Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_3 09 Oct 2018 21:13:59 |
dinoex |
- add entry for tinc and tinc-devel |
1.1_3 05 Oct 2018 22:06:20 |
mfechner |
Document several vulnerabilities for gitlab-ce.
Approved by: mentors (implicit) |
1.1_3 04 Oct 2018 01:32:18 |
ler |
security/vuxml: add multiple vulnerabilities in security/clamav.
PR: 231924
Submitted by: yasu@utahime.org |
1.1_3 03 Oct 2018 13:46:36 |
wen |
- Document django21 vulnerability |
1.1_3 03 Oct 2018 01:01:23 |
jbeich |
security/vuxml: mark firefox < 62.0.3 as vulnerable |
1.1_3 01 Oct 2018 19:02:32 |
mfechner |
Document several vulnerabilities for gitlab-ce.
Approved by: mentors (implicit) |
1.1_3 01 Oct 2018 14:53:24 |
swills |
Document pango DoS |
1.1_3 30 Sep 2018 06:48:23 |
joneum |
Add entry for www/serendipity
Sponsored by: Netzkommune GmbH |
1.1_3 29 Sep 2018 23:26:59 |
kbowling |
security/vuxml: Add entry for net-p2p/bitcoin CVE-2018-17144
Add VuXML for r480928
Approved by: timur (mentor)
Differential Revision: https://reviews.freebsd.org/D17360 |
1.1_3 26 Sep 2018 18:09:07 |
zeising |
Document spamassassin - multiple vulnerabilities
Document spamassassin vulnerabilities, as found in this announcement:
https://seclists.org/oss-sec/2018/q3/242 |
1.1_3 26 Sep 2018 13:07:50 |
lme |
security/vuxml:
Document wesnoth vulnerability |
1.1_3 26 Sep 2018 12:49:24 |
brnrd |
security/vuxml: Add Apache 2.4 vulnerability |
1.1_3 25 Sep 2018 16:09:40 |
sunpoet |
Update OpenJPEG vulnerability
CVE-2018-5785 was fixed in r480624. |
1.1_3 25 Sep 2018 14:07:08 |
tobik |
Document mantis vulnerability |
1.1_3 22 Sep 2018 16:50:19 |
sunpoet |
Document rubygem-smart_proxy_dynflow vulnerability |
1.1_3 22 Sep 2018 14:05:45 |
wen |
- Document mediawiki's multiple vulnerabilities |
1.1_3 21 Sep 2018 23:03:37 |
jbeich |
security/vuxml: mark firefox < 62.0.2 as vulnerable |
1.1_3 21 Sep 2018 08:17:45 |
madpilot |
Document new asterisk vulnerability. |
1.1_3 18 Sep 2018 10:48:27 |
wen |
- Document moodle multiple vulnerabilities |
1.1_3 15 Sep 2018 23:40:15 |
ler |
security/vuxml: add Joomla3 Vulnerabilities |
1.1_3 15 Sep 2018 08:54:58 |
jbeich |
security/vuxml: mark waterfox < 56.2.3 as vulnerable |
1.1_3 13 Sep 2018 21:56:23 |
sunpoet |
Update OpenJPEG vulnerability
Only CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.
Notified by: tijl |
1.1_3 13 Sep 2018 19:08:11 |
joneum |
Document vulnerability in www/mybb
Sponsored by: Netzkommune GmbH |
1.1_3 12 Sep 2018 13:57:04 |
feld |
Document FreeBSD-SA-18:12.elf |
1.1_3 11 Sep 2018 20:36:44 |
yuri |
Add VuXML vulnerability CVE-2018-15598 for traefik.
Port update is already MFHed. |
1.1_3 11 Sep 2018 18:43:42 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb18-31.html |
1.1_3 11 Sep 2018 16:13:58 |
feld |
Improve formatting
Also add plexmediaserver-plexpass package as vulnerable |
1.1_3 11 Sep 2018 16:10:31 |
feld |
Document Plex vulnerability
Security: CVE-2018-13415 |
1.1_3 11 Sep 2018 10:39:06 |
adridg |
The 0.18 release of x11/sddm contains a fix for a security error
that allows unlocking a session without a password, if the
ReuseSession configuration option is set to true. The default
configuration sets it to false.
I'm setting the version to < 0.17.0_1 here, because I'm going
to update 0.17 with backports rather than pull in 0.18 (there's
a lot more work in that update, because of reorganisation upstream
and none of our patches apply anymore).
