14:38 olivier 

Fix collectd5's range version

Reported by:	romain

 

08:45 tz 

Document GitLab vulnerabilities

 

14:45 brnrd 

security/vuxml: Document MySQL vulnerabilities

 

10:38 olivier 

Fix vuxmlbuild by replacing lower case by upper case in cvename

Reported by:	bz

 

10:13 olivier 

Document vulnerability in collectd5

PR:		220797
Reported by:	luca.pizzamiglio@gmail.com
Security:	CVE-2017-7401

 

09:43 olivier 

Document vulnerability in strongswan

PR:		220823
Reported by:	i.dani@outlook.com
Security:	CVE-2017-9022
Security:	CVE-2017-9023

 

14:22 dbaio 

security/vuxml: Document vulnerability in cacti

Security:	CVE-2017-10970

Approved by:	garga (mentor)
Differential Revision:	https://reviews.freebsd.org/D11611

 

18:45 brnrd 

security/vuxml: Document vulnerability in apache24

 

17:42 jkim 

Document latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb17-21.html

 

15:05 timur 

Add an entry for the CVE-2017-11103 in Samba.

Security:	CVE-2017-11103

 

10:57 bhughes 

ecurity/vuxml: add node.js vulnerabilities announced 2017-07-11

The vulnerability in the bundled c-ares dependency is not included,
since the Node.js ports use dns/c-ares as a dependency instead.

Approved by:	mat (co-mentor)
MFH:		2017Q3
Security:	http://www.vuxml.org/freebsd/3eff66c5-66c9-11e7-aa1d-3d2e663cef42.html
Differential Revision:	https://reviews.freebsd.org/D11561

 

00:06 osa 

Document nginx security advisory (CVE-2017-7529).

 

23:44 junovitch 

Document security issue fixed in CodeIgniter 3.1.5

Security:	https://vuxml.FreeBSD.org/freebsd/aaedf196-6436-11e7-8b49-002590263bf5.html

 

14:15 feld 

Document irssi vulnerabilities

PR:		220544
Security:	CVE-2017-10965
Security:	CVE-2017-10966

 

10:34 brnrd 

security/vuxml: Fix <url> for latest PHP entry

 

07:59 brnrd 

security/vuxml: Register oniguruma/php-mbstring vulns

 

19:26 acm 

- Add drupal7 to vuxml entry

 

18:47 acm 

- Document new vulnerabilities in www/drupal8 < 8.3.4

 

06:33 danfe 

Another round of spelling fixes, covering entries of the year 2015.

 

19:01 danfe 

Fix a bunch of noticed typos and spelling mistakes, covering years
2016-2017.  Some of those are so common that I've taken liberty to
fix them all over the file.

 

19:29 ultima 

Added vxvml entry for security/dropbear

PR:		220158
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
Reviewed by:	lifanov (mentor)
Approved by:	lifanov (mentor)
MFH:		2017Q3
Security:	http://www.vuxml.org/freebsd/60931f98-55a7-11e7-8514-589cfc0654e1.html
Differential Revision:	https://reviews.freebsd.org/D11400

 

09:30 brnrd 

security/vuxml: Document smarty3 shell injection vuln

 

13:01 cpm 

- Document libgcrypt side-channel attack on RSA secret keys

Security:	CVE-2017-7526

 

12:25 tz 

Document GitLab vulnerabilities

 

11:05 amdmi3 

- Document tor security regression

Security:	CVE-2017-0377

 

07:04 brnrd 

security/vuxml: Correct apache22 version

 - vulns fixed in unreleased 2.2.33

Reported by:		filis (irc)

 

22:24 vsevolod 

Document Stack Clash vulnerability related to Exim

 

20:42 mm 

Document pear-Horde_Image vulnerabilities.

Security:	CVE-2017-9773
Security:	CVE-2017-9774

 

17:20 mandree 

Document OpenVPN vulnerabilities.

Security:	9f65d382-56a4-11e7-83e3-080027ef73ec
Security:	CVE-2017-7508
Security:	CVE-2017-7512
Security:	CVE-2017-7520
Security:	CVE-2017-7521
Security:	CVE-2017-7522

 

07:27 brnrd 

security/vuxml: Fix entry uppercasing

 - Introduced in 443943

 

07:05 brnrd 

security/vuxml: Document Apache httpd vulnerabilities

 

10:52 cpm 

Document new vulnerabilities in www/chromium < 59.0.3071.104

Obtained
from:	https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html

 

21:58 sunpoet 

Document cURL vulnerability

 

20:54 matthew 

Fix the range of vulnerable versions for p5-RT-Authen-ExternalAuth --
BestPractical have released a tarball of patches, but they've also
pushed 0.27 up to CPAN and that has the fixes incorporated.

