| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_6
26 Jul 2023 15:21:08
     |
Li-Wen Hsu (lwhsu)  |
security/vuxml: Document Jenkins Security Advisory 2023-07-26
Sponsored by: The FreeBSD Foundation |
1.1_6
23 Jul 2023 11:45:32
|
Nuno Teixeira (eduardo)
Author: Stefan Bethke |
security/vuxml: Document www/gitea vulnerability
PR: 272672
Security: ab0bab3c-2927-11ee-8608-07b8d3947721 |
1.1_6
21 Jul 2023 14:36:50
|
Bryan Drewery (bdrewery) |
security/vuxml: Add entry for OpenSSH CVE-2023-38408 |
1.1_6
20 Jul 2023 10:47:40
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 115.0.5790.98
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html |
1.1_6
20 Jul 2023 06:40:26
|
Fernando Apesteguía (fernape)
Author: Patrick R Groeneveld |
security/vuxml: Document vulnerabilities in emulators/virtualbox-ose*
ChangeLog: https://www.oracle.com/security-alerts/
PR: 271141
Reported by: grahamperrin@freebsd.org |
1.1_6
18 Jul 2023 17:08:40
|
Ashish SHUKLA (ashish) |
security/vuxml: Document www/element-web vulnerability
Security: CVE-2023-37259
Security: c70c3dc3-258c-11ee-b37b-901b0e9408dc |
1.1_6
17 Jul 2023 13:07:12
|
Fernando Apesteguía (fernape) |
security/vuxml: record www/gitea vulnerabilities
* Test if container blob is accessible before mounting
* Set type="password" on all auth_token fields
PR: 272538 |
1.1_6
16 Jul 2023 18:23:07
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL 3.x vuln |
1.1_6
14 Jul 2023 07:05:30
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron22 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v22.3.17 |
1.1_6
10 Jul 2023 19:32:04
|
Jason E. Hale (jhale) |
security/vuxml: cad/librecad < 2.2.0.1 OOB read
Security: CVE-2023-30259
Security: b67d768c-1f53-11ee-82ed-4ccc6adda413 |
1.1_6
10 Jul 2023 16:32:19
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6
09 Jul 2023 10:32:01
|
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix py-suds entry (b31f7029-817c-4c1f-b7d3-252de5283393)
PR: 272346
Reported by: David M. <root@network-dev.org>
Reference: https://github.com/suds-community/suds/issues/94
https://github.com/advisories/GHSA-vpqp-hx68-p2wx |
1.1_6
06 Jul 2023 06:30:38
|
Fernando Apesteguía (fernape) |
security/vuxml: update www/gitea vulnerability
Avoid open HTTP redirects.
PR: 272380 |
1.1_6
06 Jul 2023 06:01:49
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v23.3.10,
https://github.com/electron/electron/releases/tag/v24.6.2 |
1.1_6
05 Jul 2023 18:53:59
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerability |
1.1_6
05 Jul 2023 06:08:29
|
Fernando Apesteguía (fernape) |
security/vuxml: add net/phpldapamin XSS vulnerability
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows
users to store malicious values that may be executed by other users at a later
time via get_request in lib/function.php.
CVE-2021-35132 with Base Score 7.8 (HIGH). |
1.1_6
03 Jul 2023 13:43:54
|
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_6
01 Jul 2023 13:03:38
|
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6
30 Jun 2023 18:23:21
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
30 Jun 2023 15:19:27
|
Koichiro Iwao (meta) |
security/vuxml: Document security/softether{,-devel} vulnerability
Security: https://www.softether.org/9-about/News/904-SEVPN202301 |
1.1_6
27 Jun 2023 21:16:19
|
Matthias Andree (mandree) |
security/vuxml: document openexr dwa out-of-bounds read
OSS-Fuzz 59382
Security: 06428d91-152e-11ee-8b14-dbdd62da85fb |
1.1_6
27 Jun 2023 07:40:55
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 114.0.5735.198
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html |
1.1_6
25 Jun 2023 07:23:15
|
Nuno Teixeira (eduardo)
Author: Boris Korzun |
security/vuxml: Add www/grafana{8,9} vulnerabilities
* CVE-2023-3128 - Account takeover / authentication bypass
( https://grafana.com/security/security-advisories/cve-2023-3128 )
PR: 272161 |
1.1_6
23 Jun 2023 09:29:09
|
Eugene Grosbein (eugen) |
security/vuxml: another correction for devel/py-setuptools*
This time is covers two other records additionally.
