Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_4 14 May 2019 21:19:03 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb19-26.html |
1.1_4 11 May 2019 09:14:21 |
brnrd |
security/vuxml: Document PHP-exif vulnerabilities |
1.1_4 10 May 2019 12:41:16 |
girgen |
Add security issues from latest postgresql release |
1.1_4 06 May 2019 08:47:08 |
joneum |
Add entry for www/gitea
PR: 237734
Sponsored by: Netzkommune GmbH |
1.1_4 05 May 2019 02:34:31 |
koobs |
security/vuxml: Add comms/hylafax -- Malformed fax sender remote code execution
in JPEG support |
1.1_4 01 May 2019 07:16:46 |
mfechner |
Documented vulnerability for gitlab. |
1.1_4 30 Apr 2019 23:35:08 |
ler |
security/vuxml: correct dovecot entry.
Reported by: leres |
1.1_4 30 Apr 2019 21:02:33 |
ler |
security/vuxml: document dovecot vulnerabilities |
1.1_4 29 Apr 2019 20:33:08 |
mfechner |
Document gitlab vulnerabilities. |
1.1_4 26 Apr 2019 11:29:17 |
koobs |
security/vuxml: Add buildbot CRLF injection vulnerability |
1.1_4 25 Apr 2019 02:05:05 |
acm |
- Add drupal7 and drupal8 entries |
1.1_4 24 Apr 2019 16:55:13 |
swills |
add missed PORTEPOCH to libssh2 version |
1.1_4 24 Apr 2019 15:30:40 |
jpaetzel |
Document py-yaml vulnerability
PR: 237501
Submitted by: sergey@akhmatov.ru
Security: CVE-2017-18342 |
1.1_4 23 Apr 2019 03:03:45 |
cy |
Document wpa_supplicant/hostapd EAP-pwd message reassembly issue with
unexpected fragment.
Security: no CVE documented,
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-\
with-unexpected-fragment.txt |
1.1_4 23 Apr 2019 03:03:40 |
cy |
Document wpa_supplicant/hostapd EAP-pwd missing commit validation.
CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
CVE-2019-9498 (EAP-pwd server missing commit validation for
scalar/element)
CVE-2019-9499 (EAP-pwd peer missing commit validation for
scalar/element)
Security: CVE-2019-9497, CVE-2019-9498, CVE-2019-9499,
https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt |
1.1_4 23 Apr 2019 03:03:35 |
cy |
Document hostapd SAE confirm missing state validation.
CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Security: CVE-2019-9496,
https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt |
1.1_4 23 Apr 2019 03:03:30 |
cy |
Document wpa_supplicant/hostapd EAP-pwd side-channel attack.
CVE-2019-9495 (cache attack against EAP-pwd)
Security: CVE-2019-9495,
https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt |
1.1_4 23 Apr 2019 03:03:25 |
cy |
Document wpa_supplicant/hostapd SAE side-channel attacks.
CVE-2019-9494 (cache attack against SAE)
Security: CVE-2019-9494, VU#871675,
https://w1.fi/security/2019-1/sae-side-channel-attacks.txt |
1.1_4 22 Apr 2019 20:30:19 |
danilo |
- Document istio vulnerabilities. |
1.1_4 21 Apr 2019 17:35:59 |
tijl |
Document Ghostscript CVE-2019-3835 and CVE-2019-3838.
PR: 237390
Security: CVE-2019-3835, CVE-2019-3838 |
1.1_4 19 Apr 2019 14:42:42 |
tijl |
Document GNUTLS-SA-2019-03-27.
Security: https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27 |
1.1_4 18 Apr 2019 15:21:04 |
ler |
security/vuxml: Document dovecot json encoder issue |
1.1_4 18 Apr 2019 10:36:50 |
swills |
Document libssh2 issue |
1.1_4 17 Apr 2019 06:35:18 |
joneum |
Add entry for gitea
PR: 237303
Sponsored by: Netzkommune GmbH |
1.1_4 13 Apr 2019 13:53:22 |
brnrd |
security/vuxml: Document vulnerabilities for MySQL
- Pre-notification by Oracle, final to be published in 3 days |
1.1_4 12 Apr 2019 08:43:30 |
vd |
Document ftp/wget's metadata in extended attributes vulnerability
Security: CVE-2018-20483 |
1.1_4 11 Apr 2019 05:47:33 |
mfechner |
Document gitlab vulnerability. |
1.1_4 10 Apr 2019 15:30:26 |
lwhsu |
Document Jenkins Security Advisory 2019-04-10
Sponsored by: The FreeBSD Foundation |
1.1_4 10 Apr 2019 07:52:51 |
jkim |
Document the latest Flash Player vulnerabilities.
