Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Add net/rabbitmq CVE-2021-22116 DoS vuln
Security: CVE-2021-22116
Sponsored by: SkunkWerks, GmbH |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Pet rabbitmq-c entry
make clean validate failed after rebased commit
fix package name error and indentation issues |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Pet puppetdb entry
make clean validate reports a missing stanza |
1.1_5 25 Jun 2021 20:46:55 |
Dave Cottlehuber (dch) |
security/vuxml: add entry for net/rabbitmq-c
Sponsored by: SkunkWerks, GmbH
Security: CVE-2019-18609
Differential Revision: https://reviews.freebsd.org/D30906 |
1.1_5 25 Jun 2021 20:03:01 |
Romain Tartière (romain) |
security/vuxml: Document CVE-2021-27021 |
1.1_5 25 Jun 2021 17:13:18 |
Mateusz Piotrowski (0mp) |
security/vuxml: Add another package for CVE-2021-3583
Also, fix a copy-paste error. py*-ansible-base are listed twice. The
second entry should list py*-ansible instead. |
1.1_5 25 Jun 2021 14:27:15 |
Mateusz Piotrowski (0mp) |
security/vuxml: Update Ansible's CVE-2021-3583
It turns out that it affects not only ansible-core, but also some other
ports. |
1.1_5 24 Jun 2021 18:50:15 |
Juraj Lutter (otis) |
security/vuxml: Fix mail/dovecot-pigeonhole vulnerable versions
Correct mail/dovecot-pigeonhole vulnerable versions to proper value. |
1.1_5 24 Jun 2021 10:30:56 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix CVS name for vid e4cd0b38-c9f9-11eb-87e1-08002750c711
This should fix vuxml.org build.
PR: 256789 |
1.1_5 24 Jun 2021 10:03:43 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Update the doc link and the comment of where to add new entry
Approved by: ports-secteam (implicitly) |
1.1_5 24 Jun 2021 09:59:09 |
Mateusz Piotrowski (0mp) |
security/vuxml: Document sysutils/py-ansible-core vulnerability
Security: CVE-2021-3583 |
1.1_5 23 Jun 2021 18:21:56 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix `make validate` to use the latest vuxml file
This is a follow up for 6954792fe916862afd25cf6ce961bd7062dfb21f
Approved by: ports-secteam (fluffy) |
1.1_5 23 Jun 2021 14:34:34 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Create 2021 entity
Let's create a new entity in the beginning of each year and append to it,
instead of massive copying in the end of each year. |
1.1_5 23 Jun 2021 10:00:10 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range of www/py-aiohttp
This also marks 3.7.4.p0 as fixed.
PR: 256219 |
1.1_5 22 Jun 2021 16:14:41 |
Juraj Lutter (otis) |
security/vuxml: Document mail/dovecot-pigeonhole vulnerability |
1.1_5 22 Jun 2021 16:14:41 |
Juraj Lutter (otis) |
security/vuxml: Document mail/dovecot vulnerabilities |
1.1_5 21 Jun 2021 20:34:11 |
Brad Davis (brd) |
security/vuxml: Fix range for www/nginx CVE-2021-23017
Reviewed by: garga
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5 21 Jun 2021 16:20:13 |
Danilo G. Baio (dbaio) |
security/vuxml: Fix 'make validate'
While here, remove hyperlinks to simplify, they can be accessed through
the report's url. |
1.1_5 20 Jun 2021 01:31:15 |
Adam Weinberger (adamw) |
security/vuxml: Add entry for gitea < 1.14.3
PR: 256720 |
1.1_5 18 Jun 2021 11:01:23 |
Rene Ladan (rene) |
security/vuxml: Add www/chromium < 91.0.4472.114
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html |
1.1_5 15 Jun 2021 15:48:20 |
Kevin Bowling (kbowling) |
security/vuxml: Document CVE-2021-29376 for irc/ircII
PR: 255492
Reported by: Andrew Gierth <andrew@tao11.riddles.org.uk> |
1.1_5 14 Jun 2021 07:15:01 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulns |
1.1_5 11 Jun 2021 10:50:26 |
Dmitry Marakasov (amdmi3) |
security/vuxml: document CVE-2021-33564 for rubygem-dragonfly |
1.1_5 10 Jun 2021 14:37:05 |
Rodrigo Osorio (rodrigo) |
security/vuxml: Document CVE-2020-35701 for net-mgmt/cacti |
1.1_5 10 Jun 2021 11:37:46 |
Rene Ladan (rene) |
security/vuxml: add Chromium < 91.0.4472.101
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html |
1.1_5 08 Jun 2021 19:30:08 |
Ashish SHUKLA (ashish) |
security/vuxml: Document CVE-2021-33896 in net-im/dino port |
1.1_5 06 Jun 2021 20:48:56 |
Matthew Seaman (matthew) |
security/vuxml: Document CVE-2021-3515 for databases/pglogical
A shell injection flaw was found in pglogical in versions before 2.3.4
and before 3.6.26. An attacker with CREATEDB privileges on a
PostgreSQL server can craft a database name that allows execution of
shell commands as the postgresql user when calling
pglogical.create_subscription(). |
1.1_5 06 Jun 2021 08:48:40 |
Kurt Jaeger (pi) Author: Simon Wright |
security/vuxml: add www/drupal7 CVE |
1.1_5 04 Jun 2021 18:29:52 |
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in sysutils/polkit
Cedric Buissart reports:
The function `polkit_system_bus_name_get_creds_sync` is used to get the
uid and pid of the process requesting the action. It does this by
sending the unique bus name of the requesting process, which is
typically something like ":1.96", to `dbus-daemon`. These unique names
are assigned and managed by `dbus-daemon` and cannot be forged, so this
is a good way to check the privileges of the requesting process.
