Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_4 24 Jun 2020 20:30:36 |
zeising |
Update VuXML with security issues in mail/mutt
PR: 247399
Submitted by: Derek Schrock |
1.1_4 24 Jun 2020 17:59:39 |
sunpoet |
Document curl vulnerability |
1.1_4 24 Jun 2020 14:42:24 |
gjb |
Attempt to fix build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 24 Jun 2020 14:10:57 |
tijl |
Document CUPS CVE-2019-8842 and CVE-2020-3898.
PR: 246011
Security: https://github.com/apple/cups/releases/tag/v2.3.3 |
1.1_4 24 Jun 2020 13:14:19 |
sunpoet |
Clean up unnecessary "<p>.</p>" in blockquote section |
1.1_4 22 Jun 2020 16:13:14 |
sunpoet |
Document rails vulnerability |
1.1_4 19 Jun 2020 14:29:02 |
tcberner |
security/vuxml: Document multimedia/vlc Vulnerability
PR: 247341
Security: CVE-2020-13428 |
1.1_4 18 Jun 2020 14:45:31 |
lme |
security/vuxml:
Document CVE-2020-13882 and CVE-2019-13033 for security/lynis. |
1.1_4 18 Jun 2020 08:05:59 |
philip |
security/vuxml: CVE-2020-8618 and CVE-2020-8619
ISC published CVE-2020-8618 affecting dns/bind916 and CVE-2020-8619
affecting dns/bind911 and dns/bind916. Both ports were updated. |
1.1_4 13 Jun 2020 14:08:03 |
dbaio |
security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries
Python 3.6 and 3.7 are not vulnerable in the ports tree anymore.
Change range for python35 to <le>, suggested by swills.
PR: 246984, 246738 |
1.1_4 13 Jun 2020 08:20:32 |
fluffy |
security/vuxml: document libreoffice <6.4.4 security issues
PR: 247196
Submitted by: rob2g2 <spam123@bitbert.com> |
1.1_4 13 Jun 2020 04:43:34 |
cy |
Document multiple sqlite3 vulnerabilities with CVSS scores ranging
from 5.5 (medium) to 7.5 (high).
PR: 247149 |
1.1_4 12 Jun 2020 04:47:06 |
bhughes |
security/vuxml: document Node.js June 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/
Sponsored by: Miles AS |
1.1_4 11 Jun 2020 13:24:06 |
ehaupt |
Document net-mgmt/tcpreplay vulnerabilities |
1.1_4 11 Jun 2020 00:36:21 |
dbaio |
security/vuxml: Document irc/znc issue
Security: CVE-2020-13775 |
1.1_4 10 Jun 2020 12:12:57 |
mfechner |
Document npm vulnerabilities. |
1.1_4 10 Jun 2020 09:12:12 |
ehaupt |
Document the audio/libadplug vulnerabilities:
https://github.com/adplug/adplug/releases/tag/adplug-2.3.3 |
1.1_4 10 Jun 2020 02:29:32 |
leres |
security/vuxml: Mark zeek < 3.0.7 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS
Various issues including stack overflows and memory leaks. |
1.1_4 09 Jun 2020 21:50:21 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-30.html |
1.1_4 09 Jun 2020 16:59:12 |
gordon |
Add FreeBSD-SA-20:17.usb.
Approved by: so |
1.1_4 08 Jun 2020 16:26:09 |
joneum |
Unbreak vuxmlbuild
Parsing VuXML ...Application exception:
bad CVE name for vid 669f3fe8-a07a-11ea-b83e-f0def1f5c5a2: GHSL-2020-100 @ho:215
*** Error code 1
Sponsored by: Netzkommune GmbH |
1.1_4 08 Jun 2020 15:49:05 |
kevans |
security/vuxml: document new vulnerabilities in net/freerdp < 2.1.0
PR: 246931, 245517
Obtained from: https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
Approved by: koobs (mentor) |
1.1_4 07 Jun 2020 02:20:40 |
dbaio |
security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries
CVE-2019-18348: Add missing Python packages range
CVE-2020-8492: Fix Python 3.7 entrie, it's currently affected.