https://helpx.adobe.com/security/products/flash-player/apsb19-19.html |
1.1_4 06 Apr 2019 14:46:00 |
sunpoet |
Update py-notebook status |
1.1_4 05 Apr 2019 06:22:10 |
mfechner |
Documented vulnerabilities for clamav. |
1.1_4 03 Apr 2019 17:22:25 |
romain |
Update sysutils/puppetserver5 entry
Puppetlabs released version 5.3.8 of Puppet Server which address the issue:
https://puppet.com/docs/puppetserver/5.3/release_notes.html#puppet-server-538
With hat: puppet |
1.1_4 02 Apr 2019 20:48:08 |
mfechner |
Documented gitlab vulnerability. |
1.1_4 02 Apr 2019 07:58:42 |
brnrd |
security/vuxml: Document Apache httpd vulnerabilities |
1.1_4 01 Apr 2019 19:29:47 |
danilo |
- Document sysutils/kubectl CVE-2019-1002101 |
1.1_4 31 Mar 2019 13:50:46 |
dbaio |
security/vuxml: Document irc/znc issue
Security: CVE-2019-9917 |
1.1_4 29 Mar 2019 16:36:03 |
sunpoet |
Document py-notebook vulnerability |
1.1_4 29 Mar 2019 14:17:12 |
sunpoet |
Update openjpeg status |
1.1_4 28 Mar 2019 12:21:37 |
ler |
vuxml: Document mail/dovecot buffer overflow. |
1.1_4 28 Mar 2019 08:26:50 |
joneum |
Add modified line for drupal after r496987
Sponsored by: Netzkommune GmbH |
1.1_4 27 Mar 2019 21:51:40 |
acm |
- Update 94d63fd7-508b-11e9-9ba0-4c72b94353b5 entry |
1.1_4 27 Mar 2019 19:23:40 |
sunpoet |
Update Python vulnerability (d74371d2-4fee-11e9-a5cd-1df8a848de3d) |
1.1_4 27 Mar 2019 17:44:06 |
joneum |
Add entry for www/drupal7
Sponsored by: Netzkommune GmbH |
1.1_4 26 Mar 2019 18:12:24 |
sunpoet |
Document Python vulnerability |
1.1_4 22 Mar 2019 04:08:55 |
zeising |
Update the libXdmcp entry to make it clearer. |
1.1_4 21 Mar 2019 09:36:32 |
joneum |
Add entry for wordpress
Sponsored by: Netzkommune GmbH |
1.1_4 21 Mar 2019 08:15:01 |
mfechner |
Documented gitlab vulnerability. |
1.1_4 21 Mar 2019 02:03:35 |
zeising |
Add entry for x11/libXdmcp vulnerabilty.
Add entry for x11/libXdmcp vulnerabilty, insufficient entripy generating
session keys. It is unknown if this actually affects FreeBSD.
Security: CVE-2017-2625 |
1.1_4 20 Mar 2019 14:04:46 |
mfechner |
Documented security vulnerability for gitlab < 11.8.2. |
1.1_4 20 Mar 2019 11:30:19 |
joneum |
Add entry for www/gitea
PR: 236563 |
1.1_4 19 Mar 2019 20:22:21 |
jbeich |
security/vuxml: mark firefox < 66 as vulnerable |
1.1_4 19 Mar 2019 14:51:03 |
swills |
Document PowerDNS issue
PR: 236634
Reported by: Dani <i.dani@outlook.com> |
1.1_4 18 Mar 2019 18:25:00 |
sunpoet |
Document Rails vulnerability |
1.1_4 17 Mar 2019 14:16:03 |
mandree |
Record PuTTY security vulnerabilities in versions before 0.71. |
1.1_4 16 Mar 2019 23:23:16 |
sunpoet |
Document py-notebook vulnerability |
1.1_4 15 Mar 2019 21:42:03 |
sunpoet |
Document ruby-gems vulnerability |
1.1_4 12 Mar 2019 06:14:06 |
riggs |
Document CVE fixes in libsndfile-1.0.28_2
PR: 227669
Reported by: p5B2E9A8F@t-online.de |
1.1_4 08 Mar 2019 02:26:17 |
cy |
Fill in the actual URL for March 2019 ntp-4.2.8p13 NTP Release and
Security Vulnerability Announcement |
1.1_4 07 Mar 2019 19:33:24 |
brnrd |
security/vuxml: Document OpenSSL 1.1.1 vulnerability |
1.1_4 07 Mar 2019 13:32:42 |
cy |
Document crafted ull dereference ntp attack.
