| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_6
25 Jun 2024 09:31:35
     |
Robert Nagy (rnagy)  |
security/vuxml: add www/*chromium < 126.0.6478.126
Obtained
from: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_24.html |
1.1_6
24 Jun 2024 03:56:19
|
Joseph Mingrone (jrm) |
security/vuxml: Update Emacs arbitrary shell code vulnerability entry
- Tweak title
- Add vulnerable emacs-devel packages
Sponsored by: The FreeBSD Foundation |
1.1_6
23 Jun 2024 21:35:38
|
Joseph Mingrone (jrm) |
security/vuxml: Document Emacs arbitrary shell code evaluation
Emacs 29.4 is an emergency bugfix release intended to fix a security
vulnerability. Arbitrary shell commands are no longer run when turning
on Org mode in order to avoid running malicious code.
Reviewed by: ashish, yasu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45702 |
1.1_6
22 Jun 2024 08:48:01
|
Thomas Zander (riggs) |
security/vuxml: Document Azure Identity Libraries vuln in net/traefik |
1.1_6
21 Jun 2024 06:26:02
|
Jason E. Hale (jhale) |
security/vuxml: add qt5-webengine >= 5.15.17.p2_1 |
1.1_6
20 Jun 2024 22:36:53
|
Jason E. Hale (jhale) |
security/vuxml: add qt6-webengine < 6.7.2 |
1.1_6
20 Jun 2024 19:50:47
|
Matthias Andree (mandree) |
security/vuxml: document two openvpn < 2.6.11 vulns
Security: 142c538e-b18f-40a1-afac-c479effadd5c
Security: CVE-2024-5594
Security: CVE-2024-28882 |
1.1_6
20 Jun 2024 13:10:38
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 126.0.6478.114
Obtained
from: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html |
1.1_6
18 Jun 2024 16:43:54
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 126.0.6478.54
Obtained
from: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html |
1.1_6
18 Jun 2024 02:37:48
|
Sergey A. Osokin (osa) |
security/vuxml: update nginx 1.26.0 security issues |
1.1_6
17 Jun 2024 17:18:47
|
Fernando Apesteguía (fernape)
Author: Stefan Bethke |
security/vuxml: Add www/forgejo vulnerability
CVE-2024-24789
NVD assessment not yet provided
PR: 299781 |
1.1_6
16 Jun 2024 08:22:04
|
Thomas Zander (riggs) |
security/vuxml: Document vulnerability in net/traefik
Details:
- Document Unexpected behavior with IPv4-mapped IPv6 addresses in
net/traefik before 2.11.4, see:
https://github.com/traefik/traefik/security/advisories/GHSA-7jmw-8259-q9jx |
1.1_6
15 Jun 2024 09:51:16
|
Ashish SHUKLA (ashish) |
security/vuxml: Document go language vulnerabilities |
1.1_6
13 Jun 2024 04:56:06
|
Matthias Fechner (mfechner) |
security/vuxml: document gilab vulnerabilities |
1.1_6
12 Jun 2024 02:27:36
|
Jason E. Hale (jhale) |
security/vuxml: Document plasma[56]-plasma-workspace vuln |
1.1_6
10 Jun 2024 21:34:05
|
Guido Falsi (madpilot) |
security/vuxml: Report php composer vulnerabilities.
Obtained
from: https://github.com/composer/composer/security/advisories/GHSA-47f6-5gq3-vx9c
https://github.com/composer/composer/security/advisories/GHSA-v9qv-c7wm-wgmf |
1.1_6
07 Jun 2024 10:34:07
|
Fernando Apesteguía (fernape) |
security/vuxml: record kanboard vulnerability
CVE-2024-36399
NVD assessment not yet provided. |
1.1_6
05 Jun 2024 11:32:19
|
Hajimu UMEMOTO (ume) |
security/vuxml: add cyrus-imapd* < 3.8.3
Obtained
from: https://www.cyrusimap.org/3.8/imap/download/release-notes/3.8/x/3.8.3.html |
1.1_6
03 Jun 2024 12:32:09
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 125.0.6422.141
Obtained
from: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html |
1.1_6
29 May 2024 17:17:07
|
Sergey A. Osokin (osa) |
security/vuxml: add www/nginx-devel < 1.27.0
Obtained: https://nginx.org/en/security_advisories.html |
1.1_6
29 May 2024 12:12:50
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 125.0.6422.112
Obtained
from: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html |
1.1_6
28 May 2024 16:32:47
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL Use-after-free |
1.1_6
25 May 2024 07:12:03
|
Jason E. Hale (jhale) |
security/vuxml: Fix typo |
1.1_6
25 May 2024 06:54:23
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron29 use after free in Dawn
Obtained from: https://github.com/electron/electron/releases/tag/v29.4.1 |
1.1_6
25 May 2024 06:47:06
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron28 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v28.3.2 |
1.1_6
25 May 2024 01:55:22
|
Jason E. Hale (jhale) |
security/vuxml: Document CVE-2024-36048 for qt[56]-networkauth |
1.1_6
22 May 2024 14:45:28
|
Matthias Fechner (mfechner) |
security/vuxml: documented gitlab vulnerabilities |
1.1_6
22 May 2024 13:06:32
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 125.0.6422.76
Obtained
from: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html |
1.1_6
21 May 2024 13:57:49
|
Fernando Apesteguía (fernape) |
security/vuxml: openfire admin console bypass
NVD assessment not yet provided.
