| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_4
24 Jun 2020 20:30:36
   |
zeising  |
Update VuXML with security issues in mail/mutt
PR: 247399
Submitted by: Derek Schrock |
1.1_4
24 Jun 2020 17:59:39
|
sunpoet |
Document curl vulnerability |
1.1_4
24 Jun 2020 14:42:24
|
gjb |
Attempt to fix build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4
24 Jun 2020 14:10:57
|
tijl |
Document CUPS CVE-2019-8842 and CVE-2020-3898.
PR: 246011
Security: https://github.com/apple/cups/releases/tag/v2.3.3 |
1.1_4
24 Jun 2020 13:14:19
|
sunpoet |
Clean up unnecessary "<p>.</p>" in blockquote section |
1.1_4
22 Jun 2020 16:13:14
|
sunpoet |
Document rails vulnerability |
1.1_4
19 Jun 2020 14:29:02
|
tcberner |
security/vuxml: Document multimedia/vlc Vulnerability
PR: 247341
Security: CVE-2020-13428 |
1.1_4
18 Jun 2020 14:45:31
|
lme |
security/vuxml:
Document CVE-2020-13882 and CVE-2019-13033 for security/lynis. |
1.1_4
18 Jun 2020 08:05:59
|
philip |
security/vuxml: CVE-2020-8618 and CVE-2020-8619
ISC published CVE-2020-8618 affecting dns/bind916 and CVE-2020-8619
affecting dns/bind911 and dns/bind916. Both ports were updated. |
1.1_4
13 Jun 2020 14:08:03
|
dbaio |
security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries
Python 3.6 and 3.7 are not vulnerable in the ports tree anymore.
Change range for python35 to <le>, suggested by swills.
PR: 246984, 246738 |
1.1_4
13 Jun 2020 08:20:32
|
fluffy |
security/vuxml: document libreoffice <6.4.4 security issues
PR: 247196
Submitted by: rob2g2 <spam123@bitbert.com> |
1.1_4
13 Jun 2020 04:43:34
|
cy |
Document multiple sqlite3 vulnerabilities with CVSS scores ranging
from 5.5 (medium) to 7.5 (high).
PR: 247149 |
1.1_4
12 Jun 2020 04:47:06
|
bhughes |
security/vuxml: document Node.js June 2020 Security Releases
https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/
Sponsored by: Miles AS |
1.1_4
11 Jun 2020 13:24:06
|
ehaupt |
Document net-mgmt/tcpreplay vulnerabilities |
1.1_4
11 Jun 2020 00:36:21
|
dbaio |
security/vuxml: Document irc/znc issue
Security: CVE-2020-13775 |
1.1_4
10 Jun 2020 12:12:57
|
mfechner |
Document npm vulnerabilities. |
1.1_4
10 Jun 2020 09:12:12
|
ehaupt |
Document the audio/libadplug vulnerabilities:
https://github.com/adplug/adplug/releases/tag/adplug-2.3.3 |
1.1_4
10 Jun 2020 02:29:32
|
leres |
security/vuxml: Mark zeek < 3.0.7 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS
Various issues including stack overflows and memory leaks. |
1.1_4
09 Jun 2020 21:50:21
|
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb20-30.html |
1.1_4
09 Jun 2020 16:59:12
|
gordon |
Add FreeBSD-SA-20:17.usb.
Approved by: so |
1.1_4
08 Jun 2020 16:26:09
|
joneum |
Unbreak vuxmlbuild
Parsing VuXML ...Application exception:
bad CVE name for vid 669f3fe8-a07a-11ea-b83e-f0def1f5c5a2: GHSL-2020-100 @ho:215
*** Error code 1
Sponsored by: Netzkommune GmbH |
1.1_4
08 Jun 2020 15:49:05
|
kevans |
security/vuxml: document new vulnerabilities in net/freerdp < 2.1.0
PR: 246931, 245517
Obtained from: https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
Approved by: koobs (mentor) |
1.1_4
07 Jun 2020 02:20:40
|
dbaio |
security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries
CVE-2019-18348: Add missing Python packages range
CVE-2020-8492: Fix Python 3.7 entrie, it's currently affected.
After committing fixes, we'll need to change ranges again.