Reported-by: leres |
1.1_6
22 Jun 2023 14:09:33
|
Eugene Grosbein (eugen) |
security/vuxml: correct range after previous commit for py39-setuptools
Fixes: a3d611120fccf3b51b3dc62ec9246588e7d7a8ac |
1.1_6
22 Jun 2023 13:45:10
|
Eugene Grosbein (eugen) |
devel/py-setuptools{44,58}: fix CVE-2022-40897 backporting a patch
Follow recent commit to devel/py-setuptools and fix old versions same way.
Reported-by: vishwin |
1.1_6
22 Jun 2023 13:24:12
|
Eugene Grosbein (eugen) |
devel/py-setuptools: fix CVE-2022-40897 backporting a patch
This commit integrates one-line upstream fix for the problem:
https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be.diff
Our port has not been fixed for several months making users unhappy.
It's upto the maintainer to update the port, this commit does not update it.
Bump PORTREVISION and adjust VuXML entry.
Due to the nature of the problem and fix there is no need in updating consumers. |
1.1_6
22 Jun 2023 11:34:12
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v22.3.14,
https://github.com/electron/electron/releases/tag/v23.3.8,
https://github.com/electron/electron/releases/tag/v24.6.0 |
1.1_6
16 Jun 2023 18:36:43
|
Jan Beich (jbeich) |
security/vuxml: mark libX11 < 1.8.6 as vulnerable
PR: 263190
Reported by: lwhsu |
1.1_6
16 Jun 2023 12:06:17
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v22.3.13,
https://github.com/electron/electron/releases/tag/v23.3.7,
https://github.com/electron/electron/releases/tag/v24.5.1 |
1.1_6
14 Jun 2023 13:50:08
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2023-06-14
Sponsored by: The FreeBSD Foundation |
1.1_6
13 Jun 2023 22:07:00
|
Hiroki Tagato (tagattie) |
security/vuxml: document vscode information disclosure vulnerability
Obtained
from: https://github.com/microsoft/vscode/security/advisories/GHSA-j5wm-6crw-xvmr |
1.1_6
13 Jun 2023 18:10:23
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 114.0.5735.133
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html |
1.1_6
12 Jun 2023 15:08:30
|
Palle Girgensohn (girgen) |
security/vuxml: add devel/xmltooling vulnerability |
1.1_6
09 Jun 2023 18:21:40
|
Dan Langille (dvl) |
security/vuxml: add security/acme.sh vuln
I didn't find a CVE.