PR: 277054 |
1.1_6
21 May 2024 09:14:46
|
Bernard Spil (brnrd) |
security/vuxml: Document Roundcube XSS |
1.1_6
20 May 2024 02:11:23
|
Jason E. Hale (jhale) |
security/vuxml: Fix up 54181a8860c8
Reported by: dbaio |
1.1_6
19 May 2024 05:28:42
|
Jason E. Hale (jhale) |
security/vuxml: Document vulnerabilities in www/qt5-webengine |
1.1_6
18 May 2024 17:06:16
|
Carlo Strub (cs) |
security/vuxml: Add arti security issues
Security: CVE-2024-35313 and CVE-2024-35312 |
1.1_6
17 May 2024 11:50:44
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL 3.x vuln (Low) |
1.1_6
17 May 2024 07:47:55
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron29 setuid vulnerability
Obtained from: https://github.com/electron/electron/releases/tag/v29.4.0 |
1.1_6
15 May 2024 17:55:48
|
Jason E. Hale (jhale) |
security/vuxml: Document www/qt6-webengine vulnerabilities |
1.1_6
15 May 2024 17:55:48
|
Jason E. Hale (jhale) |
security/vuxml: Document devel/qt6-base vulnerability |
1.1_6
15 May 2024 02:02:40
|
Neel Chauhan (nc)
Author: Ralf van der Enden |
dns/dnsdist: update to 1.9.4 (fixes CVE-2024-25581)
PR: 278954
Approved by: submitter is maintainer |
1.1_6
14 May 2024 20:16:20
|
Joseph Mingrone (jrm) |
security/vuxml: Document Intel CPU vulnerabilities
Security: CVE-2023-45733
Security: CVE-2023-45745
Security: CVE-2023-46103
Sponsored by: The FreeBSD Foundation |
1.1_6
14 May 2024 07:51:36
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 124.0.6367.207
Obtained
from: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html |
1.1_6
13 May 2024 17:56:02
|
Ashish SHUKLA (ashish) |
security/vuxml: Document lang/go vulnerability |
1.1_6
12 May 2024 06:33:40
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 124.0.6367.201
Obtained
from: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html |
1.1_6
09 May 2024 22:34:42
|
Palle Girgensohn (girgen) |
security/vuxml: Document vulnerability in postgresql.
CVE-2024-4317: Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs"
entries to the table owner
https://www.postgresql.org/support/security/CVE-2024-4317/ |
1.1_6
09 May 2024 08:40:30
|
Ashish SHUKLA (ashish) |
security/vuxml: Document tailscale vulnerability |
1.1_6
09 May 2024 08:27:47
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron29 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v29.3.3 |
1.1_6
09 May 2024 05:43:53
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
08 May 2024 09:01:36
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron29 multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v29.3.2 |
1.1_6
02 May 2024 10:33:31
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 124.0.6367.118
Obtained
from: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html |
1.1_6
02 May 2024 04:06:54
|
Joseph Mingrone (jrm) |
security/vuxml: Document ACE vulnerability in math/R
In versions released before 4.4.0, the R statistical program is
vulnerable to CVE-2024-27322, which allows maliciously crafted RDS (R
Data Serialization) files or R packages to run arbitrary code.
Sponsored by: The FreeBSD Foundation |
1.1_6
01 May 2024 20:06:43
|
Thomas Zander (riggs) |
security/vuxml: Document buffer overflow in korean/hcode
Before ko-hcode-2.1.3_2, the port was affected by CVE-2024-34020, where
a buffer overflow can be exploited to (at least) crash the program. |
1.1_6
29 Apr 2024 10:39:04
|
Philip Paeps (philip)
Author: Mathias Monnerville |
security/vuxml: CVEs affecting www/glpi < 10.0.15
CVE-2024-31456 and CVE-2024-29889 were fixed in GLPI 10.0.15.
PR: 278641
PR: 278642 |
1.1_6
29 Apr 2024 06:49:31
|
Fernando Apesteguía (fernape) |
security/vuxml: Add powerdns-recursor DOS
* CVE-2024-25583
A crafted response from an upstream server the recursor has been configured to
forward-recurse to can cause a Denial of Service in the Recursor. The default
configuration of the Recursor does not use recursive forwarding and is not
affected.
