| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
01 Dec 2007 14:25:29
  |
simon  |
Make the rubygem-rails -- JSON XSS vulnerability entry valid UTF-8 (at
least the special chars doesn't look like UTF-8 as per emacs or
freshports).
Reported by: freshports via dvl
Approved by: portmgr (secteam blanket) |
1.1_1
28 Nov 2007 00:26:57
|
delphij |
Also cover rubygem-activesupport which is part of rails and is
affected by CVE-2007-3227 as well.
Approved by: portmgr (ports-security blanket) |
1.1_1
28 Nov 2007 00:19:09
|
delphij |
Document recent Ruby On Rails vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
27 Nov 2007 21:57:02
|
brix |
Document ikiwiki improper symlink verification vulnerability.
Reviewed by: remko
Approved by: portmgr (erwin), erwin (mentor) |
1.1_1
27 Nov 2007 21:35:54
|
delphij |
Document firefox multiple unspecified memory corruption vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
21 Nov 2007 18:58:28
|
miwi |
- Document phpmyadmin -- Cross Site Scripting
Reviewed by: remko
Approved by: portmgr (ports-security blanket |
1.1_1
21 Nov 2007 09:02:58
|
miwi |
- Update last Samba entry,
* Add reference to the samba advisories
* Fix the PORTVERSION/PORTEPOCH
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
21 Nov 2007 07:40:51
|
miwi |
Document samba - multiple vulnerabilities
Reviewed by: remko
Approved by: portmgr (ports-security blanket) |
1.1_1
18 Nov 2007 00:47:43
|
delphij |
postnuke 0.763 is not vulnerable to 35f2679f-52d7-11db-8f1a-000a48049292
so mark it as not vulnerable.
Approved by: portmgr (ports-security blanket) |
1.1_1
17 Nov 2007 07:07:41
|
delphij |
Improve JDK version coverage. We should consider PORTEPOCH'ed version
separately, so restruct the range.
Approved by: portmgr (ports-security blanket) |
1.1_1
16 Nov 2007 19:53:07
|
delphij |
Document PHP multiple vulnerabilities that are fixed by php 5.2.5.
Approved by: portmgr (ports-security blanket) |
1.1_1
16 Nov 2007 08:05:48
|
miwi |
- Fix c93e4d41-75c5-11dc-b903-0016179b2dd5 entry
Submitted by: glewis
Reviewed by: remko
Approved by: portmgr (ports-security blanket) |
1.1_1
14 Nov 2007 22:19:07
|
erwin |
print/cups-base is vulnerable for all previous versions to
1.3.3_2, not all coming ones.
Submitted by: Andrew Daugherity <ADaugherity@vprmail.tamu.edu>
Approved by: portmgr (self) |
1.1_1
14 Nov 2007 14:23:33
|
remko |
Document mt-daapd -- denial of service vulnerability, also
correct the previous entry style wise.
Submitted by: Mark D. Foster <mark at foster dot cc> with minor
modifications by me.
Approved by: portmgr (secteam blanket) |
1.1_1
14 Nov 2007 09:23:51
|
miwi |
- Update xpdf -- multiple remote Stream.CC vulnerabilities
* Mark cups-base as safe
Approved by: portmgr (ports-security blanket) |
1.1_1
14 Nov 2007 05:45:24
|
kuriyama |
o Add a patch for CVE-2007-5846, and add an entry for vuxml.
Approved by: portmgr (marcus) |
1.1_1
13 Nov 2007 15:41:57
|
miwi |
- Document flac -- media file processing integer overflow vulnerabilities
Reviewed by: simon
Approved by: portsmgr (ports-security blanket)
Thanks to: naddy |
1.1_1
13 Nov 2007 06:46:44
|
simon |
Unbreak file by closing </li> tag.
Approved by: portmgr (secteam blanket) |
1.1_1
13 Nov 2007 01:14:50
|
delphij |
Document xpdf arbitrary code execution vulnerability, as documented in
CVE-2007-4352, CVE-2007-5392, CVE-2007-5393.
Approved by: portmgr (ports-security blanket) |
1.1_1
12 Nov 2007 19:46:09
|
delphij |
dinoex@ has choosen to apply a vendor patch that has resolved CVE-2007-4351
instead of upgrading to 1.3.4. Mark this updated version as not vulnerable.