https://github.com/acmesh-official/acme.sh/issues/4659 |
1.1_6
08 Jun 2023 06:55:34
|
Fernando Apesteguía (fernape)
Author: Boris Korzun |
security/vuxml: Add www/grafana{8,9} vulnerabilities
* CVE-2023-2183: with Base Score 4.1 (MEDIUM)
* CVE-2023-2801: with Base Score 7.5 (HIGH)
PR: 271893
Reported by: Boris Korzun <drtr0jan@yandex.ru> |
1.1_6
08 Jun 2023 02:52:02
|
Wen Heping (wen) |
security/vuxml: Document python's multiple vulnerabilities |
1.1_6
07 Jun 2023 06:07:37
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 114.0.5735.106
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html |
1.1_6
07 Jun 2023 04:44:27
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
06 Jun 2023 20:43:15
|
Oleksii Samorukov (samm) |
security/vuxml: update qpress package infromation with xtrabackup8
- According to https://jira.percona.com/browse/PXB-2854 xtrabackup
2.xx is not impacted |
1.1_6
06 Jun 2023 20:10:27
|
Oleksii Samorukov (samm) |
security/vuxml: Add qpress vulnerability CVE-2022-45866 |
1.1_6
06 Jun 2023 12:05:47
|
Fernando Apesteguía (fernape) |
security/vuxml: Add www/kanboard CVEs
* CVE-2023-33956: with Base Score 4.3 (MEDIUM)
* CVE-2023-33968: with Base Score 5.4 (MEDIUM)
* CVE-2023-33969: with Base Score 6.4 (MEDIUM)
* CVE-2023-33970: with Base Score 5.4 (MEDIUM) |
1.1_6
31 May 2023 15:49:12
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix entry fd87a250-ff78-11ed-8290-a8a1599412c6
Sponsored by: The FreeBSD Foundation |
1.1_6
31 May 2023 10:43:11
|
Bernard Spil (brnrd) |
security/vuxml: Add OpenSSL vulnerability CVE-2023-2650 |
1.1_6
31 May 2023 06:47:04
|
Fernando Apesteguía (fernape) |
security/vuxml: Add XSS php80-kanboard vulnerability
CVE-2023-32685 with Base Score 7.1 (HIGH)
PR: 271702 |
1.1_6
31 May 2023 06:08:43
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 114.0.5735.90
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html |
1.1_6
28 May 2023 09:09:37
|
Bernard Spil (brnrd) |
security/vuxml: Document MariaDB vulnerability |
1.1_6
22 May 2023 17:33:26
|
Florian Smeets (flo) |
security/vuxml: add phpmyfaq < 3.1.14 |
1.1_6
19 May 2023 21:04:47
|
Renato Botelho (garga)
Author: R. Christian McDonald |
security/vuxml: Add curl 8.1.0 CVEs
Sponsored by: <Rubicon Communications, LLC ("Netgate") |
1.1_6
19 May 2023 17:35:07
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.9 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.9
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of FTP packets with a CMD command
with a large path followed by a very large number of replies
could cause Zeek to spend a long time processing the data.
- A specially-crafted with a truncated header can cause Zeek to
overflow memory and potentially crash.
- A specially-crafted series of SMTP packets can cause Zeek to
generate a very large number of events and take a long time to
process them.
- A specially-crafted series of POP3 packets containing MIME data
can cause Zeek to spend a long time dealing with each individual
file ID.
Reported by: Tim Wojtulewicz |
1.1_6
18 May 2023 07:56:43
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron vulnerability
Obtained from: https://github.com/electron/electron/releases/tag/v22.3.10,
https://github.com/electron/electron/releases/tag/v23.3.3 |
1.1_6
17 May 2023 11:45:07
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 113.0.5672.126
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html |
1.1_6
16 May 2023 02:07:19
|
Danilo G. Baio (dbaio) |
security/vuxml: Remove empty cvename entry
This should fix the FreeBSD VuXML website build. |
1.1_6
13 May 2023 21:11:47
|
Matthias Andree (mandree) |
security/vuxml: add missing xmlns to body tag of
2023's vuln entry 8e20430d-a72b-11ed-a04f-40b034455553
(MinIO admin user creation from unprivileged account, CVE-2022-24842)
This fixes vxquery complaints (the line number might differ
depending on how many entries we've added to vuln/2023.xml):
Parsing failed @ line 4675:
Expected element in XHTML namespace. |
1.1_6
13 May 2023 05:56:47
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerability |
1.1_6
12 May 2023 07:39:35