Security: CVE-2019-8936
Obtained from: nwtime.org |
1.1_4 06 Mar 2019 19:56:57 |
kai |
security/vuxml: Document shells/rssh < 2.3.4_2 vulnerabilities
PR: 235121
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D19473 |
1.1_4 06 Mar 2019 07:31:17 |
matthew |
Document a jQuery related XSS security fix in rt4.4.4 and rt4.2.16
Note: the release notes also mention 3 other security issues in perl
modules depended on by these packages. Of those, vulnerabilities in
the Email::Address and Email::Address::List perl modules have already
been addressed in their respective ports, while the third: HTML::Gumbo
is not currently in the ports at all. |
1.1_4 05 Mar 2019 15:00:54 |
0mp |
Document a slixmpp < 1.4.1 vulnerability
Reviewed by: krion, mat
Approved by: krion (mentor), mat (mentor)
MFH: 2019Q1 |
1.1_4 05 Mar 2019 10:23:44 |
mfechner |
Doucumented several www/gitlab-ce security vulnerabilities. |
1.1_4 05 Mar 2019 06:20:50 |
tobik |
Document www/py-gunicorn vulnerability |
1.1_4 04 Mar 2019 10:54:26 |
joneum |
Update mybb entry
Sponsored by: Netzkommune GmbH |
1.1_4 03 Mar 2019 00:03:11 |
bhughes |
security/vuxml: document Node.js February 2019 Security Releases
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
Sponsored by: Miles AS |
1.1_4 02 Mar 2019 10:29:12 |
joneum |
Document vulnerability in www/mybb
Sponsored by: Netzkommune GmbH |
1.1_4 01 Mar 2019 08:57:16 |
madpilot |
Document new asterisk vulnerability.
Security: CVE-2019-7251 |
1.1_4 27 Feb 2019 07:33:22 |
brnrd |
security/vuxml: Update OpenSSL 1.0.2r entry |
1.1_4 24 Feb 2019 19:59:26 |
kwm |
Document webkit-gtk CVE's
Security: CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, \
CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, \
CVE-2019-6234. |
1.1_4 22 Feb 2019 17:58:16 |
pi |
security/vuxml: dokument rdesktop < 1.8.4 vulnerabilities
PR: 235885, 229029 |
1.1_4 21 Feb 2019 19:49:00 |
romain |
Document sysutils/puppetserver* vulnerabilities.
PuppetServer bundles Bouncy Castle, so add affected ports to the Bouncy Castle
entry.
sysutils/puppetserver is EOL and will likely never get a fix;
sysutils/puppetserver5 may get fixed in a future release of the 5.x branch;
sysutils/puppetserver6 was fixed in the latest release.
With hat: puppet |
1.1_4 21 Feb 2019 14:45:25 |
acm |
- Add drupal8 vulnerability entry |
1.1_4 20 Feb 2019 10:13:39 |
brnrd |
security/vuxml: Document announced OpenSSL vulnerability
- To be updated with more specifics on 2019-02-26 |
1.1_4 15 Feb 2019 15:06:16 |
novel |
Document mail/msmtp certificate verification issue |
1.1_4 13 Feb 2019 11:27:36 |
cmt |
fix firefox-esr PORTEPOCH in latest entry
Submitted by: jbeich |
1.1_4 13 Feb 2019 11:09:39 |
cmt |
add more mozilla products to latest entry
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
(same CVEs as mfsa2019-04, so not creating another entry) |
1.1_4 13 Feb 2019 09:57:34 |
cmt |
document firefox vulnerabilities
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/ |
1.1_4 12 Feb 2019 15:39:34 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html |
1.1_4 11 Feb 2019 19:11:34 |
sunpoet |
Fix r492723 for the name of NVD report |
1.1_4 11 Feb 2019 18:59:48 |
sunpoet |
Update openjpeg status
There were 5 vulnerabilities in openjpeg and 4 of them are fixed.