Approved by: portmgr (ports-security blanket) |
1.1_1
12 Nov 2007 00:39:01
|
delphij |
Document plone arbitrary code execution vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
11 Nov 2007 18:43:12
|
miwi |
- Updated the last gftp entry (we have 2.0.18_6 in the portstree not 2.10.18_6)
Submitted by: Fabian Keil (via private mail)
Approved by: portmgr (ports-security blanket) |
1.1_1
11 Nov 2007 15:52:24
|
miwi |
- Document phpmyadmin -- cross-site scripting vulnerability
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
09 Nov 2007 19:05:51
|
delphij |
Document gallery2 multiple vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
09 Nov 2007 10:00:02
|
miwi |
- Document tikiwiki -- multiple vulnerabilities
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
09 Nov 2007 07:51:43
|
delphij |
Document cups-base remote buffer overflow vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
07 Nov 2007 22:03:26
|
delphij |
Make perl entry to cover perl-threaded as well.
Reported by: Andy Greenwood <greenwood.andy gmail com>
Approved by: portmgr (ports-security blanket) |
1.1_1
06 Nov 2007 22:19:50
|
miwi |
- Document perl -- regular expressions unicode data buffer overflow
Reviewed by: simon/tobez
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
06 Nov 2007 18:28:58
|
delphij |
Document pcre arbitrary code execution vulnerability.
Approved by: portmgr (ports-security blanket) |
1.1_1
06 Nov 2007 11:03:36
|
beech |
- perdition entry - correct range
Approved by: portmgr (pav) linimon (mentor) |
1.1_1
06 Nov 2007 09:58:50
|
beech |
- Add entry for mail/perdition
PR: ports/117796
Approved by: portmgr (pav), linimon (mentor) |
1.1_1
05 Nov 2007 21:12:08
|
miwi |
- gftp -- multiple vulnerabilities
Reviewed by: simom
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
05 Nov 2007 11:46:14
|
miwi |
- Update dirproxy -- remote denial of service
* Add net/dirproxy with the same affect
* Update net/dirproxy-devel as safe
Reviewed by: simon
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
04 Nov 2007 13:43:35
|
miwi |
- dirproxy -- remote denial of service
Reviewed by: remko
Approved by: portmgr (blanket) (ports-security blanket) |
1.1_1
01 Nov 2007 15:16:38
|
miwi |
- Fix discovery date on my previous commit
Approved by: portmgr (ports-security blanket) |
1.1_1
01 Nov 2007 12:46:52
|
miwi |
- document wordpress -- cross-site scripting
Reviewed by: simon
Approved by: portmgr (ports-security blanket) |
1.1_1
01 Nov 2007 00:58:11
|
delphij |
Extend coverage to OpenLDAP 2.4.x series which is affected according
to CVS history.
Approved by: portmgr (ports-security blanket) |
1.1_1
31 Oct 2007 21:48:27
|
delphij |
Document openldap multiple vulnerabilities.
Approved by: portmgr (ports-security blanket) |
1.1_1
31 Oct 2007 17:21:15
|
simon |
Bump modified date for entry updated in last commit.
Approved by: portmgr (secteam blanket) |
1.1_1
31 Oct 2007 16:38:08
|
girgen |
Update vuxml to reflect that mod_jk and mod_jk-ap2 have
different portepochs.
Approved by: portmgr (pav) |
1.1_1
31 Oct 2007 12:44:04
|
miwi |
- Update mozilla -- code execution via Quicktime media-link files
PR: 117704
Submitted by: John Hein <jhein@timing.com>
Reviewed by: simon
Approved by: portmgr (blanket) secteam (blanket via simon) |
1.1_1
28 Oct 2007 22:22:45
|
delphij |
Document django DoS issue. |
1.1_1
26 Oct 2007 20:41:39
|
miwi |
- Fix day entry for 498a8731-7cfc-11dc-96e6-0012f06707f0
Reviewed by: simon |
1.1_1
25 Oct 2007 18:34:32
|
miwi |
- Document opera -- multiple vulnerabilities
Reviewed by: remko |
1.1_1
25 Oct 2007 08:47:23
|
miwi |
- Document drupal --- multiple vulnerabilities
Reviewed by: simon |
1.1_1
23 Oct 2007 11:12:42
|
miwi |
- Document ldapscripts -- Command Line User Credentials Disclosure
PR: 117152
Submitted by: Ganael Laplanche <ganael.laplanche at martymac.com>
(maintainer/author)
rafan@
Reviewed by: simon@ |
1.1_1
22 Oct 2007 18:51:33
|
delphij |
Modify firefox entry to cover linux-* variants. |
1.1_1
22 Oct 2007 01:37:32
|
delphij |
Document firefox JavaScript Entrapment vulnerabilities. |
1.1_1
20 Oct 2007 20:48:33
|
miwi |
- Fix year entry in 498a8731-7cfc-11dc-96e6-0012f06707f0
Submitted by: freshports
Thanks to: Dan Langille |
1.1_1
19 Oct 2007 14:23:36
|
mnag |
- Add new line between entries. |
1.1_1
17 Oct 2007 22:15:35
|
stas |
- Add entry about recent phpMyAdmin XSS server_status.php vulnerability
- Fix URL in my previous entry while I'm here. |
1.1_1
16 Oct 2007 18:29:34
|
stas |
- Fix package name in 51b51d4a-7c0f-11dc-9e47-0011d861d5e2 and
229577a8-0936-11db-bf72-00046151137e entries (phpmyadmin->phpMyAdmin). |
1.1_1
16 Oct 2007 18:13:04
|
stas |
- Add entry about phpMyAdmin XSS vulnerability. |
1.1_1
13 Oct 2007 09:45:27
|
miwi |
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
Reviewed by: simon |
1.1_1
11 Oct 2007 17:28:01
|
miwi |
Document png -- multiple vulnerabilities
Reviewed by: simon |
1.1_1
10 Oct 2007 12:47:22
|
remko |
Document ImageMagick - Multiple vulnerabilities
Submitted by: Nick Barkas |
1.1_1
10 Oct 2007 12:35:43
|
remko |
Correct mediawiki package names.
