| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
27 Aug 2005 22:25:31
  |
simon  |
Document evolution -- remote format string vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1
27 Aug 2005 21:54:42
|
simon |
Document pam_ldap -- authentication bypass vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1
27 Aug 2005 18:17:24
|
simon |
Mark phpgroupware as vulnerable to pear-XML_RPC -- remote PHP code
injection vulnerability.
Reported by: olgeni
Approved by: portmgr (blanket, VuXML) |
1.1_1
26 Aug 2005 21:24:31
|
simon |
Document pcre -- regular expression buffer overflow.
Approved by: portmgr (blanket, VuXML) |
1.1_1
23 Aug 2005 20:26:39
|
simon |
Mark latest awstats port as fixed for awstats -- arbitrary code
execution vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1
23 Aug 2005 19:07:08
|
sem |
Document mail/elm remote buffer overflow vulnerability.
PR: ports/85225
Submitted by: Kevin Day <toasty@dragondata.com> (elm maintainer)
Approved by: portmgr (blanket, VuXML) |
1.1_1
19 Aug 2005 09:58:20
|
remko |
Document four vulnerabilities in openvpn:
* openvpn -- multiple TCP clients connecting with the same certificate at the
same time can crash the server
* openvpn -- denial of service: malicious authenticated "tap" client
can deplete server virtual memory
* openvpn -- denial of service: undecryptable packet from authorized client can
disconnect unrelated clients
* openvpn -- denial of service: client certificate validation can disconnect
unrelated clients
Approved by: portsmgr (blanket VuXML)
Submitted by: Matthias Andree <matthias dot andree at gmx dot de> |
1.1_1
17 Aug 2005 20:01:02
|
simon |
Also mark phpAdsNew as affected by "pear-XML_RPC -- remote PHP code
injection vulnerability".
Approved by: portmgr (blanket, VuXML) |
1.1_1
17 Aug 2005 19:46:40
|
remko |
Add the fixed version so that people do not get a stale portaudit when the
update is there.
Also fix some indentation that i overlooked.
Noticed by: simon (both of the items)
Approved by: portsmgr (blanket VuXML) |
1.1_1
17 Aug 2005 19:34:44
|
remko |
Document tor -- diffie-hellman handshake flaw.
Submitted by: Michal Bartkowiak <michal at nonspace dot net>
Approved by: portsmgr (blanket VuXML) |
1.1_1
16 Aug 2005 21:19:30
|
simon |
gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark it
as such.
Approved by: portmgr (blanket, VuXML) |
1.1_1
16 Aug 2005 20:56:54
|
simon |
Add eGroupWare to the list of packages affected by "pear-XML_RPC --
remote PHP code injection vulnerability".
Approved by: portmgr (blanket, VuXML) |
1.1_1
16 Aug 2005 18:43:41
|
simon |
Document acroread -- plug-in buffer overflow vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1
15 Aug 2005 20:38:54
|
simon |
Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code
injection vulnerability" entry since they contain an embedded version of
pear-XML_RPC.
Fix typo in body of the latest xpdf entry (note: no modified date bump
as this is a minor typo fix which does change <affects>).
Approved by: portmgr (blanket, VuXML) |
1.1_1
15 Aug 2005 13:20:31
|
simon |
Document pear-XML_RPC -- remote PHP code injection vulnerability.
Submitted by: hrs
Approved by: portmgr (blanket, VuXML) |
1.1_1
14 Aug 2005 21:09:11
|
simon |
Document awstats -- arbitrary code execution vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1
12 Aug 2005 16:38:54
|
simon |
After further examination it turns out that gnugadu does not include
libgadu, at least not any in any current version, and from looking at
the gnugadu code there is no direct indication that this code should
actually be vulnerable to the other libgadu vulnerabilities. [1]
The gaim part of libgadu -- multiple vulnerabilities was fixed in
1.4.0_1. [2]
Polish translation clue: pjd [1]
General clue by: markus [2]
Not enough checking: simon
Approved by: portmgr (blanket, VuXML) |
1.1_1
12 Aug 2005 14:45:57
|
simon |
Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiple
vulnerabilities, since it turns out that they use libgadu from the ekg
port.
Approved by: portmgr (blanket, VuXML) |
1.1_1
12 Aug 2005 14:21:10
|
simon |
Document libgadu -- multiple vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1
12 Aug 2005 11:26:44
|
simon |
Document gaim -- AIM/ICQ away message buffer overflow and gaim --
AIM/ICQ non-UTF-8 filename crash.
