16:33 brd 

Document Jenkins vulnerabilities.

 

19:44 bhughes 

security/vuxml: document Node.js vulnerabilities, December 2017

Approved by:	mat (co-mentor)
Differential Revision:	https://reviews.freebsd.org/D13489

 

10:58 tz 

Document GitLab Vulnerability

Security:
https://vuxml.FreeBSD.org/freebsd/e72a8864-e0bc-11e7-b627-d43d7e971a1b.html

 

06:41 remko 

Add entry for CVE-2017-8819.

Requested by:	Roger Marquis
Hat:		FreeBSD Security Team

 

20:45 madpilot 

- Add CVE names for old asterisk13 vulnerabilities
- Fix typo

 

20:37 madpilot 

Document asterisk13 vulnerability.

 

14:44 swills 

Document libxml2 issue

 

14:53 tijl 

Fix version range in latest curl entry.

 

14:45 tijl 

Add linux-c7-curl to latest curl entry.

Security:	301a01b7-d50e-11e7-ac58-b499baebfeaf

 

15:41 feld 

Document FreeBSD-SA-17:12.openssl

 

11:37 cmt 

document latest wireshark vulnerabilities

 

20:35 sunpoet 

Fix version range of mail/procmail

PR:		223777
Submitted by:	romain

 

15:47 brnrd 

secuirty/vuxml: Document OpenSSL vulnerabilities

 

18:38 feld 

Document FreeBSD-SA-17:11.openssl

 

18:30 feld 

Document FreeBSD-SA-17:10.kldstat

 

18:29 feld 

Document FreeBSD-SA-17:09.shm

 

18:29 feld 

Document FreeBSD-SA-17:08.ptrace

 

18:28 feld 

Document FreeBSD-SA-17:07.wpa

 

23:31 jbeich 

security/vuxml: mark firefox < 57.0.1 as vulnerable

 

13:27 feld 

Document varnish vulnerabilty

Security:	CVE-2017-8807

 

11:46 joneum 

Document vulnerability in www/mybb

Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13343

 

22:16 joneum 

Document wordpress issues

Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13323

 

21:33 madpilot 

Documeent net/asterisk13 vulnerability.

 

18:42 vsevolod 

Document CVE-2017-16944 in Exim

 

10:12 pizzamig 

security/vuxml: Document vulnerability in net/xrdp-devel

PR:		223931
Reported by:	meta+ports@vmeta.jp (maintainer)
Security:	CVE-2017-16927

 

14:36 brnrd 

security/vuxml: Fix formatting

 

14:26 brnrd 

security/vuxml: Document cURL vulnerabilities

 

04:32 dbaio 

security/vuxml: Document vulnerability in py-borgbackup

 

23:00 tobik 

Document www/palemoon vulnerabilities

PR:		223934
Security:	CVE-2017-7832
Security:	CVE-2017-7835
Security:	CVE-2017-7840

 

08:05 vsevolod 

Document mail/exim vulnerability: CVE-2017-16943

 

19:28 joneum 

Document vulnerability in www/mybb

https://blog.mybb.com/2017/11/07/mybb-1-8-13-released-security-maintenance-release/

Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13231

 

15:06 woodsb02 

Document multiple vulnerabilities in sysutils/py-salt

Security:	CVE-2017-14695
Security:	CVE-2017-14696

 

14:08 junovitch 

Document security issue fixed in CodeIgniter 3.1.6

Security:	https://vuxml.FreeBSD.org/freebsd/ef3423e4-d056-11e7-a52c-002590263bf5.html

 

16:12 zi 

- Document vulnerability in procmail

 

14:45 olivier 

Document vulnerability in net/frr

Security:	CVE-2017-15865
Sponsored by:	Orange

 

12:01 pizzamig 

security/vuxml: Document multiple vulnerabilities in net-mgmt/cacti

PR:		223756
Reported by:	freebsd-ports@dan.me.uk
Approved by:	olivier (mentor)
Security:		CVE-2017-16641
Security:		CVE-2017-16660
Security:		CVE-2017-16661
Security:		CVE-2017-16785

 

02:38 wen 

- Document vulnerability in www/mediawiki127, www/mediawiki128 and
www/mediawiki129.

 

11:38 brnrd 

security/vuxml: Mark MariaDB <10.1.29 vulnerable

 - As per release notes [1]

1: https://mariadb.com/kb/en/library/mariadb-10129-release-notes/

 

19:05 jkim 

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb17-33.html

 

17:30 gjb 

Fix vuxml build.

Sponsored by:	The FreeBSD Foundation

 

17:17 girgen 

Information about shibbloeth2-sp security issue

 

17:12 madpilot 

- This vulnerability aapplies to pjsip too.
- Fix typo.

 

19:04 jbeich 

security/vuxml: mark firefox < 57 as vulnerable

 

13:59 tz 

Fix wrong ranges of affected PHP versions

Reported by: Adam McDougall <mcdouga9@egr.msu.edu>

 

19:36 sunpoet 

Document rubygem-geminabox vulnerability

 

21:55 adridg 

security/vuxml: Document vulnerability in irc/konversation

Reported by:	tcberner
Approved by:	tcberner (mentor)
Security:       CVE-2017-15923

 

17:29 dbaio 

security/vuxml: Document vulnerability in in mail/roundcube

PR:		223557
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security:	CVE-2017-16651

 

23:19 cpm 

Document new vulnerabilities in www/chromium < 62.0.3202.89

Obtained
from:	https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html

 

16:01 girgen 

Document PostgreSQL vulnerabilities

 

14:17 swills 

Document jenkins vulnerabilities

 

10:12 madpilot 

Document Asterisk vulnerabilities.

