability[1]. The new
one (CVE-2010-1163) was just assigned. I believe the one assigned by CVE
folks is the proper one to use.
[0]: http://sudo.ws/sudo/alerts/sudoedit_escalate2.html
[1]: 018a84d0-2548-11df-b4a3-00e0815b8da8 |
1.1_1
15 Apr 2010 20:53:03
|
wxs |
- Document sudo privilege escalation bug. This is similar to
018a84d0-2548-11df-b4a3-00e0815b8da8. |
1.1_1
14 Apr 2010 21:46:52
|
avilla |
- Do not match x11/kdebase4 in latest KDM vulnerability.
Approved by: tabthorpe (mentor) |
1.1_1
14 Apr 2010 19:04:39
|
avilla |
- Document KDM local privilege escalation vulnerability.
Approved by: tabthorpe (mentor), delphij (secteam) |
1.1_1
06 Apr 2010 17:53:39
|
glarkin |
- Document dojo - cross-site scripting and other vulnerabilities
- Document ZendFramework - security issues in bundled Dojo library
Approved by: secteam (remko)
Security:
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
Security: http://framework.zend.com/security/advisory/ZF2010-07 |
1.1_1
06 Apr 2010 07:36:31
|
beat |
- Document firefox -- Re-use of freed object due to scope confusion
Submitted by: Florian Smeets <flo AT smeets.im>
Approved by: miwi |
1.1_1
30 Mar 2010 22:25:05
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: delphij |
1.1_1
25 Mar 2010 21:45:56
|
delphij |
Document postgresql bitsubstr overflow vulnerability |
1.1_1
24 Mar 2010 18:48:01
|
naddy |
Document a buffer overflow in gtar's rmt client functionality. |
1.1_1
23 Mar 2010 08:36:58
|
beat |
- Document firefox -- WOFF heap corruption due to integer overflow
Approved by: miwi |
1.1_1
22 Mar 2010 21:31:00
|
niels |
Updated the xzgv entry: 0.9 version (now in portstree) is not vulnerable
Approved by: itetcu (mentor), miwi (secteam)
Security:
http://www.vuxml.org/freebsd/a813a219-d2d4-11da-a672-000e0c2e438a.html
Security: http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml |
1.1_1
19 Mar 2010 10:16:04
|
miwi |
- Fix build |
1.1_1
19 Mar 2010 07:39:29
|
beat |
- Document mozilla -- multiple vulnerabilities
- Fix a typo
Approved by: miwi |
1.1_1
12 Mar 2010 01:45:48
|
delphij |
Document eGroupware vulnerabilities.
Submitted by: wenheping |
1.1_1
08 Mar 2010 22:50:43
|
miwi |
- Document drupal -- multiple vulnerabilities
Feature safe: yep |
1.1_1
01 Mar 2010 17:47:05
|
wxs |
- Document sudo privilege escalation vulnerability when using
pseudo-command sudoedit
Feature safe: yes |
1.1_1
28 Feb 2010 20:25:10
|
nox |
Attempt to properly take care of the ooo3 -RC and -devel ports too (doh!)
Feature safe: yes |
1.1_1
28 Feb 2010 13:07:55
|
beat |
- Document thunderbird3 vulnerabilities
Approved by: miwi
Feature safe: yes |
1.1_1
26 Feb 2010 21:20:05
|
nox |
Document openoffice -- multiple vulnerabilities
Reviewed by: delphij
Feature safe: yes |
1.1_1
18 Feb 2010 10:02:51
|
beat |
- Document mozilla -- multiple vulnerabilities
Approved by: miwi (secteam)
Feature safe: yes |
1.1_1
16 Feb 2010 18:06:33
|
delphij |
Document lighttpd remote DoS vulnerability.
Reported by: Dan Rowe <dan dracosplace com>
Feature safe: yes |
1.1_1
15 Feb 2010 06:29:30
|
delphij |
Update www/squid and www/squid30 to address Squid HTCP Packet Processing
NULL Pointer Dereference vulnerability (SQUID-2010:2) |
1.1_1
13 Feb 2010 21:55:50
|
nox |
Document linux-flashplugin -- multiple vulnerabilities.