PR: 230029
Reported by: doctorwhoguy@gmail.com |
1.1_3 11 Sep 2018 09:53:49 |
joneum |
Document vulnerability in www/mybb
Sponsored by: Netzkommune GmbH |
1.1_3 09 Sep 2018 17:46:23 |
flo |
Document gitea vulnerability.
PR: 231180
Submitted by: stb@lassitu.de
Security: 7c750960-b129-11e8-9fcd-080027f43a02 |
1.1_3 07 Sep 2018 03:49:46 |
cy |
Remove duplicate entry for WPA EAPOL vulnerability. Use r477829 instead
as its version range is more complete.
PR: 231054
Reported by: 000.fbsd@quip.cz |
1.1_3 06 Sep 2018 06:53:44 |
yuri |
Add VuXML entry for the fixed CVE-2017-11114 in www/links
PR: 230849
Submitted by: Dmitri Goutnik <dg@syrec.org> |
1.1_3 05 Sep 2018 23:30:17 |
sunpoet |
Document curl vulnerability |
1.1_3 05 Sep 2018 20:39:51 |
jbeich |
security/vuxml: mark firefox < 62 as vulnerable |
1.1_3 04 Sep 2018 12:47:08 |
tijl |
Document Ghostscript -dSAFER sandbox bypass vulnerabilities.
PR: 231148
Security: https://www.kb.cert.org/vuls/id/332928 |
1.1_3 31 Aug 2018 23:47:50 |
swills |
Document grafana issues
PR: 231019
PR: 231020
PR: 231021
PR: 231022 |
1.1_3 30 Aug 2018 20:47:55 |
mfechner |
Document several vulnerabilities for gitlab-ce.
Approved by: mentors (implicit) |
1.1_3 30 Aug 2018 06:33:34 |
tota |
- Fix range for ja-mailman in CVE-2018-13796 |
1.1_3 30 Aug 2018 00:09:58 |
leres |
Mark bro < 2.5.5 as vulnerable as per:
https://www.bro.org/download/NEWS.bro.html
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D16948 |
1.1_3 27 Aug 2018 11:19:03 |
bhughes |
security/vuxml: document Node.js vulnerabilities
https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
Sponsored by: Miles AS |
1.1_3 24 Aug 2018 10:34:46 |
tobik |
Fix databases/mantis entry after r477954 |
1.1_3 23 Aug 2018 05:34:56 |
matthew |
Apparently you can have more than on <name></name> item inside a
<package></packge> group. Also, re-add plain 'phpMyAdmin' without a
flavour suffix as a possible package name -- it's only been a few
months since flavourization, and there may well be some older installs
still out there. (Although those should already be flagging for the
previous PMASA)
Reported by: mat |
1.1_3 22 Aug 2018 21:58:04 |
matthew |
Third time's the charm. Now capitalize the package names correctly. |
1.1_3 22 Aug 2018 21:40:11 |
matthew |
phpMyAdmin is flavoured now: use the correct package names. |
1.1_3 22 Aug 2018 21:28:45 |
feld |
Document FreeBSD-SA-18:11.hostapd |
1.1_3 22 Aug 2018 21:28:04 |
feld |
Document FreeBSD-SA-18:10.ip |
1.1_3 22 Aug 2018 21:27:36 |
feld |
Document FreeBSD-SA-18:09.l1tf |
1.1_3 22 Aug 2018 21:03:21 |
swills |
Document gogs open redirect issue
PR: 230800
Submitted by: Dmitri Goutnik <dg@syrec.org> |
1.1_3 22 Aug 2018 20:32:50 |
matthew |
Document the latest phpMyAdmin security advisory PMASA-2018-5 |
1.1_3 22 Aug 2018 19:28:01 |
zeising |
Document libX11 vulnerabilities.
CVE-2018-14598
CVE-2018-14599
CVE-2018-14600
https://lists.x.org/archives/xorg-announce/2018-August/002915.html |
1.1_3 21 Aug 2018 17:53:08 |
dch |
security/vuxml: add CVE-2018-11769 for databases/couchdb versions < 2.2.0
Reported by: Apache CouchDB PMC
Approved by: jrm
Security: CVE-2018-11769
Security: https://lists.apache.org/thread.html/1052ad7a1b32b9756df4f7860f5cb5a96b739f444117325a19a4bf75@%3Cdev.couchdb.apache.org%3E
Differential Revision: https://reviews.freebsd.org/D16820 |
1.1_3 17 Aug 2018 21:07:32 |
swills |
Document issue in security/botan2
PR: 230666 |
1.1_3 15 Aug 2018 21:01:23 |
lwhsu |
Document Jenkins Security Advisory 2018-08-15
Sponsored by: The FreeBSD Foundation |
1.1_3 14 Aug 2018 20:21:53 |
cy |
Document WPA unauthenticated encrypted EAPOL-Key data vunlerability.
