| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
20 Jul 2005 19:43:05
  |
simon  |
Document fetchmail -- remote root/code injection from malicious POP3
server.
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
18 Jul 2005 20:07:26
|
mich |
o add kdebase (kate) vulnarability.
Reviewed by: simon |
1.1_1
18 Jul 2005 09:54:06
|
simon |
Add CVE names to recent bugzilla entry. |
1.1_1
16 Jul 2005 14:38:04
|
simon |
- Document firefox & mozilla -- multiple vulnerabilities.
- Minor style nit in drupal entry: Use port name (i.e. lower case) as
first part of the title. |
1.1_1
16 Jul 2005 11:29:43
|
erwin |
Add an entry for the drupal vulnerabilities. |
1.1_1
15 Jul 2005 14:35:00
|
niels |
Fixed incorrect newsfetch and mnogosearch affected package versions
Approved by: nectar (mentor) |
1.1_1
13 Jul 2005 03:04:17
|
kuriyama |
Markup fixed version of net-snmp problem. |
1.1_1
09 Jul 2005 20:02:57
|
remko |
Correct a typo: s/lemote/remote/
Spotted by: simon |
1.1_1
09 Jul 2005 19:57:13
|
remko |
Document the following vulnerabilities:
phpSysInfo -- cross site scripting vulnerability
mysql-server -- insecure temporary file creation
net-snmp -- fixproc insecure temporary file creation
phpbb -- multiple vulnerabilities
shtool -- insecure temporary file creation
Approved by: simon |
1.1_1
08 Jul 2005 21:36:19
|
simon |
Document phppgadmin -- "formLanguage" local file inclusion vulnerability. |
1.1_1
08 Jul 2005 21:17:12
|
simon |
Document pear-XML_RPC -- information disclosure vulnerabilities. |
1.1_1
08 Jul 2005 21:03:14
|
simon |
Document ekg -- insecure temporary file creation. |
1.1_1
08 Jul 2005 20:29:17
|
simon |
Document bugzilla -- multiple vulnerabilities. |
1.1_1
08 Jul 2005 20:04:14
|
simon |
Document nwclient -- multiple vulnerabilities (old issues).
PR: ports/82101
Submitted by: niels
Noticed by: Derik van Zuetphen <dz@426.ch> |
1.1_1
06 Jul 2005 22:46:03
|
simon |
Add CAN reference to recent phpbb vulnerability. |
1.1_1
06 Jul 2005 22:25:12
|
simon |
Document acroread -- insecure temporary file creation. |
1.1_1
06 Jul 2005 22:14:55
|
simon |
Document two calmav vulnerabilities. |
1.1_1
06 Jul 2005 21:34:32
|
simon |
- Add FreeBSD-SA-05:16.zlib.
- Fix ranges for recent security advisories, a bunch of <le> really
should have been <lt>. |
1.1_1
06 Jul 2005 20:45:34
|
simon |
Document acroread -- buffer overflow vulnerability. |
1.1_1
05 Jul 2005 21:13:39
|
simon |
Document net-snmp -- remote DoS vulnerability. |
1.1_1
05 Jul 2005 20:33:11
|
simon |
Document cacti -- multiple vulnerabilities.
Prodded by: Babak Farrokhi <babak@farrokhi.net> |
1.1_1
05 Jul 2005 19:01:16
|
simon |
- Add another reference to bzip2 -- denial of service and permission
race vulnerabilities.
- Document two cases of wordpress -- multiple vulnerabilities. |
1.1_1
03 Jul 2005 08:40:52
|
hrs |
Document the following issues:
- phpbb -- remote PHP code execution vulnerability
- pear-XML_RPC -- arbitrary remote code execution |
1.1_1
03 Jul 2005 08:12:20
|
simon |
Add certvu reference to kernel -- TCP connection stall denial of service
vulnerability. |
1.1_1
29 Jun 2005 23:00:52
|
simon |
Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and
FreeBSD-SA-05:15.tcp. |
1.1_1
24 Jun 2005 20:38:41
|
simon |
Document ethereal -- multiple protocol dissectors vulnerabilities. |
1.1_1
24 Jun 2005 10:22:19
|
hrs |
Document tor -- information disclosure. |
1.1_1
24 Jun 2005 09:09:23
|
hrs |
Document linux-realplayer -- RealText parsing heap overflow. |
1.1_1
23 Jun 2005 06:55:35
|
hrs |
Document ruby -- arbitrary command execution on XMLRPC server. |
1.1_1
21 Jun 2005 09:58:39
|
sem |
- net/cacti - potential SQL injection and cross site scripting attacks |
1.1_1
20 Jun 2005 22:34:16
|
simon |
Document three opera issues. |
1.1_1
20 Jun 2005 20:18:18
|
simon |
Document sudo -- local race condition vulnerability. |
1.1_1
20 Jun 2005 19:17:10
|
simon |
Add another reference to the latest tcpdump issue. |
1.1_1
20 Jun 2005 19:09:23
|
simon |
- Add entry for trac -- file upload/download vulnerability.
