Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 18 Mar 2021 14:05:02 |
mfechner |
Document gitlab vulnerability. |
1.1_5 18 Mar 2021 00:27:13 |
mandree |
fixup PORTEPOCH for dnsmasq-devel
which used to be at 3 already earlier. Adjust vuxml entry accordingly.
Security: CVE-2021-3448
Security: 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46 |
1.1_5 18 Mar 2021 00:23:04 |
mandree |
fixup version range for dnsmasq[-devel] to 2.85.r1,1 not 2.85r1,1
Security: 5b72b1ff-877c-11eb-bd4f-2f1d57dafe46
Security: CVE-2021-3448 |
1.1_5 18 Mar 2021 00:09:51 |
mandree |
vuxml: Add dnsmasq < 2.85 cache poisoning vulnerability.
This affects only certain dnsmasq configurations,
and use of dnsmasq with NetworkManager.
Security: CVE-2021-3448 |
1.1_5 17 Mar 2021 13:04:11 |
swills |
Document minio issue |
1.1_5 16 Mar 2021 15:42:01 |
brnrd |
security/vuxml: Document LibreSSL potential use-after-free |
1.1_5 16 Mar 2021 08:50:09 |
rene |
Document new vulnerabilities in www/chromium < 89.0.4389.90
Obtained
from: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html |
1.1_5 15 Mar 2021 20:16:33 |
crees |
Document CVE-2015-4645 in sysutils/squashfs-tools
Security: CVE-2015-4645 |
1.1_5 11 Mar 2021 14:01:40 |
fernape |
security/vuxml: Fix www/gitea entry.
s/1.13.24/1.13.4
PR: 254130
Reported by: clubok@gmx.net |
1.1_5 10 Mar 2021 23:37:43 |
dmgk |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 10 Mar 2021 18:45:25 |
nc |
Document vulnerabilities in www/gitea < 1.13.4
PR: 254130
Submitted by: stb AT lassitu DOT de (maintainer) |
1.1_5 10 Mar 2021 14:03:45 |
lwhsu |
Document vulnerabilities in databases/mantis <2.24.4
PR: 252612
Submitted by: Zoltan ALEXANDERSON BESSE <zab@zltech.eu> |
1.1_5 09 Mar 2021 06:26:48 |
bhughes |
security/vuxml: document Node.js February 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/
Sponsored by: Miles AS |
1.1_5 05 Mar 2021 21:18:20 |
mfechner |
Document gitlab vulnerabilities. |
1.1_5 04 Mar 2021 19:48:40 |
madpilot |
Report new asterisk vulnerability. |
1.1_5 04 Mar 2021 09:51:55 |
rene |
Document new vulnerabilities in www/chromium < 89.0.4389.72
Obtained
from: https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html |
1.1_5 03 Mar 2021 18:18:08 |
sunpoet |
Document jasper vulnerability |
1.1_5 03 Mar 2021 06:41:42 |
ohauer |
- add CVE entries for saltstack |
1.1_5 02 Mar 2021 15:17:24 |
osa |
Fix the redis5 affected versions. |
1.1_5 27 Feb 2021 01:49:47 |
swills |
Document vault issue |
1.1_5 25 Feb 2021 02:33:13 |
philip |
security/vuxml: add FreeBSD SA-21:04.jail_remove |
1.1_5 25 Feb 2021 02:33:10 |
philip |
security/vuxml: add FreeBSD SA-21:06.xen |
1.1_5 25 Feb 2021 02:33:06 |
philip |
security/vuxml: add FreeBSD SA-21:05.jail_chdir |
1.1_5 25 Feb 2021 02:33:03 |
philip |
security/vuxml: add FreeBSD SA-21:03.pam_login_access |
1.1_5 23 Feb 2021 13:57:29 |
osa |
Document integer overflow on 32-bit systems (CVE-2021-21309):
o) databases/redis5
o) databases/redis
o) databases/redis-devel |
1.1_5 23 Feb 2021 01:04:03 |
leres |
security/vuxml: Mark zeek < 3.0.13 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v3.0.13
Fix ASCII Input reader's treatment of input files containing
null-bytes. An input file containing null-bytes could lead to a
buffer-over-read, crash Zeek, and be exploited to cause Denial of
Service. |
1.1_5 20 Feb 2021 16:38:05 |
adridg |
Add vuxml entry for textproc/raptor2 CVE
PR: 251102 |
1.1_5 20 Feb 2021 02:36:44 |
lwhsu |
Connect vuln-2020.xml (2/2) |
1.1_5 20 Feb 2021 02:36:27 |
lwhsu |
Connect vuln-2020.xml (1/2) |
1.1_5 20 Feb 2021 02:35:06 |
lwhsu |
Split out vuln-2020.xml |
1.1_5 20 Feb 2021 02:20:27 |
lwhsu |
Document Jenkins Security Advisory 2021-02-19
