Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_3 24 Jul 2018 06:33:50 |
miwi |
- Exclude LibreSSL 2.6.5 from CVE-2018-0732 entry
PR: 229037
Sponsored by: iXsystems Inc. |
1.1_3 21 Jul 2018 08:51:37 |
tijl |
Remove linux expat packages from latest expat entry. Red Hat has marked
these "will not fix" because of the low impact so there's no point in
nagging users about this.
https://access.redhat.com/security/cve/cve-2016-9063
https://access.redhat.com/security/cve/cve-2017-9233 |
1.1_3 21 Jul 2018 06:58:42 |
woodsb02 |
security/vuxml: Add CVE details for VLC vulnerability |
1.1_3 21 Jul 2018 06:50:36 |
woodsb02 |
security/vuxml: document VLC vulnerability |
1.1_3 19 Jul 2018 15:37:57 |
fernape |
security/vuxml: add mutt vulnerabilities
Include mutt vulnerabilities for mutt < 1.10.1
PR: 229810
Submitted by: dereks@lifeofadishwasher.com
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D16321 |
1.1_3 19 Jul 2018 12:39:21 |
gahr |
security/vuxml: fix typo |
1.1_3 19 Jul 2018 12:04:03 |
gahr |
security/vuxml: document NeoMutt and Mutt vulnerabilities |
1.1_3 19 Jul 2018 06:44:46 |
mfechner |
Document gitlab < 11.0.4 vulnerability.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16317 |
1.1_3 18 Jul 2018 23:15:44 |
lwhsu |
Update CVE number of 20a1881e-8a9e-11e8-bddf-d017c2ca229d
Sponsored by: The FreeBSD Foundation |
1.1_3 18 Jul 2018 15:53:33 |
lwhsu |
Fix range of 20a1881e-8a9e-11e8-bddf-d017c2ca229d
Sponsored by: The FreeBSD Foundation |
1.1_3 18 Jul 2018 15:50:59 |
lwhsu |
Document Jenkins Security Advisory 2018-07-18
Sponsored by: The FreeBSD Foundation |
1.1_3 18 Jul 2018 14:14:45 |
dbaio |
security/vuxml: Document irc/znc vulnerabilities
Reported by: gordon
Security: CVE-2018-14055
Security: CVE-2018-14056 |
1.1_3 18 Jul 2018 13:39:24 |
brnrd |
security/vuxml: Document Apache httpd vulns |
1.1_3 17 Jul 2018 17:28:15 |
gjb |
Remove vendor-specific CVE numbers, following r474804. This tag
is reserved for Mitre CVE numbers, otherwise it does not pass
validation.
Sponsored by: The FreeBSD Foundation |
1.1_3 17 Jul 2018 17:19:29 |
novel |
security/vuxml: update version range for latest qutebrowser vuln
Update version for www/qutebrowser CVE-2018-10895 to reflect 2018Q3 fix. |
1.1_3 17 Jul 2018 15:38:01 |
gjb |
Comment a project-specific CVE reference in attempt to fix the build.
Sponsored by: The FreeBSD Foundation |
1.1_3 17 Jul 2018 15:29:24 |
joneum |
Document vulberability for typo3-7 and typo3-8 |
1.1_3 15 Jul 2018 15:17:45 |
fernape |
security/vuxml: add entry for devel/upp
Affected by CVE-2018-874
PR: 227414
Reported by: lightside@gmx.com
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D16017 |
1.1_3 15 Jul 2018 15:13:15 |
eugen |
Document several security defects in the Bouncy Castle Crypto APIs
before version 1.60
Obtained from: https://www.bouncycastle.org/latest_releases.html
Security: https://vuxml.FreeBSD.org/freebsd/fe93803c-883f-11e8-9f0c-001b216d295b |
1.1_3 15 Jul 2018 06:25:25 |
novel |
Document www/qutebrowser CSRF vulnerability
Reviewed by: miwi
Security: CVE-2018-10895 |
1.1_3 11 Jul 2018 17:24:27 |
jkim |
Fix typos.
Reported by: N.J. Mann (njm at njm dot me dot uk) |
1.1_3 11 Jul 2018 16:44:26 |
jkim |
Document the latest Flash Player vulnerabilities.
https://helpx.adobe.com/security/products/flash-player/apsb18-24.html |
1.1_3 11 Jul 2018 16:27:23 |
mfechner |
Document vulnerability for libgit2 < 0.27.3.
Reviewed by: swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D16220 |
1.1_3 11 Jul 2018 13:50:00 |
gjb |
Fix build.
Sponsored by: The FreeBSD Foundation |
1.1_3 11 Jul 2018 13:09:47 |
dch |
security/vuxml: add CVE for Apache CouchDB 1.7.2 (databases/couchdb)
Approved by: jrm
Differential Revision: https://reviews.freebsd.org/D16212 |
1.1_3 09 Jul 2018 19:16:50 |
ler |
security/vuxml: document vulnerabilities in security/clamav. |
1.1_3 09 Jul 2018 08:19:46 |
miwi |
- Document devel/zziplib - multible vulnerabilities
PR: 226491
Sponsored by: iXsystems Inc. |
1.1_3 08 Jul 2018 14:45:34 |
joneum |
Document wordpress issues |
1.1_3 07 Jul 2018 14:25:02 |
jbeich |
security/vuxml: seamonkey-2.49.4 contains firefox-52.9.0 |
1.1_3 07 Jul 2018 11:08:40 |
joneum |
Document vulnerability in www/mybb |
1.1_3 05 Jul 2018 11:23:46 |
dbaio |
security/vuxml: Document expat vulnerabilities
libwww is also vulnerable because it has expat in its source tree.