Approved by: portmgr (blanket, VuXML) |
1.1_1
12 Aug 2005 10:42:14
|
simon |
Remove pdftohtml from the list of packages affected by xpdf -- disk
fill DoS vulnerability, since it includes xpdf 2, which should not be
affected.
Approved by: portmgr (blanket, VuXML) |
1.1_1
11 Aug 2005 22:18:53
|
simon |
Document xpdf -- disk fill DoS vulnerability.
Approved by: portmgr (blanket, VuXML) |
1.1_1
11 Aug 2005 12:40:52
|
simon |
Mark apache 1.3.33_2 as fixed for apache -- http request smuggling.
Approved by: portmgr (blanket, VuXML) |
1.1_1
09 Aug 2005 11:51:25
|
simon |
Document gforge -- XSS and email flood vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1
07 Aug 2005 22:19:56
|
simon |
Document postnuke -- multiple vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1
05 Aug 2005 13:32:17
|
simon |
Document mambo -- multiple vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1
05 Aug 2005 10:34:41
|
remko |
Correct the ranges for the IPSec advisory and the devfs advisory.
Also correct proper ranges for the zlib advisory.
Approved by: portsmgr (blanket VuXML) |
1.1_1
05 Aug 2005 10:21:39
|
remko |
Document some recent FreeBSD advisories:
o devfs -- ruleset bypass.
o zlib -- buffer overflow vulnerability.
o ipsec -- Incorrect key usage in AES-XCBC-MAC.
Approved by: portsmgr (blanket VuXML) |
1.1_1
04 Aug 2005 15:56:53
|
remko |
Add some more entries to the apache -- http smuggling vulnerability.
PR: ports/84312
Submitted by: Dmitry A Grigorovich <odip at bionet dot nsc dot ru>
Approved by: portsmgr (blanket VuXML) |
1.1_1
03 Aug 2005 17:14:16
|
simon |
Document proftpd -- format string vulnerabilities.
Approved by: portmgr (blanket, VuXML) |
1.1_1
03 Aug 2005 16:54:48
|
simon |
Note that the fix for gnupg -- OpenPGP symmetric encryption
vulnerability in gnupg is not complete (see entry for details).
Discussed with: nectar
Approved by: portmgr (blanket, VuXML) |
1.1_1
03 Aug 2005 11:58:12
|
simon |
Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg --
OpenPGP symmetric encryption vulnerability.
Reminded by: nectar
Approved by: portmgr (blanket, VuXML) |
1.1_1
01 Aug 2005 18:38:11
|
simon |
Mark latest gdal version as fixed for all tiff vulnerabilities. |
1.1_1
01 Aug 2005 07:45:18
|
niels |
Added nbsmtp format string vulnerability.
Approved by: nectar (mentor) |
1.1_1
31 Jul 2005 23:39:50
|
simon |
Mark latest the linux-tiff and pdflib ports safe from latest tiff
vulnerability.
Thanks to lawrance and netchild for fast fixes. |
1.1_1
31 Jul 2005 15:00:54
|
simon |
Document sylpheed -- MIME-encoded file name buffer overflow
vulnerability. |
1.1_1
31 Jul 2005 13:50:20
|
simon |
Document phpmyadmin -- cross site scripting vulnerability. |
1.1_1
31 Jul 2005 13:23:50
|
simon |
Document gnupg -- OpenPGP symmetric encryption vulnerability.
Note: this is mainly a theoretical vulnerability. |
1.1_1
31 Jul 2005 11:38:25
|
remko |
Bump entry date.
Forgotten by: remko
Spotted by: simon |
1.1_1
31 Jul 2005 11:31:52
|
remko |
Document vim -- vulnerabilities in modeline handling: glob, expand.
Discussed with: nectar, simon |
1.1_1
30 Jul 2005 22:20:27
|
simon |
Document that ekg -- insecure temporary file creation was fixed in
1.6r2,1.
Noted by: Michal Kalkowski |
1.1_1
30 Jul 2005 20:20:52
|
simon |
Add pdflib-perl, fractorama, gdal, iv, ivtools, ja-iv, ja-libimg,
paraview to recent libtiff vulnerabilities since they contain (and
compile) an embedded version of libtiff... |
1.1_1
30 Jul 2005 19:13:10
|
simon |
Change MAINTAINER address for ports maintained by the Security Team to
secteam@ instead of security@ to make it more clear that the ports are
not maintained by the freebsd-security@ mailing list. Both addresses
go to the same people. |
1.1_1
30 Jul 2005 15:48:06
|
simon |
Document tiff -- buffer overflow vulnerability. |
1.1_1
30 Jul 2005 11:18:20
|
simon |
- Misc. markup/whitespace fixes.