Sponsored by: The FreeBSD Foundation |
1.1_5 18 Feb 2021 20:41:01 |
madpilot |
Report new asterisk vulnerabilities. |
1.1_5 18 Feb 2021 18:18:01 |
brnrd |
security/openssl-devel: Mark vulnerable CVE-2021-23841
MFH: 2021Q1
Security: 96a21236-707b-11eb-96d8-d4c9ef517024 |
1.1_5 17 Feb 2021 18:30:12 |
sunpoet |
Document rails vulnerability |
1.1_5 17 Feb 2021 12:47:30 |
rene |
Document new vulnerabilities in www/chromium < 88.0.4324.182
Obtained
from: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html |
1.1_5 16 Feb 2021 17:35:59 |
brnrd |
security/vuxml: Document OpenSSL 1.1.1i vulnerabilities |
1.1_5 12 Feb 2021 20:44:33 |
mandree |
openexr/ilmbase < v2.5.5 security vulnerabilities
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5
Security: 98044aba-6d72-11eb-aed7-1b1b8a70cc8b |
1.1_5 12 Feb 2021 13:28:01 |
mfechner |
Document gitlab vulnerabilities. |
1.1_5 12 Feb 2021 04:47:11 |
nc |
Add security/vuxml entry for CVE-2021-21291 affecting www/oauth2-proxy < 7.0.0.
While I'm here, fix formatting for mod_dav_svn CVE-2020-17525 vuxml entry,
MFH: 2021Q1 |
1.1_5 10 Feb 2021 17:45:04 |
gjb |
Fix build.
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5 10 Feb 2021 17:09:37 |
lev |
Document https://subversion.apache.org/security/CVE-2020-17525-advisory.txt. |
1.1_5 07 Feb 2021 02:54:24 |
adamw |
security/vuxml: Add entry for gitea < 1.13.2
PR: 253295
Submitted by: maintainer |
1.1_5 06 Feb 2021 00:05:23 |
rene |
Document new vulnerability in www/chromium < 88.0.4324.150
Obtained
from: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html |
1.1_5 03 Feb 2021 20:06:09 |
rene |
Document new vulnerabilities in www/chromium < 88.0.4324.146
Obtained
from: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html |
1.1_5 02 Feb 2021 07:50:22 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_5 31 Jan 2021 21:55:28 |
swills |
Document minio issue |
1.1_5 29 Jan 2021 06:47:50 |
philip |
security/vuxml: add FreeBSD SA-21:02.xenoom |
1.1_5 29 Jan 2021 06:47:47 |
philip |
security/vuxml: add FreeBSD SA-21:01.fsdisclosure |
1.1_5 28 Jan 2021 12:51:17 |
lcook |
security/vuxml: Document graphics/pngcheck vulnerability
PR: 253019
Approved by: fernape (mentor)
Differential Revision: https://reviews.freebsd.org/D28308 |
1.1_5 26 Jan 2021 20:28:56 |
cy |
Document sudo CVE-2021-3156.
* When invoked as sudoedit, the same set of command line options
are now accepted as for "sudo -e". The -H and -P options are
now rejected for sudoedit and "sudo -e" which matches the sudo
1.7 behavior. This is part of the fix for CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or sudo
-i). However, it was also possible to run sudoedit with the -s
or -i flags in which case no escaping had actually been done,
making a buffer overflow possible. This fixes CVE-2021-3156.
PR: 253034
Reported by: "Todd C. Miller" <Todd.Miller@sudo.ws> via mailing list
emaste
Obtained from: sudo |
1.1_5 26 Jan 2021 17:56:21 |
sunpoet |
Document py-pysaml2 vulnerability |
1.1_5 26 Jan 2021 13:21:47 |
lwhsu |
Document Jenkins Security Advisory 2021-01-26
Sponsored by: The FreeBSD Foundation |
1.1_5 25 Jan 2021 17:16:21 |
bapt |
Rework vuxml a bit to make them validable again
modify tidy.xsl to make it generates manually the xml declaration
xsl is not able to generate a list of entity otherwise.
Remove copyright form included files, they are redudundant anyway and
in the end only the vuln.xml file is distribued with entities expanded
Rework a bit the entity declaration in order for the document to look
great after expansion (as it did before we introduced the expansion
mechanism)
All validation are now processed direcly on the flattened file.