 

20:42 matthew 

Document multiple vulnerabilities in www/rt42, www/rt44 and
www/p5-RT-Authen-ExternalAuth

 

18:26 jkim 

Document latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb17-17.html

 

19:56 jbeich 

security/vuxml: mark firefox < 54 as vulnerable

 

06:12 woodsb02 

Correct vulnerable versions of security/heimdal after the security fix
was backported in 7.1.0_3

PR:		219657
Security:	CVE-2017-6594

 

18:20 feld 

Document roundcube vulnerability

PR:		219789

 

17:08 tijl 

Document GNUTLS-SA-2017-4.

Security:	https://gnutls.org/security.html#GNUTLS-SA-2017-4

 

00:24 zi 

- Document remote DoS in irc/irssi

 

15:05 cpm 

Document new vulnerabilities in www/chromium < 59.0.3071.86

Obtained
from:	https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html

 

19:46 lifanov 

Document vulnerability in sysutils/ansible (CVE-2017-7481)

 

15:27 zi 

- Document authentication bypass in security/duo

 

13:50 zi 

- Document vulnerability in net/freeradius3 (CVE-2017-9148)

 

15:30 feld 

Document heimdal vulnerability

PR:		219657
Security:	CVE-2017-6594

 

13:21 tz 

Modify GitLab entries:
- wrap long lines
- add missing modfied

 

10:26 kwm 

Update imagemagick entry

* Fix indention
* Add ranges to the imagemagick 6 version check, to prep for
  ImageMagick patch for the branch.
* Add portepoch's to the imagemagick 6 versions.
* Bump imagemagick 6 version. This version fixes at least one of
  the mentioned CVE's.
* Change CVE-2017-8365 to CVE-2017-8765. CVE-2017-8365 is a
  libsndfile CVE.
* Add modified tag.

 

08:01 brnrd 

security/vuxml: Fix latest ImageMagick entry

 - Fix case in pkgname
 - Add version 7
 - add -nox pkgnamesuffix

PR:		219497
Submitted by:	Dani <i.dani@outlook.com>

 

12:25 feld 

Document FreeBSD-SA-17:04.ipfilter

 

12:24 feld 

Document FreeBSD-SA-17:03.ntp

 

12:23 feld 

Add missing info for FreeBSD-SA-17:02.openssl

 

07:38 riggs 

Document remote code execution via subtitles in multimedia/vlc

 

22:12 mandree 

Document OpenEXR 2.2.0 vulnerabilities

Reported by:	Brandon Perry
Security:	803879e9-4195-11e7-9b08-080027ef73ec
Security:	CVE-2017-9116
Security:	CVE-2017-9115
Security:	CVE-2017-9114
Security:	CVE-2017-9113
Security:	CVE-2017-9112
Security:	CVE-2017-9111
Security:	CVE-2017-9110

 

20:51 brnrd 

security/vuxml: Document ImageMagick vulnerabilities

PR:		219497
Reported by:	dani <i.dani@outlook.com>

 

09:31 brnrd 

security/vuxml: Document samba RCE vulnerability

 - Add entry for samba
 - Fix tabs/space previous entry

Security:	CVE-2017-7494

 

09:18 danfe 

Document another round of multiple vulnerabilities found in the kernel
mode layer handler of nVidia GPU display driver.

Security:	CVE-2017-0350, CVE-2017-0351, CVE-2017-0352
PR:		219465
Submitted by:	Andrew Marks

 

08:58 dinoex 

- add miniupnpc CVE-2017-8798

 

08:29 miwi 

- Fix spelling

Reported by:	remko

 

07:16 joneum 

- Document Wordpress multible vulnerabilities

Approved by:	miwi (mentor)
Differential Revision:	https://reviews.freebsd.org/D10789

 

22:59 madpilot 

Document net/asterisk13 and net/pjsip vulnerabilities.

 

20:08 ler 

Clean up joomla3 entry.

Submitted by:	zi

 

17:21 ler 

Add cvename

 

17:18 ler 

Add entry for Joomla3 20170501.

 

10:58 tz 

Document recent GitLab vulnerabilities.

Security:
https://vuxml.FreeBSD.org/freebsd/9704930c-3bb7-11e7-93f7-d43d7e971a1b.html

 

10:47 tz 

Fix name of old gitlab-entry, its gitlab instead of rubygem-gitlab

 

10:45 tz 

Document GitLab vulnerabilities.