The vulnerability happens when the requesting process disconnects from
`dbus-daemon` just before the call to
`polkit_system_bus_name_get_creds_sync` starts. In this scenario, the
unique bus name is no longer valid, so `dbus-daemon` sends back an error (Only the first 15 lines of the commit message are shown above ) |
1.1_5 04 Jun 2021 09:59:47 |
Thomas Zander (riggs) |
security/vuxml: Document CVE-2021-33054 for www/sogo*.
PR: 256374
Reported by: rob2g2 <spam123@bitbert.com> |
1.1_5 04 Jun 2021 09:38:47 |
Fernando ApesteguÃa (fernape) |
security/vuxml: Add CVE-2020-8492 for lang/tauthon
PR: 256387
Reported by: olivier.freebsd@free.fr |
1.1_5 04 Jun 2021 09:32:50 |
Thomas Zander (riggs) |
security/vuxml: Document CVE-2021-28091 for security/lasso.
PR: 256373
Reported by: spam123@bitbert.com |
1.1_5 03 Jun 2021 23:17:28 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 03 Jun 2021 11:26:09 |
Dmitry Marakasov (amdmi3) |
security/vuxml: document aiohttp CVE-2021-21330 |
1.1_5 02 Jun 2021 23:53:02 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.2
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability. |
1.1_5 02 Jun 2021 18:41:43 |
Dmitry Marakasov (amdmi3) |
security/vuxml: add entry for PyYAML CVE-2020-14343
PR: 256220 |
1.1_5 02 Jun 2021 13:48:26 |
Ryan Steinmetz (zi) |
security/vuxml: Fix overly large entry that violates 'make validate' |
1.1_5 02 Jun 2021 13:48:26 |
Ryan Steinmetz (zi) |
security/vuxml: Document isc-dhcp44-* vulnerability
PR: 256377 |
1.1_5 01 Jun 2021 22:37:21 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities. |
1.1_5 01 Jun 2021 16:59:21 |
Jung-uk Kim (jkim) |
security/vuxml: Correct CVE entry for the x11/libX11 vulnerability |
1.1_5 01 Jun 2021 15:35:26 |
Sergey A. Osokin (osa) |
security/vuxml: document vulnerability in databases/redis
Security: CVE-2021-32625 |
1.1_5 01 Jun 2021 15:13:05 |
Jung-uk Kim (jkim) |
security/vuxml: Document vulnerability in x11/libX11
PR: 256034
Security: CVE-2021-31535 |
1.1_5 01 Jun 2021 03:02:51 |
Guangyuan Yang (ygy) Author: David O'Rourke |
security/vuxml: Document vulnerability in net-mgmt/prometheus2
PR: 255976
Security: CVE-2021-29622
Approved by: lwhsu (mentor) |
1.1_5 31 May 2021 20:55:37 |
Adriaan de Groot (adridg) |
security/vuxml: Document graphics/wayland <= 1.19.0 |
1.1_5 27 May 2021 05:17:36 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:12.libradius |
1.1_5 27 May 2021 05:17:36 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:11.smap |
1.1_5 26 May 2021 10:17:39 |
Rene Ladan (rene) |
vuln.xml: Document chromium < 91.0.4472.77
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html |
1.1_5 26 May 2021 00:33:57 |
Danilo G. Baio (dbaio) |
security/vuxml: Document net/libzmq4 issues
PR: 255102
Reported by: Thomas Petig <thomas@petig.eu>
Security: CVE-2019-13132
Security: CVE-2020-15166 |
1.1_5 25 May 2021 15:40:21 |
Sergey A. Osokin (osa) |
security/vuxml: document vulnerability in www/nginx and www/nginx-devel
Security: CVE-2021-23017 |
1.1_5 24 May 2021 15:57:00 |
Palle Girgensohn (girgen) |
databases/pg_partman: arbitrary code execution
Security: CVE-2021-33204 |
1.1_5 24 May 2021 15:02:45 |
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in texptroc/expat2
Security: CVE-2013-0340
PR: 256121 |
1.1_5 23 May 2021 14:44:41 |