After committing fixes, we'll need to change ranges again.
PR: 246984 |
1.1_4 05 Jun 2020 10:51:55 |
rene |
Document new vulnerabilities in www/chromium < 83.0.4103.97
Obtained
from: https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html |
1.1_4 04 Jun 2020 23:43:26 |
wen |
- Fix the name of py-django30 in my previous commit
Spotted by: dan@langille.org |
1.1_4 04 Jun 2020 23:31:29 |
gjb |
Attempt to fix build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 04 Jun 2020 22:49:54 |
acm |
- Update c5ec57a9-9c2b-11ea-82b8-4c72b94353b5 entry. Add drupal 8.8.6 |
1.1_4 04 Jun 2020 17:51:59 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4 04 Jun 2020 14:25:13 |
wen |
- Document Django multiple vulnerabilities |
1.1_4 04 Jun 2020 12:41:05 |
garga |
vuxml: Document git vulnerability CVE-2020-5260
PR: 245821
Submitted by: rob2g2 <spam123@bitbert.com>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.1_4 04 Jun 2020 12:37:35 |
garga |
vuxml: Document git vulnerability CVE-2020-11008
PR: 245822
Submitted by: rob2g2 <spam123@bitbert.com>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.1_4 04 Jun 2020 12:14:42 |
tijl |
Add entry for GNUTLS-SA-2020-06-03 (flaw in TLS).
Add CVE reference to previous GnuTLS entry. |
1.1_4 03 Jun 2020 16:46:06 |
sunpoet |
Document rubygem-websocket-extensions vulnerability |
1.1_4 03 Jun 2020 16:44:57 |
sunpoet |
Document nghttp2 vulnerability |
1.1_4 31 May 2020 10:53:13 |
adamw |
VuXML: Add entry for gitea < 1.11.6
PR: 246892
Submitted by: maintainer |
1.1_4 29 May 2020 06:51:37 |
tagattie |
Correct vulnerable version range of powerdns-recursor
PR: 246655
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ehaupt (mentor) |
1.1_4 29 May 2020 02:07:53 |
sunpoet |
Fix r536871 |
1.1_4 29 May 2020 01:59:46 |
sunpoet |
Document rubygem-kaminari-core vulnerability |
1.1_4 28 May 2020 10:20:23 |
cmt |
document sane-backend vulnerabilities
CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864,
CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
PR: 246803 |
1.1_4 28 May 2020 06:19:22 |
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4 27 May 2020 16:20:11 |
pi |
security/vuxml: add two entries for mail/sympa
PR: 246701
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> |
1.1_4 27 May 2020 12:08:46 |
tagattie |
Document powerdns-recursor vulnerabilities
PR: 246655
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ehaupt (mentor) |
1.1_4 25 May 2020 18:04:40 |
pi |
security/vuxml: add three CVEs for qmail
PR: 245010
Submitted by: erdgeist@erdgeist.org |
1.1_4 24 May 2020 18:55:35 |
rene |
Document new vulnerabilities in www/chromium 83.0.4103.61.
The website is somewhat crippled and does not show the full text. |
1.1_4 23 May 2020 12:31:37 |
joneum |
Add entry for piwigo
PR: 245153
Sponsored by: Netzkommune GmbH |
1.1_4 23 May 2020 09:22:21 |
joneum |
Add entry for tomcat
PR: 246657
Sponsored by: Netzkommune GmbH |
1.1_4 22 May 2020 22:20:22 |
delphij |
Document unbound multiple vulnerabilities. |
1.1_4 22 May 2020 13:07:46 |
joneum |
Add entry for drual7
Sponsored by: Netzkommune GmbH |
1.1_4 20 May 2020 11:41:05 |
dbaio |
security/vuxml: Document net-mgmt/zabbix3 issue
Security: CVE-2020-11800 |
1.1_4 19 May 2020 23:35:17 |
sunpoet |
Document rails vulnerability |
1.1_4 19 May 2020 14:18:34 |
wen |
- Document CVE-2019-18348, CVE-2020-8492 for python38 |
1.1_4 18 May 2020 19:00:35 |
ler |
security/vuxml: Report multiple dovecot vulnerabilities. |
1.1_4 17 May 2020 20:42:25 |
zi |
- Document security/clamav vulnerabilities |
1.1_4 17 May 2020 20:18:31 |
sunpoet |
Update json-c vulnerability
- While I'm here, fix format
json-c 0.14 will land the ports tree along with the fix, thus I change it to
0.14.