PR: 246984 |
1.1_4
05 Jun 2020 10:51:55
|
rene |
Document new vulnerabilities in www/chromium < 83.0.4103.97
Obtained
from: https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html |
1.1_4
04 Jun 2020 23:43:26
|
wen |
- Fix the name of py-django30 in my previous commit
Spotted by: dan@langille.org |
1.1_4
04 Jun 2020 23:31:29
|
gjb |
Attempt to fix build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4
04 Jun 2020 22:49:54
|
acm |
- Update c5ec57a9-9c2b-11ea-82b8-4c72b94353b5 entry. Add drupal 8.8.6 |
1.1_4
04 Jun 2020 17:51:59
|
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4
04 Jun 2020 14:25:13
|
wen |
- Document Django multiple vulnerabilities |
1.1_4
04 Jun 2020 12:41:05
|
garga |
vuxml: Document git vulnerability CVE-2020-5260
PR: 245821
Submitted by: rob2g2 <spam123@bitbert.com>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.1_4
04 Jun 2020 12:37:35
|
garga |
vuxml: Document git vulnerability CVE-2020-11008
PR: 245822
Submitted by: rob2g2 <spam123@bitbert.com>
Sponsored by: Rubicon Communications, LLC (Netgate) |
1.1_4
04 Jun 2020 12:14:42
|
tijl |
Add entry for GNUTLS-SA-2020-06-03 (flaw in TLS).
Add CVE reference to previous GnuTLS entry. |
1.1_4
03 Jun 2020 16:46:06
|
sunpoet |
Document rubygem-websocket-extensions vulnerability |
1.1_4
03 Jun 2020 16:44:57
|
sunpoet |
Document nghttp2 vulnerability |
1.1_4
31 May 2020 10:53:13
|
adamw |
VuXML: Add entry for gitea < 1.11.6
PR: 246892
Submitted by: maintainer |
1.1_4
29 May 2020 06:51:37
|
tagattie |
Correct vulnerable version range of powerdns-recursor
PR: 246655
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ehaupt (mentor) |
1.1_4
29 May 2020 02:07:53
|
sunpoet |
Fix r536871 |
1.1_4
29 May 2020 01:59:46
|
sunpoet |
Document rubygem-kaminari-core vulnerability |
1.1_4
28 May 2020 10:20:23
|
cmt |
document sane-backend vulnerabilities
CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864,
CVE-2020-12865, CVE-2020-12866, CVE-2020-12867
PR: 246803 |
1.1_4
28 May 2020 06:19:22
|
mfechner |
Document gitlab-ce vulnerabilities. |
1.1_4
27 May 2020 16:20:11
|
pi |
security/vuxml: add two entries for mail/sympa
PR: 246701
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> |
1.1_4
27 May 2020 12:08:46
|
tagattie |
Document powerdns-recursor vulnerabilities
PR: 246655
Submitted by: Ralf van der Enden <tremere@cainites.net>
Approved by: ehaupt (mentor) |
1.1_4
25 May 2020 18:04:40
|
pi |
security/vuxml: add three CVEs for qmail
PR: 245010
Submitted by: erdgeist@erdgeist.org |
1.1_4
24 May 2020 18:55:35
|
rene |
Document new vulnerabilities in www/chromium 83.0.4103.61.
The website is somewhat crippled and does not show the full text. |
1.1_4
23 May 2020 12:31:37
|
joneum |
Add entry for piwigo
PR: 245153
Sponsored by: Netzkommune GmbH |
1.1_4
23 May 2020 09:22:21
|
joneum |
Add entry for tomcat
PR: 246657
Sponsored by: Netzkommune GmbH |
1.1_4
22 May 2020 22:20:22
|
delphij |
Document unbound multiple vulnerabilities. |
1.1_4
22 May 2020 13:07:46
|
joneum |
Add entry for drual7
Sponsored by: Netzkommune GmbH |
1.1_4
20 May 2020 11:41:05
|
dbaio |
security/vuxml: Document net-mgmt/zabbix3 issue
Security: CVE-2020-11800 |
1.1_4
19 May 2020 23:35:17
|
sunpoet |
Document rails vulnerability |
1.1_4
19 May 2020 14:18:34
|
wen |
- Document CVE-2019-18348, CVE-2020-8492 for python38 |
1.1_4
18 May 2020 19:00:35
|
ler |
security/vuxml: Report multiple dovecot vulnerabilities. |
1.1_4
17 May 2020 20:42:25
|
zi |
- Document security/clamav vulnerabilities |
1.1_4
17 May 2020 20:18:31
|
sunpoet |
Update json-c vulnerability
- While I'm here, fix format
json-c 0.14 will land the ports tree along with the fix, thus I change it to
0.14.