Spotted by: Nick Barkas |
1.1_1
09 Oct 2007 07:18:11
|
miwi |
- Dokument jdk/jre -- Applet Caching May Allow Network Access Restrictions to be
Circumvented
Reviewed by: remko |
1.1_1
08 Oct 2007 12:05:08
|
flz |
Document xfs -- multiple vulnerabilities. |
1.1_1
05 Oct 2007 09:35:50
|
miwi |
- Document tcl/tk -- buffer overflow in ReadImage function
PR: 116881
Submitted by: Nick Barkas <snb@threerings.net>
Reviewed by: simon |
1.1_1
04 Oct 2007 22:56:29
|
delphij |
Document firebird multiple remote buffer overflow vulnerabilities |
1.1_1
02 Oct 2007 18:27:37
|
remko |
Update the bugzilla and mediawiki entries to properly match their corrected
versions.
Prodded by: Nick Barkas (and a few others) |
1.1_1
02 Oct 2007 02:04:41
|
delphij |
Update to reflect the fixed version of id3lib. |
1.1_1
01 Oct 2007 21:04:45
|
delphij |
Document id3lib insecure temporary file creation vulnerability |
1.1_1
23 Sep 2007 09:09:33
|
miwi |
- modify mediawiki entry (add missing mediawiki18)
Reviewed by: remko |
1.1_1
23 Sep 2007 01:37:07
|
delphij |
Some PHP 5.x vulnerabilities is also found in PHP 4.x series,
unfortunately it seems that there is no newer PHP release to
fix these issue for 4.x series, so mark it as so.
While I'm there add a new CVE that was not mentioned in
previous revision of entry. |
1.1_1
21 Sep 2007 13:14:30
|
remko |
Document mediawiki -- cross site scripting vulnerability, our port versions
had not been updated yet, 1.8.x is not vulnerable by default unless you are
using the $wgEnableAPI = true; statement, in that case please set it to
$wgEnableAPI = false; (where possible ofcourse, else upgrade to 1.8.5). |
1.1_1
21 Sep 2007 13:02:54
|
remko |
Document wordpress -- remote sql injection vulnerability, our versions are
already up to date for this vulnerability. |
1.1_1
21 Sep 2007 12:41:30
|
remko |
samba -- nss_info plugin privilege escalation vulnerability, the FreeBSD
port had already been fixed for this. |
1.1_1
21 Sep 2007 06:49:49
|
remko |
Document bugzilla -- multiple vulnerabilities
PR: ports/116060
Submitted by: Nick Barkas <snb at threerings dot net>, minor nits from me |
1.1_1
21 Sep 2007 06:35:53
|
delphij |
Document clamav CVE-2007-4510 issue (Remote DoS). |
1.1_1
20 Sep 2007 12:20:27
|
remko |
Document coppermine -- multiple vulnerabilities, the FreeBSD
port is already up to date. |
1.1_1
20 Sep 2007 12:12:54
|
remko |
Document openoffice -- arbitrary command execution vulnerability,
all current versions marked vulnerable, everything as of 2.3 is
believed to be fixed, but we do not have that yet ( I am also not
sure whether the -devel version has the correct fix or not ) so
lets be on the safe side till we know what version will be fixed
in our repro. |
1.1_1
20 Sep 2007 12:04:30
|
remko |
Document bugzilla -- "createmailregexp" security bypass vulnerability,
marking all versions as vulnerable till we know what version is the
one fixed in our CVS repository. |
1.1_1
19 Sep 2007 19:24:45
|
simon |
Spell Ulf Harnhammar (ASCII version of name) using UTF-8 instead of HTML
entities which can't be assumed is available to a paser by default.