|
Alexander Leidinger (netchild) |
security/vuxml: add piwigo vulnerabilities |
1.1_6
11 May 2023 15:42:13
|
Palle Girgensohn (girgen) |
security/vuxml: document postgresql-server vulnerabilities
CVE-2023-2454
CVE-2023-2455 |
1.1_6
10 May 2023 11:35:05
|
Hiroki Tagato (tagattie) |
security/vuxml: document vscode information disclosure vulnerability
Obtained
from: https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr |
1.1_6
08 May 2023 13:03:02
|
Fernando Apesteguía (fernape) |
security/vuxml: Multiple glpi vulnerabilities
CVE-2023-28849
CVE-2023-28632
CVE-2023-28838
CVE-2023-28852
CVE-2023-28636
CVE-2023-28639
CVE-2023-28634
CVE-2023-28633
PR: 271286
Reported by: mathias@monnerville.com |
1.1_6
08 May 2023 06:22:36
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document crash on access vulnerability in redis |
1.1_6
06 May 2023 05:57:41
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerability |
1.1_6
05 May 2023 00:44:57
|
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_6
03 May 2023 06:15:46
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 113.0.5672.63
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html |
1.1_6
02 May 2023 20:09:52
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_6
01 May 2023 18:15:43
|
Fernando Apesteguía (fernape) |
security/vuxml: Add net/cloud-init* CVE
CVE-2023-1786: Sensitive data leak. |
1.1_6
30 Apr 2023 20:20:46
|
Dave Cottlehuber (dch) |
security/vuxml: add h2o CVE-2023-30847 entry
Security: 4da51989-5a8b-4eb9-b442-46d94ec0802d
Security: CVE-2023-30847 |
1.1_6
28 Apr 2023 14:20:47
|
Matthias Andree (mandree) |
security/vuxml: Update ghostscript CVE-2023-28879 entry
and mark ghostscript9-agpl-base 9.56.1_10 as fixed,
and remove ghostscript9-agpl-x11 which does not seem to be
using the vulnerable code.
Security: 25872b25-da2d-11ed-b715-a1e76793953b
Security: CVE-2023-28879
PR: 270823 |
1.1_6
27 Apr 2023 07:49:23
|
Matthew Seaman (matthew)
Author: Boris Korzun |
security/vuxml: Document grafana{8,9} security vulnerabilities
* CVE-2023-1387
* CVE-2023-24538
PR: 271086
Reported by: Boris Korzun |
1.1_6
26 Apr 2023 14:26:37
|
Renato Botelho (garga) |
security/vuxml: Document devel/git vulnerabilities
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_6
26 Apr 2023 06:12:59
|
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability in www/element-web |
1.1_6
25 Apr 2023 13:20:40
|
Fernando Apesteguía (fernape) |
security/vuxml: jellyfin multiple vulnerabilities
CVE-2023-30626 - directory traversal vulnerability
CVE-2023-30627 - XSS vulnerability
PR: 271041
Reported by: debdrup@ |
1.1_6
24 Apr 2023 18:00:50
|
Florian Smeets (flo) |
security/vuxml: add phpmyfaq < 3.1.13 |
1.1_6
22 Apr 2023 12:27:15
|
Bernard Spil (brnrd) |
security/vuxml: Fix URLs in MySQL 2023Q2 vulnerabilities |
1.1_6
22 Apr 2023 12:20:32
|
Bernard Spil (brnrd) |
security/vuxml: Document MySQL 2023Q2 vulnerabilities |
1.1_6
21 Apr 2023 18:16:34
|
Matthias Andree (mandree) |
security/vuxml: fix typo in ghostscript entry update |
1.1_6
21 Apr 2023 18:09:19
|
Matthias Andree (mandree) |
security/vuxml: fix up ghostscript version range of CVE-2023-28879
Pointy hat to: mandree@ for misreading the quoted Artifex page
Reported by: Nicholas Taylor <nicholas.e.taylor@gmail.com>
PR: 270823 (comment #3)
Security: CVE-2023-28879
Security: 25872b25-da2d-11ed-b715-a1e76793953b |
1.1_6
20 Apr 2023 17:49:18
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.165
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Differential Revision: https://reviews.freebsd.org/D39717 |
1.1_6
16 Apr 2023 07:09:27
|
Florian Smeets (flo) |
security/vuxml: add libxml2 < 2.10.4 |
1.1_6
15 Apr 2023 21:11:18
|
Florian Smeets (flo) |
security/vuxml: add mod_gnutls <= 0.12.1 |
1.1_6
15 Apr 2023 17:53:33
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.121
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
Differential Revision: https://reviews.freebsd.org/D39578 |
1.1_6
14 Apr 2023 08:29:45
|
Philip Paeps (philip) |
security/vuxml: fix vuxml build
Remove invalid CVE entries introduced in d58bc805721a.