PR: 278564 |
1.1_6
28 Apr 2024 14:06:37
|
Kai Knoblich (kai) |
security/vuxml: Amend previous commit 3b46eb72e1df
Add a missing paragraph, which was not found by "make validate" before
committing.
Fixes: 3b46eb72e1df security/vuxml: Document www/py-social-auth-app-django
vulnerability |
1.1_6
28 Apr 2024 07:04:00
|
Kai Knoblich (kai) |
security/vuxml: Document www/py-social-auth-app-django vulnerability |
1.1_6
25 Apr 2024 21:09:22
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 124.0.6367.78
Obtained
from: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html |
1.1_6
25 Apr 2024 11:16:00
|
Philip Paeps (philip)
Author: Tomáš Čiernik |
security/vuxml: correct historical www/glpi entries
Several older entries for www/glpi had incorrect version ranges, causing
pkg audit to complain about false positives. This corrects the older
entries and adds some missing ones.
PR: 278549 |
1.1_6
24 Apr 2024 20:51:55
|
Ashish SHUKLA (ashish) |
security/vuxml: Document matrix-synapse vulnerability |
1.1_6
24 Apr 2024 18:29:35
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
24 Apr 2024 03:10:44
|
Philip Paeps (philip)
Author: Tomáš Čiernik |
security/vuxml: add CVEs related to www/glpi
New CVEs for GLPI which were corrected in versions 10.0.11, 10.0.12 and
10.0.13.
PR: 278548
PR: 278090 |
1.1_6
23 Apr 2024 14:55:30
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document arbitrary memory address read vulnerability in Ruby |
1.1_6
22 Apr 2024 18:20:02
|
Dmitry Marakasov (amdmi3) |
security/vuxml: document sdl2_sound vulns
PR: 278491 |
1.1_6
21 Apr 2024 10:20:54
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 124.0.6367.60
Obtained
from: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html |
1.1_6
19 Apr 2024 20:44:22
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible DoS attack valnerability in ClamAV |
1.1_6
19 Apr 2024 17:32:28
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2024-04-17
Sponsored by: The FreeBSD Foundation |
1.1_6
18 Apr 2024 11:07:33
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron{27,28,29} multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v27.3.11,
https://github.com/electron/electron/releases/tag/v28.3.1,
https://github.com/electron/electron/releases/tag/v29.3.1 |
1.1_6
16 Apr 2024 19:31:50
|
Muhammad Moinur Rahman (bofh) |
security/vuxml: Add entries for php8*
Approved by: portmgr (blanket) |
1.1_6
16 Apr 2024 06:38:49
|
Matthias Andree (mandree) |
security/vuxml: document PuTTY/FileZilla NIST P521 private key recovery
Security: 080936ba-fbb7-11ee-abc8-6960f2492b1d
Security: CVE-2024-31497 |
1.1_6
15 Apr 2024 08:20:02
|
Ashish SHUKLA (ashish) |
security/vuxml: Document go language vulnerabilities |
1.1_6
12 Apr 2024 17:02:26
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 123.0.6312.122
Obtained
from: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html |
1.1_6
11 Apr 2024 20:46:15
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron{27,28} out of bounds memory access in V8
Obtained from: https://github.com/electron/electron/releases/tag/v27.3.10,
https://github.com/electron/electron/releases/tag/v28.3.0 |
1.1_6
11 Apr 2024 07:50:51
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL vulnerability |
1.1_6
11 Apr 2024 06:30:49
|
Fernando Apesteguía (fernape) |
security/vuxml: add www/forgejo HTTP/2 vulnerability
PR: 278119 |
1.1_6
11 Apr 2024 06:27:34
|
Fernando Apesteguía (fernape) |
security/vuxml: add net/jose DoS vulnerability
PR: 278243 |
1.1_6
11 Apr 2024 05:15:41
|
Matthias Fechner (mfechner) |
security/vuxml: added gitlab 16.10.2, 16.9.4, 16.8.6 updates |
1.1_6
10 Apr 2024 19:38:12
|
Florian Smeets (flo) |
security/vuxml: Add wordpress vulnerability |
1.1_6
05 Apr 2024 10:07:56
|
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulnerabilities |
1.1_6
05 Apr 2024 05:43:18
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron{27,28} multiple vulnerabilities
Obtained from: https://github.com/electron/electron/releases/tag/v27.3.9,
https://github.com/electron/electron/releases/tag/v28.2.10 |
1.1_6
04 Apr 2024 19:22:58
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 123.0.6312.105
Obtained
from: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop.html |
1.1_6
04 Apr 2024 10:15:41
|
Jan Beich (jbeich) |
security/vuxml: close off-by-one gap after 1f3a9629b7a4
xwayland-devel-21.0.99.1.672 *is* vulnerable but wasn't ever in ports/. |
1.1_6
04 Apr 2024 10:10:47
|
Jan Beich (jbeich) |
security/vuxml: add xwayland-devel to 9661a37b4dff list |
1.1_6
04 Apr 2024 06:28:42
|
Emmanuel Vadot (manu) |
security/vuxml: Document recent xorg-server and xwayland vulnerabilities
Sponsored by: Beckhoff Automation GmbH & Co. KG |
1.1_6
02 Apr 2024 16:46:12
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2024-03-20
Sponsored by: The FreeBSD Foundation |
1.1_6
01 Apr 2024 07:55:56
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix vid d58726ff-ef5e-11ee-8d8e-080027a5b8e9
Temporarily remove cvename tag as it is not a valid CVE name and breaks
vuxml build.