 

18:42 brnrd 

security/vuxml: Fix MySQL 10.1 vulnerable version

PR:		223482
Reported by:	Marcin Gryszkalis <mg fork pl>

 

21:02 brnrd 

security/vuxml: Document new OpenSSL vulnerabilitities

 

21:14 joneum 

Document wordpress issues

Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D12898

 

16:57 swills 

Document wireshark issues

 

14:31 tz 

Document PHP Vulnerability

Security: CVE-2016-1283
Security:
https://vuxml.FreeBSD.org/freebsd/de7a2b32-bd7d-11e7-b627-d43d7e971a1b.html

 

09:59 cpm 

Document new vulnerability in www/chromium < 62.0.3202.75

Obtained
from:	https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html
Security:	CVE-2017-15396

 

12:49 vd 

Document ftp/wget's stack and heap overflow

Submitted by:	Andrew Perry <pez_098@yahoo.com>
Security:	CVE-2017-13089
Security:	CVE-2017-13090

 

22:56 truckman 

Add headings to each Apache Openoffice vulnerability description.

 

22:46 truckman 

Update Apache OpenOffice entry.

 

18:09 bhughes 

security/vuxml: add node.js remote DoS vulnerability announced 2017-10-24

Reviewed by:	swills
Approved by:	swills (ports-secteam)
Security:	d7d1cc94-b971-11e7-af3a-f1035dd0da62
Differential Revision:	https://reviews.freebsd.org/D12788

 

17:49 truckman 

Revert r452836 to re-add Apache Openoffice entry.

Remove empty <cvename/> to hopefully not break the build this time.

This passes "make validate" just like the last version did.

Suggested by:	gavin

 

10:35 tz 

Document GitLab vulnerabilities

Security:
https://vuxml.FreeBSD.org/freebsd/418c172b-b96f-11e7-b627-d43d7e971a1b.html

 

09:18 gavin 

Revert r452818, the vuxmlweb build does not like empty CVE IDs.

This should likely be tested for as part of "make validate".

Hat:	clusteradm

 

21:22 truckman 

Placeholder entry for editors/openoffice-4 and editors/openoffice-devel
multiple vulnerabilities.  Details are currently embargoed.

 

08:57 brnrd 

security/vuxml: Document cURL vulnerability

 - While here, fix date in latest mysql entry

 

22:25 dch 

Multiple vulnerabilites in www/h2o

Reviewed by:	jrm (mentor)
Approved by:	jrm (mentor)
Security:	CVE-2017-10868
Security:	CVE-2017-10869
Differential Revision:	https://reviews.freebsd.org/D12763

 

17:46 dbaio 

security/vuxml: Document multiple vulnerabilities in irc/irssi

Security:	CVE-2017-15721
Security:	CVE-2017-15722
Security:	CVE-2017-15723
Security:	CVE-2017-15727
Security:	CVE-2017-15228

PR:		223169
Reported by:	David O'Rourke <dor.bsd@xm0.uk>

 

23:01 cpm 

Document new vulnerabilities in www/chromium < 62.0.3202.62

Obtained
from:	https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html

 

19:59 swills 

Document cacti issue

 

14:54 ak 

- Document arj archiver vulnerabilities

 

14:34 woodsb02 

Ensure all krb5 packages are listed in the recent vulnerability entry

 

14:21 woodsb02 

Fix formatting (line length) in recent krb5 vulnerability entry

 

14:17 woodsb02 

Doucument recent MIT Kerberos (krb5) vulnerabilities

 

11:46 brnrd 

security/vuxml: Document MySQL vulnerabilities Q4 2017

 

17:45 swills 

Document xorg issues

 

05:29 jkim 

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

 

02:46 swills 

Fix version on solr issue

 

19:57 swills 

Document hostapd and wpa_supplicant issue

PR:		223051
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

 

16:29 swills 

Document mercurial issue

 

10:46 madpilot 

Document textproc/freexl security vulnerabilities.

PR:		222130
Submitted by:	lbartoletti@tuxfamily.org (maintainer)

 

17:25 swills 

Document ffmpeg issues

PR:		222957
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

 

16:53 kwm 

Document xorg-server CVEs 2017-12176 through 2017-12187.

While here replace the SO-AND-SO part in the description of the previous
xorg-server entry[1], with the Alan Coopersmith who send the announce mail to
xorg-announce@ mailing list.

[1] entry: 4f8ffb9c-f388-4fbd-b90f-b3131559d888

 

16:42 swills 

Document solr issue

 

13:39 swills 

Document jenkins issues

 

15:03 royger 

Document xen-kernel XSA-{237..244}

 

13:52 swills 

Document nss issue

PR:		222952
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>

 

18:30 swills 

Document libosip2 issue

 

18:06 swills 

Document ncurses issues

 

12:54 swills 

Document python issue

 

14:11 swills 

Document node issue

 

14:05 swills 

Document zookeeper issue

 

13:24 swills 

Document libtiff issue

 

11:17 sunpoet 

Document rubygems vulnerability

 

19:29 kwm 

Document two xorg-server vulnabilities.

Security:	CVE-2017-13721, CVE-2017-13723

 

13:26 jhale 

Fix range for 58fafead-cd13-472f-a9bd-d0173ba1b04c

 

00:07 swills 

update versions for tomcat issue

 

00:06 swills 

Document tomcat issue

 

07:56 brnrd 

security/vuxml: Document latest cURL vulnerability

 

15:47 zi 

- Re-add 6887828f-0229-11e0-b84d-00262d5ed8ee as cancelled, instead of purging
it

Submitted by:	Mathieu Arnold <mat@FreeBSD.org>