PR: 246389 |
1.1_4 17 May 2020 18:33:09 |
sunpoet |
Document rails vulnerability |
1.1_4 16 May 2020 09:17:26 |
brnrd |
security/vuxml: MariaDB vulnerabilities |
1.1_4 16 May 2020 06:45:08 |
woodsb02 |
Add new sysutils/py-salt vulnerabilities
PR: 246061
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2020-11651
Security: CVE-2020-11652 |
1.1_4 14 May 2020 11:29:20 |
mandree |
devel/json-c: CVE-2020-12762 integer overflow, out of bounds write
Reported by: Daniel Engberg
Security: abc3ef37-95d4-11ea-9004-25fadb81abf4
Security: CVE-2020-12762 |
1.1_4 13 May 2020 20:44:18 |
sunpoet |
Document typo3 vulnerability |
1.1_4 13 May 2020 15:16:46 |
gordon |
Add proper links for the html output of vuln.xml.
Add freebsdsa as a proper type.
Correct link to CVEs.
Reviewed by: gjb, joneum
Approved by: ports-secteam (joneum)
Differential Revision: https://reviews.freebsd.org/D24824 |
1.1_4 12 May 2020 18:37:02 |
gordon |
Add data for today's SA batch.
Approved by: so |
1.1_4 09 May 2020 16:02:59 |
novel |
security/vuxml: log www/qutebrowser CVE-2020-11054 |
1.1_4 09 May 2020 10:08:14 |
wen |
- Document python27 CVE-2019-18348 |
1.1_4 09 May 2020 08:23:42 |
joneum |
add entry for www/glpi
PR: 244971
Sponsored by: Netzkommune GmbH |
1.1_4 07 May 2020 19:56:01 |
mandree |
mail/mailman: extend content injection vuln via private archive login
This led up to mailman 2.1.33 today.
https://bugs.launchpad.net/mailman/+bug/1877379
https://launchpadlibrarian.net/478684932/private.diff
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
Approved by: ports-secteam@ (blanket for security fixes)
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 06 May 2020 23:26:49 |
leres |
security/vuxml: Mark zeek < 3.0.6 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
Various issues including buffer over-reads, uninitialized field
access, memory leak, and stack overflows. |
1.1_4 06 May 2020 15:02:40 |
salvadore |
security/vuxml: Update discovery date for CVE-2020-1730
Update discovery date for CVE-2020-1730 based on information obtained from
the libssh team.
Approved by: gerald (mentor) |
1.1_4 06 May 2020 05:14:42 |
sunpoet |
Document wagtail vulnerability |
1.1_4 05 May 2020 22:55:22 |
mandree |
Permit mail/mailman vulnerability to be fixed in 2.1.30_3 already
...not in 2.1.31 only. We can't just easily backport 2.1.31 to 2020Q2.