Sponsored by: The FreeBSD Foundation |
1.1_6
01 Apr 2024 05:44:41
|
Philip Paeps (philip) |
security/vuxml: reference FreeBSD SA-24:03.unbound
Add a reference to FreeBSD SA-24:03.unbound (announced 2024-03-28) to
the vuxml entry for Unbound CVE-2023-50387 and CVE-2023-50868.
Unbound was updated to 1.19.1 in FreeBSD 14.0-RELEASE-p6 and in FreeBSD
13.2-RELEASE-p11. FreeBSD 13.3 was not affected (Unbound 1.19.1 was
included in the release). |
1.1_6
31 Mar 2024 13:10:14
|
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6
29 Mar 2024 17:45:22
|
Fernando Apesteguía (fernape)
Author: Ralf van der Enden |
security/vuxml: Register net/quiche vulnerabilities
PR: 277692
Reported by: Ralf van der Enden <tremere@cainites.net>
Approved by: junho.choi@gmail.com (maintainer) |
1.1_6
29 Mar 2024 07:52:06
|
Hiroki Tagato (tagattie) |
security/vuxml: document electron{27,28} object lifecycle issue in V8
Obtained from: https://github.com/electron/electron/releases/tag/v27.3.8,
https://github.com/electron/electron/releases/tag/v28.2.9 |
1.1_6
28 Mar 2024 15:40:18
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
27 Mar 2024 18:02:18
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 123.0.6312.86
Obtained
from: https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html |
1.1_6
26 Mar 2024 19:42:37
|
Florian Smeets (flo) |
security/vuxml: add phpmyfaq < 3.2.6 |
1.1_6
26 Mar 2024 17:44:35
|
Joseph Mingrone (jrm) |
security/vuxml: Document vulns in Emacs prior to version 29.3
Obtained
from: https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29.3
Sponsored by: The FreeBSD Foundation |
1.1_6
26 Mar 2024 17:27:48
|
Matthew Seaman (matthew) |
security/vuxml: Remove references to non-existent package.
There never was a grafana10 package. Initially there was www/grafana
providing grafana-8.x. Then a www/grafana9 port was added providing
grafana-9.x. The www/grafana port was subsequently obsoleted, and
then revived, now providing grafana-10.x. I believe the idea is that
going forwards, www/grafana will provide the latest stable release
version and there may be numbered ports for older major versions.
PR: 277631 |
1.1_6
26 Mar 2024 17:27:48
|
Matthew Seaman (matthew)
Author: Boris Korzun |
security/vuxml: Add www/grafana and www/grafana9 data sourceprivilege escalation
PR: 277631 |
1.1_6
22 Mar 2024 13:28:57
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 123.0.6312.58
Obtained
from: https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html |
1.1_6
21 Mar 2024 14:41:14
|
Ryan Steinmetz (zi) |
security/shibboleth-idp: Document CAS SSRF vulnerability |
1.1_6
20 Mar 2024 20:20:56
|
Ronald Klop (ronald) |
security/vuxml: document mongodb* vuln: CVE-2024-1351
Improper Certificate Validation
Security: CVE-2024-1351 |
1.1_6
18 Mar 2024 21:52:57
|
Ryan Steinmetz (zi) |
security/vuxml: Document www/varnish7 vuln: CVE-2023-43622 |
1.1_6
18 Mar 2024 06:45:53
|
Matthias Fechner (mfechner) |
security/vuxml: remove duplicated entry, see
3bac9fee140f64f562008b81ea2f2391b3fca116
Reported by: flo@smeets.xyz |
1.1_6
17 Mar 2024 15:25:18
|
Florian Smeets (flo) |
security/vuxml: Add amavisd-new vulnerability |
1.1_6
16 Mar 2024 08:25:15
|
Rodrigo Osorio (rodrigo) |
security/vuxml: document typo3-{11,12} security issues
PR: 277117
Reported by: Helmut Ritter <freebsd-ports@charlieroot.de> |
As an Amazon Associate I earn from qualifying purchases.