- Improve the last couple of entries a bit:
- Whilespace cleanup.
- Use standard topic format (port name first, then description
starting with lower case).
- Make sure SpamAssasin entry also match other 3.0.3 port revisions. |
1.1_1
20 Jun 2005 07:30:57
|
sem |
- razor-agents DoS vulnerabilities
PR: ports/82414
Submitted by: dawnshade <h-k@mail.ru> |
1.1_1
19 Jun 2005 04:57:35
|
hrs |
Fix year in <discovery> and <entry>.
Noticed by: nectar
Pointy hat to: hrs |
1.1_1
18 Jun 2005 17:27:50
|
hrs |
Document SpamAssassin -- Denial of service vulnerability. |
1.1_1
18 Jun 2005 17:15:37
|
hrs |
Document squirrelmail -- Several cross site scripting vulnerabilities. |
1.1_1
18 Jun 2005 16:54:40
|
hrs |
Document acroread -- XML External Entity vulnerability. |
1.1_1
18 Jun 2005 14:49:15
|
simon |
Use standard topic format for gzip vulnerability. |
1.1_1
18 Jun 2005 14:32:18
|
simon |
Document FreeBSD-SA-05:11.gzip. |
1.1_1
17 Jun 2005 23:19:34
|
simon |
Document SA-05:10.tcpdump. |
1.1_1
17 Jun 2005 19:12:46
|
simon |
Document two vulnerabilities in Gaim. |
1.1_1
17 Jun 2005 18:37:41
|
nectar |
Document an older, more serious gallery vulnerability. |
1.1_1
17 Jun 2005 18:30:12
|
nectar |
Document XSS vulnerabilities in gallery. |
1.1_1
17 Jun 2005 18:11:27
|
nectar |
Document KDE kstars vulnerability. |
1.1_1
17 Jun 2005 17:00:17
|
nectar |
Document fd_set overruns reported by 3APA3A. |
1.1_1
09 Jun 2005 08:44:04
|
simon |
Document leafnode -- denial of service vulnerability.
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
03 Jun 2005 19:45:36
|
nectar |
Document a directory traversal issue in older GForge versions. |
1.1_1
03 Jun 2005 19:29:42
|
nectar |
Document an authentication bypass vulnerability in imap-uw. |
1.1_1
03 Jun 2005 19:18:39
|
nectar |
Document squid denial-of-service vulnerabilities. |
1.1_1
03 Jun 2005 19:08:21
|
nectar |
Document a remote denial-of-service vulnerability in racoon. |
1.1_1
03 Jun 2005 18:24:44
|
nectar |
Document integer overflows in xli. |
1.1_1
03 Jun 2005 18:19:23
|
nectar |
Document arbitrary command execution vulnerabilities in xli and
xloadimage. |
1.1_1
03 Jun 2005 18:01:04
|
nectar |
Add new CVE names for yamt entry. |
1.1_1
03 Jun 2005 17:56:42
|
nectar |
Correct and improve recent xli entry:
* It actually affected xloadimage and xli
* A slightly better topic than just "buffer overflows"
* More refererences
* Fix the version number for xli... it is still vulnerable as of this
writing |
1.1_1
03 Jun 2005 16:26:14
|
nectar |
Correct recently added yamt entry:
* This is not CAN-2004-1302, which was documented much earlier
* Try to explain the issue
* Add the only public reference to the issue I can find |
1.1_1
03 Jun 2005 04:48:47
|
trhodes |
Buffer overflow in xli. |
1.1_1
03 Jun 2005 02:15:20
|
trhodes |
Fix breakage I caused. |
1.1_1
03 Jun 2005 02:09:22
|
trhodes |
Note buffer overflows and directory transversal issues in audio/ymat. |
1.1_1
01 Jun 2005 17:16:28
|
nectar |
Update entry for FreeStyle Wiki:
* <topic> style: ASCII em-dash "--" for separator
* replace quoted text with more informative excerpt from a Secunia
advisory
* add CVE name |
1.1_1
01 Jun 2005 17:07:58
|
nectar |
Document vulnerabilities in XView library. |
1.1_1
01 Jun 2005 16:52:45
|
nectar |
document a vulnerability in xtrlock |
1.1_1
01 Jun 2005 16:27:15
|
nectar |
Document vulnerabilities reported in the Red Hat 7.1 libraries. |
1.1_1
01 Jun 2005 16:09:53
|
nectar |
Document squirrelmail vulnerabilities. |
1.1_1
01 Jun 2005 15:53:40
|
nectar |
correct version number for mailman password generation issue |
1.1_1
01 Jun 2005 15:51:41
|
nectar |
Document vulnerability in set-user-ID sympa application. |
1.1_1
01 Jun 2005 15:36:40
|
nectar |
Another older mailman vulnerability, somewhat minor |
1.1_1
01 Jun 2005 15:27:01
|
nectar |
Add year-old mailman vulnerability, that seems to not have been
previously documented here. |
1.1_1
01 Jun 2005 14:48:38
|
nectar |
document Apache Jakarta Tomcat 5.x XSS issue |
1.1_1
29 May 2005 15:01:14
|
simon |
Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflow
vulnerability".