This is based on a patch from mfechner here
Submitted by: mfechner
Differential Revision: https://reviews.freebsd.org/D28299 |
1.1_5 25 Jan 2021 17:16:14 |
bapt |
Rework the entity declaration
when expanded they will look better (as when the file was not split)
While here cleanup some indentation |
1.1_5 25 Jan 2021 15:50:43 |
bapt |
Fix indentation |
1.1_5 23 Jan 2021 18:19:40 |
otis |
security/vuxml: Document mail/mutt vulnerability
Document mail/mutt vulnerability CVE-2021-3181
PR: 252931
Submitted by: Derek Schrock <dereks@lifeofadishwasher.com>
Reported by: Derek Schrock <dereks@lifeofadishwasher.com>
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D28308 |
1.1_5 23 Jan 2021 17:46:01 |
gjb |
Fix build.
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5 23 Jan 2021 14:46:24 |
brnrd |
security/vuxml: Add new MySQL vulnerabilities |
1.1_5 22 Jan 2021 20:37:53 |
rene |
Document new vulnerabilities in www/chromium < 88.0.4324.96
Obtained
from: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html |
1.1_5 22 Jan 2021 09:33:28 |
jhale |
Document CVE-2020-15983 for games/chocolate-doom and games/crispy-doom |
1.1_5 22 Jan 2021 00:22:44 |
mfechner |
Made clear how to test now entries against the newly formatted file. |
1.1_5 22 Jan 2021 00:13:43 |
gjb |
Fix build.
Yes, please do FIXME.
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5 22 Jan 2021 00:09:24 |
mfechner |
Added security vulnerability for rubygem-nokogiri. |
1.1_5 21 Jan 2021 13:19:10 |
bapt |
Split vuln.xml file [2/2]
The vuln.xml file has grown a lot since 2003. To avoid having to unlock
the svn size limitation, the file is now split into 1 file per year up
to the current year + previous one. The split is made based on the date
when the entry has been added.
In order to achieve the split without breaking any consumer we use a standard
XML mechanism via the definition of entities.
While here add a new target make vuln-flat.xml which will expand the entities
in order to be able to regenerate a one uniq file if needed. This useful to for
example allow to test with pkg audit directly given the XML parser used in pkg
does not support custom entities.
The vuxml web site generator has been modified to ensure the vuln.xml file it
provides is the expanded version, so for consumers it is still only one single
file to download. |
1.1_5 21 Jan 2021 13:18:50 |
bapt |
Split vuln.xml file [1/2]
The vuln.xml file has grown a lot since 2003. To avoid having to unlock
the svn size limitation, the file is now split into 1 file per year up
to the current year + previous one. The split is made based on the date
when the entry has been added.
In order to achieve the split without breaking any consumer we use a standard
XML mechanism via the definition of entities.
While here add a new target make vuln-flat.xml which will expand the entities
in order to be able to regenerate a one uniq file if needed. This useful to for
example allow to test with pkg audit directly given the XML parser used in pkg
does not support custom entities.
The vuxml web site generator has been modified to ensure the vuln.xml file it
provides is the expanded version, so for consumers it is still only one single
file to download. |
1.1_5 20 Jan 2021 19:25:15 |
mandree |
dns/dnsmasq-devel: mark stale name vulnerable, too
dnsmasq-devel isn't currently in ports, but if someone never
switched to dnsmasq, we should also flag the older dnsmasq-devel
vulnerable.
Security: 5b5cf6e5-5b51-11eb-95ac-7f9491278677 |
1.1_5 20 Jan 2021 19:11:52 |
mandree |
dns/dnsmasq < 2.83 vulnerabilities (buffer overflow, DNS cache poisoning)
Security: 5b5cf6e5-5b51-11eb-95ac-7f9491278677
Security: CVE-2020-25684
Security: CVE-2020-25685
Security: CVE-2020-25686
Security: CVE-2020-25681
Security: CVE-2020-25682
Security: CVE-2020-25683
Security: CVE-2020-25687 |
1.1_5 20 Jan 2021 00:25:53 |
dmgk |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 19 Jan 2021 21:12:19 |
jrm |
security/vuxml: Fix range of affected cloud-init versions |
1.1_5 19 Jan 2021 20:47:00 |
jrm |
security/vuxml: Document vulnerability in cloud-init version 20.4