Tobias C. Berner (tcberner) Author: Yasuhiro Kimura |
security/vuxml: document vulnerability in texptroc/libxml2
PR: 256093
Security: CVE-2021-3541 |
1.1_5 17 May 2021 15:11:08 |
Mateusz Piotrowski (0mp) |
security/vuxml: Add example cvename tag to template
Reviewed by: riggs
Approved by: riggs (ports secteam)
Differential Revision: https://reviews.freebsd.org/D30231 |
1.1_5 15 May 2021 09:12:15 |
Palle Girgensohn (girgen) |
databases/postgresql??-server: multiple security issues |
1.1_5 13 May 2021 19:44:55 |
Neel Chauhan (nc) Author: Thomas Morper |
security/vuxml: Add entry for net-im/prosody
PR: 255845, 255849 |
1.1_5 13 May 2021 14:43:16 |
Thierry Thomas (thierry) |
security/vuxml: declare vulnerabilities for ImageMagick6
PR: 255818 |
1.1_5 13 May 2021 14:43:16 |
Thierry Thomas (thierry) |
security/vuxml: declare vulnerabilities for ImageMagick7
PR: 255802 |
1.1_5 12 May 2021 10:09:17 |
Thierry Thomas (thierry) |
security/vuxml: add vunerabilities fixed in 8.2.0
PR: 255361 |
1.1_5 11 May 2021 18:11:58 |
Rene Ladan (rene) |
Document vulnerabilities in Chromium < 90.0.4430.212
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html |
1.1_5 11 May 2021 15:19:59 |
Neel Chauhan (nc) Author: Sascha Biberhofer |
security/vuxml: Add entry for net-im/py-matrix-synapse |
1.1_5 10 May 2021 12:35:14 |
Hajimu UMEMOTO (ume) |
security/vuxml: cyrus-imapd -- Remote authenticated users could bypass intended
access restrictions on c\ertain server annotations. |
1.1_5 08 May 2021 16:03:23 |
Christian Weisgerber (naddy) |
security/vuxml: Document FLAC out-of-bounds read |
1.1_5 08 May 2021 09:33:44 |
Matthias Andree (mandree) |
security/vuxml: add CVE #s for OpenEXR 2.5.4 fixes |
1.1_5 07 May 2021 09:52:53 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document rails vulnerability |
1.1_5 06 May 2021 20:12:51 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5 05 May 2021 08:39:44 |
Mateusz Piotrowski (0mp) |
security/vuxml: Document Ansible vulnerability |
1.1_5 05 May 2021 07:05:58 |
Wen Heping (wen) |
security/vuxml : Document django's multiple vulnerabilities |
1.1_5 05 May 2021 03:39:35 |
Wen Heping (wen) |
Document Python's multiple vulnerabilities |
1.1_5 04 May 2021 14:26:23 |
Bernard Spil (brnrd) |
security/vuxml: Update latest MySQL vuln entry
* Adds CVE numbers
* Mark MariaDB partially affected |
1.1_5 03 May 2021 21:44:51 |
Sergey A. Osokin (osa) |
security/vuxml: document recent vulnerabilities with redis ports.
PR: 255580 |
1.1_5 03 May 2021 13:59:52 |
Koichiro Iwao (meta) |
security/vuxml: Document command injection vulnerability in RDoc
PR: 255552
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Security: CVE-2021-31799 |
1.1_5 02 May 2021 12:59:33 |
Kurt Jaeger (pi) Author: Geoffroy Desvernay |
security/vuxml: add mail/sympa CVE
PR: 252464 |
1.1_5 01 May 2021 01:25:40 |
Timur I. Bakeyev (timur) |
Add an entry about Samba vulnerability CVE-2021-20254:
Negative idmap cache entries can cause incorrect group entries in the Samba file
server process token.
PR:
Submitted by:
Reported by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
MFH:
Relnotes:
Security: CVE-2021-20254
Sponsored by:
Differential Revision: |
1.1_5 29 Apr 2021 23:00:45 |
Don Lewis (truckman) |
security/vuxml: Update fixed version of openoffice-devel.