Reminded by: NAKAJI Hiroyuki <nakaji@jp.freebsd.org> |
1.1_1
29 May 2005 03:06:35
|
kuriyama |
- Update to 3.5.8 (including XSS problem fix).
Submitted by: Toshiya SAITOH <toshiya@saitoh.nu>
PR: ports/81520 |
1.1_1
22 May 2005 13:27:45
|
remko |
Remove a forgotten :.
Spotted by: simon |
1.1_1
22 May 2005 13:18:12
|
remko |
Document the following issues:
o freeradius -- sql injection and denial of service vulnerability
o ppxp -- local root exploit
o oops -- format string vulnerability
Approved by: simon |
1.1_1
19 May 2005 19:56:44
|
simon |
Fix entry dates for latest squid entries. |
1.1_1
19 May 2005 19:48:15
|
remko |
Reword the cdrdao entry, this includes comments from Simon which i overlooked.
Forgotten by: remko
Spotted by: simon |
1.1_1
19 May 2005 14:17:01
|
pav |
- Update Squid to 2.5.STABLE10
PR: ports/81213
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer) |
1.1_1
19 May 2005 04:17:32
|
remko |
Document cdrdao -- unspecified privilege escalation vulnerability.
Approved by: simon |
1.1_1
14 May 2005 03:43:46
|
simon |
Document two gaim issues. |
1.1_1
13 May 2005 16:24:43
|
nectar |
Add FreeBSD-SA-05:09.htt. |
1.1_1
13 May 2005 15:34:49
|
nectar |
$EDITOR should not be quoted. It might be "emacsclient -a vi" or
something. |
1.1_1
13 May 2005 15:33:48
|
nectar |
MAINTAINER -> security@FreeBSD.org |
1.1_1
13 May 2005 15:32:12
|
nectar |
Update some leafnode references.
Add new leafnode vulnerability.
PR: ports/80724
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1
12 May 2005 09:59:32
|
simon |
Document two new vulnerabilities in mozilla/firefox. |
1.1_1
11 May 2005 19:00:50
|
simon |
Document mozilla -- code execution via javascript: IconURL vulnerability. |
1.1_1
09 May 2005 07:04:53
|
okazaki |
Document some vulnerabilities in groff.
- pic2graph and eqn2graph are vulnerable to symlink attack through temporary
files
- groffer uses temporary files unsafely
PR: ports/80671
Submitted by: KOMATSU Shinichiro |
1.1_1
03 May 2005 10:14:19
|
sem |
- gnu-radius exploitation was fixed in maintenance release 1.2.94
as reported in
http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities
PR: ports/80558 (follow-up)
Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru> |
1.1_1
02 May 2005 18:57:26
|
glewis |
. Update the version for the jar(1) vulnerability so that 1.2.2p11_4 is
no longer considered vulnerable. Adjust the modified date for the entry. |
1.1_1
01 May 2005 14:33:38
|
remko |
Document sharutils -- unshar insecure temporary file creation
Approved by: simon |
1.1_1
01 May 2005 12:25:14
|
remko |
Document rsnapshot -- local privilege escalation
Approved by: simon |
1.1_1
01 May 2005 00:30:17
|
brooks |
coppermine -- IP spoofing and XSS vulnerability |
1.1_1
29 Apr 2005 15:00:58
|
glewis |
. Correct the range of vulnerable jdk14 ports for the jar(1) vulnerability
and update the modified time for the entry. |
1.1_1
27 Apr 2005 21:35:57
|
simon |
Document ImageMagick -- ReadPNMImage() heap overflow vulnerability. |
1.1_1
27 Apr 2005 21:24:36
|
simon |
Bump modified date for last commit. |
1.1_1
27 Apr 2005 20:46:04
|
glewis |
. Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable to
the jar(1) vulnerability but is still marked vulnerable to the browser
plugin vulnerability (although the plugin is no longer built by default). |
1.1_1
25 Apr 2005 21:53:20
|
simon |
Document mplayer & libxine -- MMS and Real RTSP buffer overflow
vulnerabilities. |
1.1_1
25 Apr 2005 21:10:40
|
simon |
Document some older vulnerabilities in GAIM. |
1.1_1
23 Apr 2005 11:40:18
|
simon |
Document kdewebdev -- kommander untrusted code execution vulnerability. |
1.1_1
22 Apr 2005 21:53:43
|
remko |
Fix a typo in the kdelibs - kimgio entry. |
1.1_1
22 Apr 2005 21:52:07
|
remko |
junkbuster -- heap corruption vulnerability and configuration modification
vulnerability
Approved by: simon |
As an Amazon Associate I earn from qualifying purchases.