PR: 246389 |
1.1_4
17 May 2020 18:33:09
|
sunpoet |
Document rails vulnerability |
1.1_4
16 May 2020 09:17:26
|
brnrd |
security/vuxml: MariaDB vulnerabilities |
1.1_4
16 May 2020 06:45:08
|
woodsb02 |
Add new sysutils/py-salt vulnerabilities
PR: 246061
Reported by: Christer Edwards <christer.edwards@gmail.com>
Security: CVE-2020-11651
Security: CVE-2020-11652 |
1.1_4
14 May 2020 11:29:20
|
mandree |
devel/json-c: CVE-2020-12762 integer overflow, out of bounds write
Reported by: Daniel Engberg
Security: abc3ef37-95d4-11ea-9004-25fadb81abf4
Security: CVE-2020-12762 |
1.1_4
13 May 2020 20:44:18
|
sunpoet |
Document typo3 vulnerability |
1.1_4
13 May 2020 15:16:46
|
gordon |
Add proper links for the html output of vuln.xml.
Add freebsdsa as a proper type.
Correct link to CVEs.
Reviewed by: gjb, joneum
Approved by: ports-secteam (joneum)
Differential Revision: https://reviews.freebsd.org/D24824 |
1.1_4
12 May 2020 18:37:02
|
gordon |
Add data for today's SA batch.
Approved by: so |
1.1_4
09 May 2020 16:02:59
|
novel |
security/vuxml: log www/qutebrowser CVE-2020-11054 |
1.1_4
09 May 2020 10:08:14
|
wen |
- Document python27 CVE-2019-18348 |
1.1_4
09 May 2020 08:23:42
|
joneum |
add entry for www/glpi
PR: 244971
Sponsored by: Netzkommune GmbH |
1.1_4
07 May 2020 19:56:01
|
mandree |
mail/mailman: extend content injection vuln via private archive login
This led up to mailman 2.1.33 today.
https://bugs.launchpad.net/mailman/+bug/1877379
https://launchpadlibrarian.net/478684932/private.diff
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
Approved by: ports-secteam@ (blanket for security fixes)
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4
06 May 2020 23:26:49
|
leres |
security/vuxml: Mark zeek < 3.0.6 as vulnerable as per:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
Various issues including buffer over-reads, uninitialized field
access, memory leak, and stack overflows. |
1.1_4
06 May 2020 15:02:40
|
salvadore |
security/vuxml: Update discovery date for CVE-2020-1730
Update discovery date for CVE-2020-1730 based on information obtained from
the libssh team.
Approved by: gerald (mentor) |
1.1_4
06 May 2020 05:14:42
|
sunpoet |
Document wagtail vulnerability |
1.1_4
05 May 2020 22:55:22
|
mandree |
Permit mail/mailman vulnerability to be fixed in 2.1.30_3 already
...not in 2.1.31 only. We can't just easily backport 2.1.31 to 2020Q2.
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4
05 May 2020 17:51:49
|
mandree |
new mailman < 2.1.31 content injection vulnerability
similar to CVE-2018-13796 (not sure if they'll reuse that no. so
not including in Security: tags below)
https://bugs.launchpad.net/mailman/+bug/1873722
Security: 88760f4d-8ef7-11ea-a66d-4b2ef158be83 |
1.1_4
05 May 2020 05:32:48
|
fjoe |
Fix version range for 97fcc60a-6ec0-11ea-a84a-4c72b94353b5:
phpMyAdmin 4.9.5 is not vulnerable
PR: 245096 |
1.1_4
04 May 2020 23:23:15
|
dbaio |
security/vuxml: Document net-mgmt/cacti issue
PR: 246164
Submitted by: Michael Muenz <m.muenz@gmail.com>
Security: CVE-2020-7106 |
1.1_4
03 May 2020 21:28:58
|
pi |
security/vuxml: add squid 4.10 CVEs
PR: 245433
Submitted by: Michael Muenz <m.muenz@gmail.com> |
1.1_4
03 May 2020 07:46:28
|
tcberner |
Document audio/taglib vulnerability |
1.1_4
01 May 2020 09:44:40
|
mfechner |
Documented gitlab vulnerabilities. |
1.1_4
29 Apr 2020 22:31:08
|
dbaio |
security/vuxml: Add other flavors of py-yaml |
1.1_4
29 Apr 2020 18:48:51
|
tcberner |
Document multimedia/vlc vulnerabilities
Security: CVE-2019-19721 CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077
CVE-2020-6078 CVE-2020-6079 |
1.1_4
29 Apr 2020 15:03:41
|
timur |
Add an entry about CVE-2020-10700, CVE-2020-10704 in samba410 and 411.