This fixes a warning from packaudit. |
1.1_1
19 Sep 2007 17:06:28
|
remko |
Document kdm -- passwordless login vulnerability
Document konquerer -- address bar spoofing
Inspired by: lofi's cvs commits |
1.1_1
19 Sep 2007 16:56:12
|
remko |
Document flyspray -- authentication bypass
Submitted by: Nick Hilliard <nick at foobar dot org> |
1.1_1
19 Sep 2007 16:50:47
|
remko |
Document mozilla -- code execution via Quicktime media-link files,
The Mozilla advisory talks somewhat about Windows for this matter,
but better be safe then sorry (An updated firefox is available already). |
1.1_1
13 Sep 2007 05:50:33
|
delphij |
Update the PHP vulnerability entry:
- Use php5 to cover php 5.x as the port did.
- Add more information about the vulnerability.
Submitted by: Nick Barkas <snb threerings net>
PR: ports/116182 |
1.1_1
11 Sep 2007 19:40:03
|
remko |
Correct a style nit and bump modification date.
Bump modification date for "xpdf -- stack based buffer overflow"
which was forgotten by Jeremy (mezz) :-) |
1.1_1
11 Sep 2007 06:20:55
|
delphij |
Document Apache 2.0.x, 2.2.x series' vulnerabilities as well
as security related improvements in php 5.2.4. |
1.1_1
10 Sep 2007 21:59:15
|
mezz |
There is no code of CVE-2007-3387 vulnerability in evince, therefore remove
it from the database. It only merely depends on poppler and poppler has been
patched (marked as safe in database). |
1.1_1
10 Sep 2007 13:37:24
|
mnag |
- lighttpd -- FastCGI header overrun in mod_fastcgi |
1.1_1
05 Sep 2007 11:26:32
|
remko |
Fix mod_jk's version since PORTEPOCH came into play.
PR: 116115
Reported by: Klavs Klavsen <klavs at EnableIT dot dk> |
1.1_1
05 Sep 2007 08:50:44
|
gabor |
rkhunter -- insecure temporary file creation
Reviewed by: remko |
1.1_1
05 Sep 2007 08:47:00
|
gabor |
lsh -- multiple vulnerabilities
Reviewed by: remko |
1.1_1
02 Sep 2007 12:09:34
|
simon |
Document fetchmail -- denial of service on reject of local
warning message.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
PR: ports/??? (Not received by GNATS yet) |
1.1_1
01 Sep 2007 16:04:24
|
naddy |
Document gtar directory traversal vulnerability.
PR: 115914
Submitted by: Nick Barkas <snb@threerings.net> |
1.1_1
28 Aug 2007 21:03:20
|
miwi |
- Marked sylpheed2 as safe.
Reviewed by: remko |
1.1_1
27 Aug 2007 19:52:30
|
miwi |
- Fix a typo. |
1.1_1
27 Aug 2007 19:44:03
|
miwi |
- Document Sylpheed / Sylpheed-Claws POP3 Format String Vulnerability
Reviewed by: simon |
1.1_1
25 Aug 2007 19:36:42
|
simon |
From latest Opera entry:
- Remove redundant information.
- Bump modified date for recent changes to the entry. |
1.1_1
24 Aug 2007 15:20:17
|
itetcu |
linux-opera and (for the moment defunct) opera-devel are also affected by
df4a7d21-4b17-11dc-9fc2-001372ae3ab9 - Vulnerability in javascript handling so
addd them to the entry.
Submitted by: sat@ |
1.1_1
22 Aug 2007 16:31:46
|
delphij |
Update vuln.xml for rsync 2.6.9_1 which fixed CVE-2007-4091 |
1.1_1
21 Aug 2007 17:20:28
|
delphij |
Document rsync off-by-one stack overflow vulnerability. |
1.1_1
16 Aug 2007 11:53:01
|
miwi |
- Update the wordpress -- unmoderated comments disclosure entry. Is safe with
the 2.2.2 Release.
Approved by: simon |
1.1_1
15 Aug 2007 12:15:39
|
itetcu |
Add info about www/opera's JavaScript vulnerability
PR: ports/115543
Submitted by: Arjan van Leeuwen (maintainer)
Reviewed by: simon@ |
1.1_1
10 Aug 2007 07:31:11
|
remko |
Fix the flac entry by specificing the correct fixed version.
Bump modification date to reflect the above change.
Submitted by: Stefan Ehmann |
1.1_1
02 Aug 2007 19:52:51
|
miwi |
- Document fsplib -- multiple vulnerabilities
Reviewed by: remko |
1.1_1
02 Aug 2007 18:50:07
|
miwi |
Document joomla -- multiple vulnerabilities
Approved by: simon/remko |
As an Amazon Associate I earn from qualifying purchases.