Security: CVE-2018-14526 |
1.1_3 14 Aug 2018 19:08:38 |
jkim |
Document the latest Flash Player vulnerabilities.
https://helpx.adobe.com/security/products/flash-player/apsb18-25.html |
1.1_3 14 Aug 2018 13:37:35 |
timur |
Add an entry about multiple Samba vulnerabilities:
* CVE-2018-1139 (Weak authentication protocol allowed.)
* CVE-2018-1140 (Denial of Service Attack on DNS and LDAP server.)
* CVE-2018-10858 (Insufficient input validation on client directory
listing in libsmbclient.)
* CVE-2018-10918 (Denial of Service Attack on AD DC DRSUAPI server.)
* CVE-2018-10919 (Confidential attribute disclosure from the AD LDAP
server.)
Security: CVE-2018-1139
CVE-2018-1140
CVE-2018-10858
CVE-2018-10918
CVE-2018-10919
Sponsored by: iXsystems Inc. |
1.1_3 12 Aug 2018 17:35:08 |
sunpoet |
Document GraphicsMagick vulnerability |
1.1_3 12 Aug 2018 13:44:39 |
tobik |
Document lang/chicken vulerabilities |
1.1_3 12 Aug 2018 07:55:09 |
flo |
Document www/gitea vulnerability, with the scarce details provided by Gitea
PR: 230512 |
1.1_3 10 Aug 2018 14:35:45 |
tijl |
Document mbed TLS Security Advisory 2018-02.
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 |
1.1_3 10 Aug 2018 08:56:53 |
girgen |
Add entry about postgresql vulnerabilites |
1.1_3 08 Aug 2018 19:07:31 |
brnrd |
security/vuxml: Document Oracle's Crititcal Patch Update |
1.1_3 07 Aug 2018 13:18:03 |
girgen |
Add vulnerability information about apache-xml-security-c |
1.1_3 06 Aug 2018 21:26:20 |
feld |
Document FreeBSD-SA-18:08.tcp |
1.1_3 06 Aug 2018 03:23:23 |
koobs |
security/py-cryptography: Add tag forgery vulnerability
PR: 226906 |
1.1_3 05 Aug 2018 11:56:49 |
riggs |
Document CVE-2018-14912 in devel/cgit before version 1.2.1
PR: 230360
Submitted by: yasu@utahime.org |
1.1_3 03 Aug 2018 16:09:52 |
mfechner |
Documented vulnerability of copied security/rubygem-doorkeeper43.
Approved by: mentors (implicit) |
1.1_3 01 Aug 2018 16:32:58 |
adamw |
Fix a common grammar error: "can not" means the opposite of "cannot."
"Can not" means "it is possible not to," and "cannot" means "it is impossible
to." |
1.1_3 31 Jul 2018 23:44:54 |
sunpoet |
Document rubygem-doorkeeper vulnerability |
1.1_3 31 Jul 2018 23:43:53 |
sunpoet |
Document rubygem-sinatra vulnerability |
1.1_3 31 Jul 2018 09:51:51 |
mandree |
Add new Mailman < 2.1.28 security issue.