https://bugs.launchpad.net/cloud-init/+bug/1911680
Reported by: Mina Galic <me@igalic.co> |
1.1_5 18 Jan 2021 08:21:27 |
lwhsu |
Document CVE-2020-25074 and CVE-2020-15275 for www/moinmoin |
1.1_5 17 Jan 2021 22:23:34 |
0mp |
Document ghostscript9-agpl-base vulnerability committed in r544907
PR: 248580
Requested by: joneum (ports-secteam)
Reported by: VVD <vvd@unislabs.com>
MFH: 2021Q1
Security: CVE-2020-15900 |
1.1_5 14 Jan 2021 20:37:35 |
bhughes |
security/vuxml: document Node.js January 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
Sponsored by: Miles AS |
1.1_5 14 Jan 2021 12:03:01 |
mfechner |
Document gitlab vulnerability. |
1.1_5 14 Jan 2021 07:30:32 |
riggs |
Document integer overflow in wavpack (CVE-2020-35738). |
1.1_5 13 Jan 2021 17:32:00 |
lwhsu |
Document Jenkins Security Advisory 2021-01-13
Sponsored by: The FreeBSD Foundation |
1.1_5 12 Jan 2021 21:20:08 |
flo |
Document phpmyfaq vulnerability |
1.1_5 12 Jan 2021 04:27:21 |
cy |
Document sudo CVE-2021-23239. |
1.1_5 10 Jan 2021 08:26:39 |
sunpoet |
Document cairosvg vulnerability |
1.1_5 09 Jan 2021 20:06:20 |
mfechner |
Document gitlab vulnerabilities. |
1.1_5 07 Jan 2021 15:09:22 |
rene |
Document new vulnerabilities in www/chromium < 87.0.4280.141
Obtained
from: https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html |
1.1_5 06 Jan 2021 14:11:35 |
pi |
security/vuxml: add dovecot CVE-2020-24386
PR: 252415
Submitted by: Evilham <contact@evilham.com>
Relnotes: https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html |
1.1_5 01 Jan 2021 16:05:45 |
adamw |
security/vuxml: Add entry for gitea < 1.13.1
PR: 252310
Submitted by: maintainer |
1.1_5 01 Jan 2021 04:31:37 |
jrm |
Document inspircd vulnerabilitiy
PR: 252291
Reported by: Sadie Powell <sadie@witchery.services> |
1.1_5 28 Dec 2020 13:15:58 |
riggs |
Document CVE-2020-0543 for Intel CPUs.
PR: 247197
Submitted by: spam123@bitbert.com |
1.1_5 22 Dec 2020 22:44:24 |
madpilot |
Document new asterisk vulnerabilities. |
1.1_5 22 Dec 2020 14:16:44 |
otis |
Document vulns for powerdns and postsrsd
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D27706 |
1.1_5 19 Dec 2020 13:16:16 |
riggs |
Correct entries for mantis and libX11 (missing PORTEPOCH in package string).
PR: 251168
Submitted by: zab@zltech.eu |
1.1_5 17 Dec 2020 21:09:37 |
swills |
Document vault issue |
1.1_5 15 Dec 2020 01:32:04 |
philip |
security/vuxml: Note FreeBSD 11.4 fix for CVE-2020-1971 |
1.1_5 13 Dec 2020 14:49:08 |
sunpoet |
Document jasper vulnerability |
1.1_5 13 Dec 2020 00:28:14 |
dbaio |
security/vuxml: Document net-im/py-matrix-synapse issue
PR: 251768
Submitted by: contact@evilham.com
Security: CVE-2020-26257 |
1.1_5 12 Dec 2020 18:37:13 |
brnrd |
security/vuxml: Document p11-kit vulnerabilities |
1.1_5 12 Dec 2020 16:23:56 |
brnrd |
security/vuxml: Document Unbound/NSD vuln |
1.1_5 12 Dec 2020 15:38:35 |
brnrd |
security/vuxml: Update LibreSSL vuln
* for 2020Q4 branch which is on 3.1 |
1.1_5 11 Dec 2020 10:38:39 |
brnrd |
security/vuxml: Document LibreSSL vulnerability |
1.1_5 11 Dec 2020 10:32:08 |
fluffy |
security/vuxml: add 19 CVE entries related to www/glpi
PR: 251754
Submitted by: Mathias Monnerville |
1.1_5 10 Dec 2020 09:59:00 |
philip |
security/vuxml: FreeBSD 11.4 is vulnerable to CVE-2020-1971
As noted in FreeBSD-SA-20:33.openssl, this vulnerability is also known
to affect OpenSSL versions included in FreeBSD 11.4. However, the
OpenSSL project is only giving patches for that version to premium
support contract holders. The FreeBSD project does not have access to
these patches and recommends FreeBSD 11.4 users to either upgrade to
FreeBSD 12.x or leverage up to date versions of OpenSSL in the ports/pkg
system. The FreeBSD Project may update this advisory to include FreeBSD
11.4 should patches become publicly available. |
1.1_5 10 Dec 2020 06:02:22 |
philip |
security/vuxml: add FreeBSD SA to OpenSSL entry
Reference FreeBSD-SA-20:33.openssl and note the fixed patch releases in
the recent OpenSSL entry. |
1.1_5 09 Dec 2020 10:36:09 |
brnrd |
security/vuxml: cURL vulnerabilities |