Security: CVE-2020-10700
CVE-2020-10704 |
1.1_4
29 Apr 2020 06:08:20
|
fluffy |
net/ceph14: document CVE-2020-1759, CVE-2020-1760 |
1.1_4
29 Apr 2020 01:35:22
|
delphij |
Document OpenLDAP CVE-2020-12243.
PR: 213895
Submitted by: rob2g2 <spam123 bitbert com> |
1.1_4
27 Apr 2020 19:47:27
|
jpaetzel |
Add entry for py-yaml vulnerability |
1.1_4
26 Apr 2020 17:39:27
|
dbaio |
security/vuxml: Document www/py-bleach issue
PR: 245943
Security: CVE-2020-6817 |
1.1_4
23 Apr 2020 12:25:39
|
brnrd |
security/vuxml: MySQL Server 2020Q2 vulnerabilities |
1.1_4
23 Apr 2020 12:23:50
|
brnrd |
security/vuxml: MySQL client 2020Q2 vulnerabilities |
1.1_4
23 Apr 2020 11:48:08
|
brnrd |
security/vuxml: Register Nextcloud vulnerabilities |
1.1_4
23 Apr 2020 01:17:13
|
dbaio |
security/vuxml: Document lang/python issue
PR: 245819
Security: CVE-2020-8492 |
1.1_4
22 Apr 2020 21:33:18
|
sunpoet |
Document wagtail vulnerability |
1.1_4
22 Apr 2020 20:29:14
|
gordon |
11.3 isn't vulenrable to the recent OpenSSL vulnerability.
Approved by: so
X-Pointy-Hat to: gordon |
1.1_4
22 Apr 2020 20:02:55
|
leres |
security/vuxml: Restore openssl port version range to the 2020-04-21 entry
I tested that this passes "make validate" and correctly flags
openssl-1.1.1f,1 as vulnerable.
Approved by: gjb |
1.1_4
22 Apr 2020 11:11:17
|
gjb |
Revert r532466, adding back 'FreeBSD' to the topic.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4
22 Apr 2020 11:09:17
|
gjb |
The vuxml build is now fixed. Remove the 'ignore' block and its
contents.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4
22 Apr 2020 11:07:32
|
gjb |
Comment the second name tag, which I believe is what is causing the
vuxml build to fail. If I am wrong, I will revert this commit.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4
22 Apr 2020 11:03:50
|
gjb |
Um, ok. Third attempt to try to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4
22 Apr 2020 10:44:59
|
gjb |
Attempt number 2 to fix the vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4
22 Apr 2020 10:36:57
|
gjb |
Fix vuxml build.
Sponsored by: Rubicon Communications, LLC (netgate.com) |
1.1_4
22 Apr 2020 09:38:05
|
brnrd |
security/vuxml: Fix OpenSSL port commit |
1.1_4
22 Apr 2020 08:20:12
|
brnrd |
security/vuxml: Mark OpenSSL 1.1.1f from ports vulnerable too |
1.1_4
21 Apr 2020 19:48:03
|
sunpoet |
Document libntlm vulnerability |
1.1_4
21 Apr 2020 18:29:59
|
gordon |
Add new entries for SA-20:10 and SA-20:11. |
1.1_4
21 Apr 2020 12:25:01
|
dbaio |
security/vuxml: Document devel/py-twisted vulnerabilities
PR: 245252
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Reported by: contact@evilham.com |
As an Amazon Associate I earn from qualifying purchases.