- Collapse a few package entries from the latest apache entry (still
matches same package names, is just shorter markup-wise).
- Use standard topic style for jaberd entry.
- Fix entry date for jaberd entry. |
1.1_1
30 Jul 2005 10:00:41
|
vsevolod |
Document jabberd vulnerabilities that were fixed by the latest update.
Approved by: perky (mentor) |
1.1_1
30 Jul 2005 09:24:47
|
simon |
Be consistent and use the same title for the latest ethereal
vulnerabilities as used for previous entries. |
1.1_1
30 Jul 2005 09:13:14
|
simon |
Document opera -- image dragging vulnerability and opera -- download
dialog spoofing vulnerability. |
1.1_1
30 Jul 2005 08:26:07
|
simon |
Document ethereal -- multiple vulnerabilities. |
1.1_1
28 Jul 2005 08:51:43
|
clement |
- Fix apache 2.1 range for CAN-2005-2088 entry which prevents apache 2.0 from
upgrading.
Pointyhat to: clement, remko
Reviewed by: erwin |
1.1_1
28 Jul 2005 04:22:14
|
remko |
Mark apache+mod_ssl-1.3.33+2.8.22_1 as not vulnerable in the latest Apache
entry. |
1.1_1
27 Jul 2005 17:21:35
|
remko |
There must be an curse. s/il/li/.
Noticed by: nectar |
1.1_1
27 Jul 2005 17:01:45
|
remko |
Update my latest Apache entry to make clear that this only affects certain
installations (when Apache is used as a HTTP proxy in combination with some
web servers). I didn't make that clear in the first commit.
Requested by: nectar
Discussed with: clement |
1.1_1
27 Jul 2005 15:57:54
|
remko |
Document apache -- http request smuggling.
Requested by: clement
Glanced at by: clement |
1.1_1
26 Jul 2005 13:32:39
|
erwin |
Set modified date in entry for previous commit.
Cluebat swung by: simon |
1.1_1
26 Jul 2005 10:50:57
|
erwin |
Note that the fd_set vulnerability in net/bld was fixed in 0.3.3
Prodded by: garga
Glanced at by: remko |
1.1_1
25 Jul 2005 15:57:46
|
hrs |
Document clamav -- multiple remote buffer overflows. |
1.1_1
23 Jul 2005 09:30:02
|
simon |
- Document isc-dhcpd -- format string vulnerabilities (older
vulnerabilty). [1]
- Use standard title format for latest egroupware entry.
Reminded by: Panagiotis Christias [1] |
1.1_1
23 Jul 2005 02:03:37
|
kuriyama |
Add entry for eGroupWare's recent vulnerabilities. |
1.1_1
22 Jul 2005 09:44:32
|
barner |
Document denial of service attack in fetchmail 6.5.2.1.
Reported by: Matthias Andree <matthias.andree@gmx.de>
Reviewed by: simon |
1.1_1
21 Jul 2005 21:13:46
|
simon |
Update phppgadmin entry to note that it was fixed in 3.5.4 and add a
few references while here anyway.
Prodded by: Tobias Roth (I think :-) ) |
1.1_1
21 Jul 2005 16:31:13
|
simon |
Document dnrd -- remote buffer and stack overflow vulnerabilities. |
1.1_1
21 Jul 2005 13:38:26
|
simon |
Fix typo in last commit
Noticed by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
21 Jul 2005 10:56:44
|
simon |
Add more references to latest fetchmail entry [1] and sort references
while here anyway.
Submitted by: Matthias Andree <matthias.andree@gmx.de> [1] |
1.1_1
21 Jul 2005 08:43:12
|
trhodes |
Document an issue with the LDAP backend provided by PowerDNS. |
1.1_1
20 Jul 2005 19:43:05
|
simon |
Document fetchmail -- remote root/code injection from malicious POP3
server.
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
18 Jul 2005 20:07:26
|
mich |
o add kdebase (kate) vulnarability.
Reviewed by: simon |
1.1_1
18 Jul 2005 09:54:06
|
simon |
Add CVE names to recent bugzilla entry. |
1.1_1
16 Jul 2005 14:38:04
|
simon |
- Document firefox & mozilla -- multiple vulnerabilities.