CVE-2021-30245 is fixed in version 1619649022 of
editors/openoffice-devel. |
1.1_5 28 Apr 2021 21:57:39 |
Matthias Fechner (mfechner) |
Document gitlab-ce vulnerabilities. |
1.1_5 28 Apr 2021 21:57:38 |
Matthias Fechner (mfechner) |
Document vulnerabilities for www/rubygem-carrierwave. |
1.1_5 28 Apr 2021 16:56:22 |
Neel Chauhan (nc) |
mail/sympa: add vuxml entry
PR: 255455
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer) |
1.1_5 27 Apr 2021 17:11:58 |
Rene Ladan (rene) |
Document new vulns, www/chromium < 90.0.4430.93
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html |
1.1_5 26 Apr 2021 13:30:52 |
Palle Girgensohn (girgen) |
security/shibboleth.sp: add more information to security advisory |
1.1_5 26 Apr 2021 08:36:36 |
Palle Girgensohn (girgen) |
security/shibboleth-sp: add entry for upcoming vulnerability
The details are not yet disclosed. |
1.1_5 21 Apr 2021 21:40:41 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.1 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.1
Fix null-pointer dereference when encountering an invalid enum name
in a config/input file that tries to read it into a set[enum]. For
those that have such an input feed whose contents may come from
external/remote sources, this is a potential DoS vulnerability. |
1.1_5 21 Apr 2021 17:48:54 |
Matthias Andree (mandree) |
security/vuxml: add devel/openvpn < 2.5.2 entry
Security: CVE-2020-15078
Security: efb965be-a2c0-11eb-8956-1951a8617e30 |
1.1_5 21 Apr 2021 08:11:40 |
Rene Ladan (rene) |
Document new vulnerabilities in www/chromium < 90.0.4430.85
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html |
1.1_5 20 Apr 2021 19:28:14 |
Bryan Drewery (bdrewery) |
Another openssh version fix for CVE-2021-28041.
Reported by: leres |
1.1_5 20 Apr 2021 19:26:54 |
Li-Wen Hsu (lwhsu) |
Document Jenkins Security Advisory 2021-04-20
Sponsored by: The FreeBSD Foundation |
1.1_5 20 Apr 2021 15:37:57 |
Bryan Drewery (bdrewery) |
Fix openssh version in entry for CVE-2021-28041
Reported by: leres |
1.1_5 20 Apr 2021 10:00:41 |
Bernard Spil (brnrd) |
security/vuxml: Add MySQL vulns |
1.1_5 20 Apr 2021 03:49:20 |
Don Lewis (truckman) |
security/vuxml: Document OpenOffice vulnerability CVE-2021-30245 |
1.1_5 19 Apr 2021 04:11:34 |
Kevin Bowling (kbowling) |
devel/maven: update to 3.8.1
This is not just a bugfix as it contains three features that cause a change of
default behavior (external HTTP insecure URLs are now blocked by default): your
builds may fail when using this new Maven release, if you use now blocked
repositories. Please check and eventually fix before upgrading.
Changes http://maven.apache.org/docs/3.8.1/release-notes.html
PR: 255161
Approved by: Jonathan Chen <jonc@chen.org.nz> (maintainer)
Security: CVE-2021-26291
CVE-2020-13956 |
1.1_5 17 Apr 2021 16:31:10 |
Brad Davis (brd) |
Document sysutils/consul vulnerabilities |
1.1_5 15 Apr 2021 22:55:36 |
Mateusz Piotrowski (0mp) |
Document accountsservice vulnerability |
1.1_5 15 Apr 2021 14:46:59 |
Mateusz Piotrowski (0mp) |
Document textproc/mdbook vulnerability |
1.1_5 15 Apr 2021 14:32:58 |
Matthias Fechner (mfechner) |
Document gitlab vulnerabilities. |
1.1_5 15 Apr 2021 13:51:53 |
Rene Ladan (rene) |
Document new vulnerabilities in www/chromium < 90.0.4430.72 |
1.1_5 14 Apr 2021 17:47:31 |
Rene Ladan (rene) |
Document new vulnerabilities in www/chromium < 89.0.4389.128
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html |
1.1_5 13 Apr 2021 15:50:29 |
Emmanuel Vadot (manu) |
security/vuxml: Document xorg-server vuln |
1.1_5 12 Apr 2021 18:29:50 |
Adam Weinberger (adamw) |
security/vuxml: Add entry for gitea < 1.14.0
PR: 254976
Submitted by: Stefan Bethke |
1.1_5 12 Apr 2021 02:04:57 |
Steve Wills (swills) |
security/vuxml: Document syncthing issue |
1.1_5 10 Apr 2021 07:13:03 |
Thomas Zander (riggs) |
security/vuxml: Document information disclosure vulnerability in python.
PR: 254780
Reported by: yasu@utahime.org
Security: CVE-2021-3426 |
1.1_5 10 Apr 2021 06:31:41 |
Thomas Zander (riggs) |
security/vuxml: Document 2 vulnerabilities in ftp/curl
Security: CVE-2021-22876
CVE-2021-22890
PR: 254772
Reported by: yasu@utahime.org |