Reviewed by: miwi |
1.1_1
13 Feb 2010 10:29:49
|
kwm |
Add CVE-2010-0414 and CVE-2010-0422 for gnome-screensaver.
Reviewed by: miwi@ |
1.1_1
12 Feb 2010 14:25:55
|
mandree |
Fix range for fetchmail CVE-2010-0562.
Approved by: miwi@ (mentor) |
1.1_1
12 Feb 2010 09:56:31
|
mandree |
Add CVE-2010-0562 entry for mail/fetchmail.
Approved by: miwi (mentor). |
1.1_1
10 Feb 2010 00:47:01
|
delphij |
Document wireshark lwres buffer overflow vulnerability.
Reported by: Andreas <akoga hawaii edu> |
1.1_1
08 Feb 2010 16:38:41
|
skv |
Document "otrs" - SQL injection. |
1.1_1
03 Feb 2010 23:25:16
|
pgollucci |
- add the rest of the apache 1.3.x packages to the list
that are vulnerable
- add a missing ) to the <topic>
Reviewed by: secteam (miwi) |
1.1_1
03 Feb 2010 22:24:54
|
pgollucci |
- document chunk-size integer overflow in apache 1.3.x |
1.1_1
03 Feb 2010 21:47:33
|
pgollucci |
- remove extraneou '>' as reported by make tidy |
1.1_1
02 Feb 2010 22:42:45
|
miwi |
- Mark squid30 now as safe |
1.1_1
02 Feb 2010 09:44:10
|
miwi |
- Update 296ecb59-0f6b-11df-8bab-0019996bc1f7 entry and makr squid3* as safe |
1.1_1
01 Feb 2010 20:25:58
|
delphij |
Security patch for Squid advisory 2010:1, denial of service.
Submitted by: maintainer (Thomas-Martin Seck <tmseck web de>) |
1.1_1
01 Feb 2010 16:45:21
|
skv |
Document "bugzilla" - information leak. |
1.1_1
28 Jan 2010 21:20:45
|
miwi |
- Correct fixed version from previous entry |
1.1_1
28 Jan 2010 21:15:20
|
miwi |
- Document irc-ratbox -- multiple vulnerabilities
PR: based on 143242
Submitted by: moggie <moggie@elasticmind.net> |
1.1_1
21 Jan 2010 19:52:23
|
beat |
- Document thunderbird3 vulnerabilities
Reviewed by: miwi |
1.1_1
18 Jan 2010 17:45:55
|
delphij |
Document dokuwiki multiple vulnerabilities. |
1.1_1
14 Jan 2010 03:32:42
|
glarkin |
- Added entry for multiple vulnerabilities in www/zend-framework
- Cleaned up some entries reported by "make tidy"
Reviewed by: secteam (delphij via email)
Approved by: secteam (delphij via email)
Security: http://framework.zend.com/security/advisory/ZF2010-06
Security: http://framework.zend.com/security/advisory/ZF2010-05
Security: http://framework.zend.com/security/advisory/ZF2010-04
Security: http://framework.zend.com/security/advisory/ZF2010-03
Security: http://framework.zend.com/security/advisory/ZF2010-02
Security: http://framework.zend.com/security/advisory/ZF2010-01
Security: http://framework.zend.com/security/advisory/ZF2009-02
Security: http://framework.zend.com/security/advisory/ZF2009-01 |
1.1_1
09 Jan 2010 10:55:09
|
delphij |
Document powerdns-recursor multiple vulnerabilities. |
1.1_1
04 Jan 2010 23:23:32
|
delphij |
Document pear-Net_Ping and pear-Net_Traceroute arbitrary command execution
vulnerability. |
1.1_1
02 Jan 2010 16:29:33
|
erwin |
Bump copyright year to 2010 |
1.1_1
25 Dec 2009 19:19:35
|
miwi |
- Document drupal -- multiple cross-site scripting |
1.1_1
21 Dec 2009 21:48:57
|
stas |
- Document sysutils/fuser privileges check vulnerability. |
As an Amazon Associate I earn from qualifying purchases.