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 05 May 2020 17:51:49 |
mandree |
new mailman < 2.1.31 content injection vulnerability
similar to CVE-2018-13796 (not sure if they'll reuse that no. so
not including in Security: tags below)
https://bugs.launchpad.net/mailman/+bug/1873722
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4 05 May 2020 05:32:48 |
fjoe |
Fix version range for 97fcc60a-6ec0-11ea-a84a-4c72b94353b5:
phpMyAdmin 4.9.5 is not vulnerable
PR: 245096 |
1.1_4 04 May 2020 23:23:15 |
dbaio |
security/vuxml: Document net-mgmt/cacti issue
PR: 246164
Submitted by: Michael Muenz <m.muenz@gmail.com>
Security: CVE-2020-7106 |
1.1_4 03 May 2020 21:28:58 |
pi |
security/vuxml: add squid 4.10 CVEs
PR: 245433
Submitted by: Michael Muenz <m.muenz@gmail.com> |
1.1_4 03 May 2020 07:46:28 |
tcberner |
Document audio/taglib vulnerability |
1.1_4 01 May 2020 09:44:40 |
mfechner |
Documented gitlab vulnerabilities. |
1.1_4 29 Apr 2020 22:31:08 |
dbaio |
security/vuxml: Add other flavors of py-yaml |
1.1_4 29 Apr 2020 18:48:51 |
tcberner |
Document multimedia/vlc vulnerabilities
Security: CVE-2019-19721 CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077
CVE-2020-6078 CVE-2020-6079 |
1.1_4 29 Apr 2020 15:03:41 |
timur |
Add an entry about CVE-2020-10700, CVE-2020-10704 in samba410 and 411.
Security: CVE-2020-10700
CVE-2020-10704 |
1.1_4 29 Apr 2020 06:08:20 |
fluffy |
net/ceph14: document CVE-2020-1759, CVE-2020-1760 |
1.1_4 29 Apr 2020 01:35:22 |
delphij |
Document OpenLDAP CVE-2020-12243.
PR: 213895
Submitted by: rob2g2 <spam123 bitbert com> |
1.1_4 27 Apr 2020 19:47:27 |
jpaetzel |
Add entry for py-yaml vulnerability |
1.1_4 26 Apr 2020 17:39:27 |
dbaio |
security/vuxml: Document www/py-bleach issue
PR: 245943
Security: CVE-2020-6817 |
1.1_4 23 Apr 2020 12:25:39 |
brnrd |
security/vuxml: MySQL Server 2020Q2 vulnerabilities |
1.1_4 23 Apr 2020 12:23:50 |
brnrd |
security/vuxml: MySQL client 2020Q2 vulnerabilities |
1.1_4 23 Apr 2020 11:48:08 |
brnrd |
security/vuxml: Register Nextcloud vulnerabilities |
1.1_4 23 Apr 2020 01:17:13 |
dbaio |
security/vuxml: Document lang/python issue
PR: 245819
Security: CVE-2020-8492 |
1.1_4 22 Apr 2020 21:33:18 |
sunpoet |
Document wagtail vulnerability |
1.1_4 22 Apr 2020 20:29:14 |
gordon |
11.3 isn't vulenrable to the recent OpenSSL vulnerability.
Approved by: so
X-Pointy-Hat to: gordon |
1.1_4 22 Apr 2020 20:02:55 |
leres |
security/vuxml: Restore openssl port version range to the 2020-04-21 entry
I tested that this passes "make validate" and correctly flags
openssl-1.1.1f,1 as vulnerable.
Approved by: gjb |
1.1_4 22 Apr 2020 11:11:17 |
gjb |
Revert r532466, adding back 'FreeBSD' to the topic.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:09:17 |
gjb |
The vuxml build is now fixed. Remove the 'ignore' block and its
contents.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:07:32 |
gjb |
Comment the second name tag, which I believe is what is causing the
vuxml build to fail. If I am wrong, I will revert this commit.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 11:03:50 |
gjb |
Um, ok. Third attempt to try to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 10:44:59 |
gjb |
Attempt number 2 to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 10:36:57 |
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4 22 Apr 2020 09:38:05 |
brnrd |
security/vuxml: Fix OpenSSL port commit |
1.1_4 22 Apr 2020 08:20:12 |
brnrd |
security/vuxml: Mark OpenSSL 1.1.1f from ports vulnerable too |
1.1_4 21 Apr 2020 19:48:03 |
sunpoet |
Document libntlm vulnerability |
1.1_4 21 Apr 2020 18:29:59 |
gordon |
Add new entries for SA-20:10 and SA-20:11. |
1.1_4 21 Apr 2020 12:25:01 |
dbaio |
security/vuxml: Document devel/py-twisted vulnerabilities
PR: 245252
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Reported by: contact@evilham.com |