- Minor style nit in drupal entry: Use port name (i.e. lower case) as
first part of the title. |
1.1_1
16 Jul 2005 11:29:43
|
erwin |
Add an entry for the drupal vulnerabilities. |
1.1_1
15 Jul 2005 14:35:00
|
niels |
Fixed incorrect newsfetch and mnogosearch affected package versions
Approved by: nectar (mentor) |
1.1_1
13 Jul 2005 03:04:17
|
kuriyama |
Markup fixed version of net-snmp problem. |
1.1_1
09 Jul 2005 20:02:57
|
remko |
Correct a typo: s/lemote/remote/
Spotted by: simon |
1.1_1
09 Jul 2005 19:57:13
|
remko |
Document the following vulnerabilities:
phpSysInfo -- cross site scripting vulnerability
mysql-server -- insecure temporary file creation
net-snmp -- fixproc insecure temporary file creation
phpbb -- multiple vulnerabilities
shtool -- insecure temporary file creation
Approved by: simon |
1.1_1
08 Jul 2005 21:36:19
|
simon |
Document phppgadmin -- "formLanguage" local file inclusion vulnerability. |
1.1_1
08 Jul 2005 21:17:12
|
simon |
Document pear-XML_RPC -- information disclosure vulnerabilities. |
1.1_1
08 Jul 2005 21:03:14
|
simon |
Document ekg -- insecure temporary file creation. |
1.1_1
08 Jul 2005 20:29:17
|
simon |
Document bugzilla -- multiple vulnerabilities. |
1.1_1
08 Jul 2005 20:04:14
|
simon |
Document nwclient -- multiple vulnerabilities (old issues).
PR: ports/82101
Submitted by: niels
Noticed by: Derik van Zuetphen <dz@426.ch> |
1.1_1
06 Jul 2005 22:46:03
|
simon |
Add CAN reference to recent phpbb vulnerability. |
1.1_1
06 Jul 2005 22:25:12
|
simon |
Document acroread -- insecure temporary file creation. |
1.1_1
06 Jul 2005 22:14:55
|
simon |
Document two calmav vulnerabilities. |
1.1_1
06 Jul 2005 21:34:32
|
simon |
- Add FreeBSD-SA-05:16.zlib.
- Fix ranges for recent security advisories, a bunch of <le> really
should have been <lt>. |
1.1_1
06 Jul 2005 20:45:34
|
simon |
Document acroread -- buffer overflow vulnerability. |
1.1_1
05 Jul 2005 21:13:39
|
simon |
Document net-snmp -- remote DoS vulnerability. |
1.1_1
05 Jul 2005 20:33:11
|
simon |
Document cacti -- multiple vulnerabilities.
Prodded by: Babak Farrokhi <babak@farrokhi.net> |
1.1_1
05 Jul 2005 19:01:16
|
simon |
- Add another reference to bzip2 -- denial of service and permission
race vulnerabilities.
- Document two cases of wordpress -- multiple vulnerabilities. |
1.1_1
03 Jul 2005 08:40:52
|
hrs |
Document the following issues:
- phpbb -- remote PHP code execution vulnerability
- pear-XML_RPC -- arbitrary remote code execution |
1.1_1
03 Jul 2005 08:12:20
|
simon |
Add certvu reference to kernel -- TCP connection stall denial of service
vulnerability. |
1.1_1
29 Jun 2005 23:00:52
|
simon |
Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and
FreeBSD-SA-05:15.tcp. |
1.1_1
24 Jun 2005 20:38:41
|
simon |
Document ethereal -- multiple protocol dissectors vulnerabilities. |
1.1_1
24 Jun 2005 10:22:19
|
hrs |
Document tor -- information disclosure. |
1.1_1
24 Jun 2005 09:09:23
|
hrs |
Document linux-realplayer -- RealText parsing heap overflow. |
1.1_1
23 Jun 2005 06:55:35
|
hrs |
Document ruby -- arbitrary command execution on XMLRPC server. |
1.1_1
21 Jun 2005 09:58:39
|
sem |
- net/cacti - potential SQL injection and cross site scripting attacks |
1.1_1
20 Jun 2005 22:34:16
|
simon |
Document three opera issues. |
1.1_1
20 Jun 2005 20:18:18
|
simon |
Document sudo -- local race condition vulnerability. |
1.1_1
20 Jun 2005 19:17:10
|
simon |
Add another reference to the latest tcpdump issue. |
1.1_1
20 Jun 2005 19:09:23
|
simon |
- Add entry for trac -- file upload/download vulnerability.
- Improve the last couple of entries a bit:
- Whilespace cleanup.
- Use standard topic format (port name first, then description
starting with lower case).
- Make sure SpamAssasin entry also match other 3.0.3 port revisions. |
1.1_1
20 Jun 2005 07:30:57
|
sem |
- razor-agents DoS vulnerabilities
PR: ports/82414
Submitted by: dawnshade <h-k@mail.ru> |
As an Amazon Associate I earn from qualifying purchases.