The current status is described in [1] as follows:
- CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.
- CVE-2018-5785 was fixed in r480624.
- CVE-2018-6616 was fixed in r489415.
- CVE-2018-5727 is not fixed yet.
Though I keep committing fixes and updating the status, it does not show in the
"pkg audit" result. Users have to follow the link but apparently few people
would do that. Therefore, I got mails asking if the CVEs are fixed, etc.
I don't know if there's a better way to handle this condition (partly fixed over
several months). Instead of removing fixed CVEs from vuln.xml, I decided to add
a new entry (5efd7a93-2dfb-11e9-9549-e980e869c2e9) which is split from the old
entry (11dc3890-0e64-11e8-99b0-d017c2987f9a). It should be clearer for users if
they only read the "pkg audit" result.
[1] https://www.vuxml.org/freebsd/11dc3890-0e64-11e8-99b0-d017c2987f9a.html |
1.1_4 11 Feb 2019 00:11:41 |
feld |
Document FreeBSD-SA-19:02.fd |
1.1_4 11 Feb 2019 00:10:59 |
feld |
Document FreeBSD-SA-19:01.syscall |
1.1_4 10 Feb 2019 18:02:38 |
tcberner |
Document kf5-kauth vulnerability. |
1.1_4 08 Feb 2019 01:12:26 |
osa |
Update versions range for recent unit vulnerability. |
1.1_4 08 Feb 2019 01:04:53 |
osa |
Document unit vulnerability. |
1.1_4 07 Feb 2019 23:14:47 |
sunpoet |
Document curl vulnerability |
1.1_4 06 Feb 2019 09:10:47 |
mfechner |
Document gitlab-ce vulnerability. |
1.1_4 05 Feb 2019 14:52:23 |
ler |
mail/dovecot: update reporter for latest vuln |
1.1_4 05 Feb 2019 14:39:13 |
ler |
mail/dovecot: Suitable client certificate can be used to login as other user
update vuxml |
1.1_4 02 Feb 2019 21:55:47 |
sunpoet |
Document typo3 vulnerability
PR: 235187, 235188 |
1.1_4 02 Feb 2019 01:26:48 |
jrm |
security/vuxml: Document Gitea < 1.7.1 vulnerabilities
PR: 235399
Submitted by: stb@lassitu.de (www/gitea maintainer) |
1.1_4 31 Jan 2019 19:36:16 |
matthew |
Document vulnerability addressed by release 0.06 of p5-Email-Address-List
Unfortunately there is very little real description of the
vulnerability available, other than what is in the changelog. Even
the CVE number only leads to a page saying the number is reserved. |
1.1_4 31 Jan 2019 17:42:14 |
mfechner |
Documented multiple vulnerabilities for www/gitlab-ce. |
1.1_4 30 Jan 2019 11:37:56 |
bhughes |
security/vuxml: document vulnerabilities in net/turnserver
Sponsored by: Miles AS |
1.1_4 29 Jan 2019 17:18:59 |
jbeich |
security/vuxml: mark firefox < 65 as vulnerable |
1.1_4 28 Jan 2019 16:53:42 |
swills |
Document powerdns-recursor issue
PR: 235113
Submitted by: Ralf van der Enden <tremere@cainites.net> |
1.1_4 27 Jan 2019 19:58:21 |
sunpoet |
Update py-requests entry
Reference: https://lists.freebsd.org/pipermail/svn-ports-head/2019-January/198601.html |
1.1_4 27 Jan 2019 15:14:56 |
brnrd |
security/vuxml: Document recent MySQL vulnerabilities
- 5.5 branch see https://mariadb.com/kb/en/library/mariadb-5563-release-notes/ |