Pointy hat to: wen |
1.1_6
13 Apr 2023 20:10:39
|
Matthias Andree (mandree) |
security/vuxml: revise ghostscript vuln entry. |
1.1_6
13 Apr 2023 19:20:07
|
Matthias Andree (mandree) |
security/vuxml: ghostscript < 10.01.1 buffer overflow
Security: 25872b25-da2d-11ed-b715-a1e76793953b
Security: CVE-2023-28879 |
1.1_6
12 Apr 2023 06:16:37
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.8 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.8
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted stream of FTP packets containing a command
reply with many intermediate lines can cause Zeek to spend a
large amount of time processing data.
- A specially-crafted set of packets containing extremely large
file offsets cause cause the reassembler code to allocate large
amounts of memory.
- The DNS manager does not correctly expire responses that don't(Only the first 15 lines of the commit message are shown above  ) |
1.1_6
12 Apr 2023 04:32:25
|
Philip Paeps (philip)
Author: Hubert Tournier |
security/vuxml: add another batch of pysec vulnerabilities
Vulnerable Python ports discovered with pysec2vuxml.
See also: <https://github.com/HubTou/pysec2vuxml>.
PR: 270744 |
1.1_6
10 Apr 2023 22:54:54
|
Jan Beich (jbeich) |
security/vuxml: mark ffmpeg >= 4.4.4,1 as not vulnerable |
1.1_6
10 Apr 2023 21:39:54
|
Thomas Zander (riggs) |
security/vuxml: Document vulnerability in traefik before 2.9.9_1 |
1.1_6
10 Apr 2023 06:38:03
|
Philip Paeps (philip)
Author: Hubert Tournier |
security/vuxml: document 20 py*-* vulnerabilities
Vulnerable Python ports discovered with pysec2vuxml.
See also: <https://github.com/HubTou/pysec2vuxml>.
PR: 270723 |
1.1_6
09 Apr 2023 10:02:35
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.49
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
Differential Revision: https://reviews.freebsd.org/D39423 |
1.1_6
09 Apr 2023 09:56:01
|
Rene Ladan (rene) |
security/vuxml: fix whitespace error
Reported by: `make validate` |
1.1_6
08 Apr 2023 15:13:24
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6
07 Apr 2023 14:52:06
|
Timur I. Bakeyev (timur) |
securily/vuxml: document Samba vulnerabilities
CVE-2023-0225, CVE-2023-0922, CVE-2023-0614
Security: CVE-2023-0225
CVE-2023-0922
CVE-2023-0614 |
1.1_6
07 Apr 2023 12:25:37
|
Jan Beich (jbeich) |
security/vuxml: mark ffmpeg < 5.0.3,1 as vulnerable |
1.1_6
01 Apr 2023 07:33:55
|
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6
01 Apr 2023 07:12:53
|
Matthew Seaman (matthew) |
security/vuxml: document grafana vulnerabilities
CVE-2023-1410
PR: 270562
Reported by: Boris Korzun |
1.1_6
31 Mar 2023 04:29:06
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_6
30 Mar 2023 21:27:40
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document ReDoS vulnerability in rubygem-time |
1.1_6
30 Mar 2023 21:27:36
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document ReDoS vulnerability in rubygem-uri |
1.1_6
30 Mar 2023 19:02:28
|
Florian Smeets (flo)
Author: Ralf van der Enden |
security/vuxml: Document powerdns vulnerabilities
PR: 270537 |
1.1_6
30 Mar 2023 11:42:19
|
Bernard Spil (brnrd) |
security/vuxml: Fix typo in blockquote |
As an Amazon Associate I earn from qualifying purchases.