https://bugs.launchpad.net/mailman/+bug/1780874
https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html
Security: b4f0ad36-94a5-11e8-9007-080027ac955c
Security: CVE-2018-13796 |
1.1_3 29 Jul 2018 12:23:14 |
tota |
- Fix range for ja-mailman in CVE-2018-0618 |
1.1_3 29 Jul 2018 10:42:23 |
joneum |
document mantis issues
PR: 229880
Submitted by: Nathan <ndowens.fbsd@yandex.com> |
1.1_3 28 Jul 2018 11:43:51 |
sunpoet |
Fix version range of curl vulnerability |
1.1_3 27 Jul 2018 13:37:27 |
swills |
security/vuxml: document py-bleach issue
PR: 226851 |
1.1_3 27 Jul 2018 13:15:56 |
swills |
security/vuxml: document lshell issues
PR: 215988
Submitted by: Damien Fleuriot <dam@my.gd> |
1.1_3 27 Jul 2018 13:04:27 |
swills |
security/vuxml: document openjpeg issues
PR: 225805
Submitted by: VK <vlad-fbsd@acheronmedia.com> |
1.1_3 27 Jul 2018 13:00:45 |
swills |
security/vuxml: Document ffmpeg issues
PR: 223626
Submitted by: VK <vlad-fbsd@acheronmedia.com> |
1.1_3 27 Jul 2018 12:55:03 |
swills |
security/vuxml: document gimp issue
While here, fix entry date on curl entry
PR: 225636
Submitted by: D. Ebdrup <debdrup@gmail.com> |
1.1_3 27 Jul 2018 12:34:57 |
cpm |
Document new vulnerabilites in www/chromium < 68.0.3440.75
Obtained
from: https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html |
1.1_3 27 Jul 2018 12:24:57 |
swills |
security/vuxml: Document curl issue
PR: 229752
Submitted by: Yasuhiro KIMURA <yasu@utahime.org> |
1.1_3 27 Jul 2018 06:50:59 |
mfechner |
Documented vulnerabilities for gitlab-ce.
Approved by: mentors (implicit) |
1.1_3 26 Jul 2018 17:37:36 |
danilo |
- Document a graphics/vips buffer overflow.
https://github.com/jcupitt/libvips/releases/tag/v8.6.5 |
1.1_3 24 Jul 2018 18:08:47 |
fernape |
Document vulnerabilities for graphics/sixel 1.8.1
* CVE-2018-14072
* CVE-2018-14073
PR: 229975
Reported by: sue@iwmt.org (maintainer)
Approved by: tcberner (mentor) |
1.1_3 24 Jul 2018 06:33:50 |
miwi |
- Exclude LibreSSL 2.6.5 from CVE-2018-0732 entry
PR: 229037
Sponsored by: iXsystems Inc. |
1.1_3 21 Jul 2018 08:51:37 |
tijl |
Remove linux expat packages from latest expat entry. Red Hat has marked
these "will not fix" because of the low impact so there's no point in
nagging users about this.
https://access.redhat.com/security/cve/cve-2016-9063
https://access.redhat.com/security/cve/cve-2017-9233 |
1.1_3 21 Jul 2018 06:58:42 |
woodsb02 |
security/vuxml: Add CVE details for VLC vulnerability |
1.1_3 21 Jul 2018 06:50:36 |
woodsb02 |
security/vuxml: document VLC vulnerability |
1.1_3 19 Jul 2018 15:37:57 |
fernape |
security/vuxml: add mutt vulnerabilities
Include mutt vulnerabilities for mutt < 1.10.1
PR: 229810
Submitted by: dereks@lifeofadishwasher.com
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D16321 |
1.1_3 19 Jul 2018 12:39:21 |
gahr |
security/vuxml: fix typo |
1.1_3 19 Jul 2018 12:04:03 |
gahr |
security/vuxml: document NeoMutt and Mutt vulnerabilities |
1.1_3 19 Jul 2018 06:44:46 |
mfechner |
Document gitlab < 11.0.4 vulnerability.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16317 |
1.1_3 18 Jul 2018 23:15:44 |
lwhsu |
Update CVE number of 20a1881e-8a9e-11e8-bddf-d017c2ca229d
Sponsored by: The FreeBSD Foundation |
1.1_3 18 Jul 2018 15:53:33 |
lwhsu |
Fix range of 20a1881e-8a9e-11e8-bddf-d017c2ca229d
Sponsored by: The FreeBSD Foundation |
1.1_3 18 Jul 2018 15:50:59 |
lwhsu |
Document Jenkins Security Advisory 2018-07-18
Sponsored by: The FreeBSD Foundation |
1.1_3 18 Jul 2018 14:14:45 |
dbaio |
security/vuxml: Document irc/znc vulnerabilities
Reported by: gordon
Security: CVE-2018-14055
Security: CVE-2018-14056 |
1.1_3 18 Jul 2018 13:39:24 |
brnrd |
security/vuxml: Document Apache httpd vulns |
1.1_3 17 Jul 2018 17:28:15 |
gjb |
Remove vendor-specific CVE numbers, following r474804. This tag
is reserved for Mitre CVE numbers, otherwise it does not pass
validation.
Sponsored by: The FreeBSD Foundation |
1.1_3 17 Jul 2018 17:19:29 |
novel |
security/vuxml: update version range for latest qutebrowser vuln
Update version for www/qutebrowser CVE-2018-10895 to reflect 2018Q3 fix. |