Security: CVE-2017-0882
Security:
https://vuxml.FreeBSD.org/freebsd/5d62950f-3bb5-11e7-93f7-d43d7e971a1b.html

 

08:44 kwm 

Document freetype2 vulnability.

Security:	CVE-2017-8105, CVE-2017-8287

 

20:27 mandree 

Add openvpn < 2.3.15/< 2.4.2 DoS vuln.

https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

Reported by:	Samuli Seppanen
Security:	04cc7bd2-3686-11e7-aa64-080027ef73ec
Security:	CVE-2017-7478
Security:	CVE-2017-7479

 

14:23 girgen 

Add information about vulnerabilities in PostgreSQL

Security:	CVE-2017-7484 CVE-2017-7485 CVE-2017-7486

 

12:02 tcberner 

Document kauth privilege escalation.

Reviewed by:	rakuco
Approved by:	rakuco (mentor)
Security:	CVE-2017-8422
Differential Revision:	https://reviews.freebsd.org/D10660

 

21:45 pawel 

Document mail/libetpan null dereference vulnerability

 

21:49 jkim 

CVE-2017-7867 and CVE-2017-7868 were fixed in r440117.

 

22:41 cpm 

Document new vulnerability in www/chromium < 58.0.3029.96

Obtained
from:	https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html

 

21:36 ler 

security/vuxml: Document dovecot2 vulnerability

PR:		218671
Approved by:	adamw (mentor, implicit), ports-secteam (maintainer timeout)
Security:	CVE-2017-2669

 

17:33 brnrd 

security/libressl-devel: Mark vulnerabile 2.5.3

 

09:23 brnrd 

security/vuxml: Document LibreSSL vulnerability

 - CVE-2017-8301 TLS verification vulnerability

 

03:41 lwhsu 

Document Jenkins Security Advisory 2017-04-26

 

02:34 junovitch 

Document security issues fixed in CodeIgniter 3.1.4

Security:	https://vuxml.FreeBSD.org/freebsd/df0144fb-295e-11e7-970f-002590263bf5.html

 

20:12 brnrd 

security/vuxml: Document weechat vulnerability

PR:		218852
Submitted by:	Jochen Neumeister <joneum@bsdproject.de>

 

10:40 mat 

and make validate for something I did not do.

Pointy hat:	acm
Sponsored by:	Absolight

 

10:37 mat 

I'm stupid.

Pointy hat:	mat
Sponsored by:	Absolight

 

10:26 mat 

This was fixed a while ago.

Sponsored by:	Absolight

 

18:54 acm 

- Document new vulnerability in www/drupal8 < 8.3.1

 

13:46 cpm 

Document new vulnerabilities in www/chromium < 58.0.3029.81

Obtained
from:	https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html

 

18:48 jkim 

Add a separate entry for linux-c7-graphite2.  It is not fixed yet.

 

18:43 jkim 

CVE-2017-5436 was fixed by r438984.

 

16:54 jbeich 

security/vuxml: back out r438981 as I've confused already extracted directory

 

16:49 jbeich 

security/vuxml: icu 59.1 doesn't have the fix

 

16:00 jbeich 

security/vuxml: oops, forgot PORTEPOCH from r418152

 

15:56 jbeich 

security/vuxml: mark icu < 59.1 as vulnerable

 

15:29 jbeich 

security/vuxml: mark old sndfile/samplerate/tiff as vulnerable

 

14:25 sunpoet 

Document cURL vulnerability

 

08:39 jbeich 

security/vuxml: mark some firefox < 53 bundled deps as vulnerable

 

02:24 jbeich 

security/vuxml: mark firefox < 53 as vulnerable

 

19:11 brnrd 

security/vuxml: Document vulnerabilities from Oracle 2017Q2 update

 

10:15 mat 

Adjust the bind9-devel version it was fixed in.

Sponsored by:	Absolight

 

03:58 delphij 

Document BIND multiple vulnerabilities.

 

14:26 kami 

security/vuxml: Add id Tech 3 remote code execution

PR:		217911
Reviewed by:	delphij, #ports_secteam
Approved by:	delphij, #ports_secteam
Security:	CVE-2017-6903
Differential Revision:	https://reviews.freebsd.org/D10244

 

13:52 junovitch 

Document Xen Security Advisory (XSA 212)

Security:	CVE-2017-7228
Security:	https://vuxml.FreeBSD.org/freebsd/90becf7c-1acf-11e7-970f-002590263bf5.html