Security: CVE-2016-9063
Security: CVE-2017-9233 |
1.1_3 03 Jul 2018 13:13:55 |
dch |
security/vuxml: add CVE-2018-0608 for www/h2o
PR: 228762
Approved by: jrm
Security: CVE-2018-0608
Differential Revision: https://reviews.freebsd.org/D16110 |
1.1_3 26 Jun 2018 16:27:38 |
jbeich |
security/vuxml: mark firefox < 61 as vulnerable |
1.1_3 26 Jun 2018 15:27:24 |
mfechner |
Vulnerability entry for www/gitlab.
Reviewed by: tz (mentor)
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D16010 |
1.1_3 25 Jun 2018 21:55:23 |
mandree |
Fixup |
1.1_3 25 Jun 2018 21:54:56 |
mandree |
Link release announcement to mail/mailman < 2.1.27 vuln/CVE 2018-0618 |
1.1_3 25 Jun 2018 21:45:41 |
mandree |
Add mailman vulnerabilities/hardening.
Obtained from: Mark Sapiro
Security: 739948e3-78bf-11e8-b23c-080027ac955c
Security: CVE-2018-0618
Security: JVN#00846677
Security: JPCERT#97432283 |
1.1_3 22 Jun 2018 23:16:01 |
matthew |
Docuement the latest phpMyAdmin vulnerabilities |
1.1_3 21 Jun 2018 22:49:54 |
feld |
Document SA-18:07.lazyfpu |
1.1_3 20 Jun 2018 19:38:13 |
sunpoet |
Document GraphicsMagick vulnerability
PR: 223629
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> |
1.1_3 17 Jun 2018 18:14:02 |
mfechner |
Document vulnerability for libgit2 and py-pygit2.
Reviewed by: tz (mentor)
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D15668 |
1.1_3 16 Jun 2018 14:43:00 |
jrm |
security/vuxml: document Slurm vulnerability
https://lists.schedmd.com/pipermail/slurm-announce/2018/000008.html
While here, silence validation warnings caused by node.js 2018-06-15 entry. |
1.1_3 15 Jun 2018 05:09:51 |
bhughes |
security/vuxml: document Node.js vulnerabilities
https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/ |
1.1_3 14 Jun 2018 21:02:31 |
rene |
List GPG parsing vulnerabilities in sysutils/password-store < 1.7.2 |
1.1_3 14 Jun 2018 13:24:18 |
brnrd |
security/vuxml: Document LibreSSL vuln |
1.1_3 13 Jun 2018 18:51:55 |
cpm |
Document libgcrypt side-channel attack vulnerability
Security: CVE-2018-0495 |
1.1_3 12 Jun 2018 13:55:33 |
adamw |
Update gnupg entry now that gnupg1-1.4.23 has landed |
1.1_3 12 Jun 2018 13:44:06 |
brnrd |
security/vuxml: Bump PORTREV for openssl
- Chase missing svn add for openssl |
1.1_3 12 Jun 2018 13:01:11 |
brnrd |
security/vuxml: Document today's OpenSSL vuln (low) |
1.1_3 11 Jun 2018 22:57:11 |
madpilot |
Document new asterisk vulnerabilities. |
1.1_3 11 Jun 2018 22:50:00 |
madpilot |
Fix error in old asterisk entry. |
1.1_3 10 Jun 2018 08:47:07 |
cpm |
Document new vulnerability in www/chromium < 67.0.3396.79
Obtained
from: https://chromereleases.googleblog.com/2018/06/stable-channel-update-for-desktop.html |
1.1_3 08 Jun 2018 14:29:04 |
gjb |
Fix vuxml build.
Sponsored by: The FreeBSD Foundation |
1.1_3 08 Jun 2018 14:20:56 |
adamw |
Add entry for gnupg CVE |
1.1_3 08 Jun 2018 07:52:40 |
jbeich |
security/vuxml: mark firefox < 60.0.2 as vulnerable |
1.1_3 08 Jun 2018 00:25:32 |
jkim |
Document the latest Flash Player vulnerabilities.
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html |
1.1_3 06 Jun 2018 16:56:53 |
leres |
Mark bro < 2.5.4 as vulnerable as per:
https://www.bro.org/download/NEWS.bro.html
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D15677 |
1.1_3 05 Jun 2018 20:23:03 |
jrm |
security/vuxml/vuln.xml: Fix indentation (silences make validate)
Reported by: mfechner |
1.1_3 04 Jun 2018 20:10:22 |
mfechner |
Document new vulnerabilities in www/gitlab < 10.8.2 or < 10.7.5 or < 10.6.6.
Reviewed by: tz (mentor)
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D15635 |
1.1_3 03 Jun 2018 00:37:06 |
jrm |
security/vuxml: Fix version ranges for latest Git vulnerabilities
Reported by: jbeich |
1.1_3 02 Jun 2018 20:51:49 |
jrm |
security/vuxml: Document devel/git CVEs (2018-11233 and 2018-11235) |
1.1_3 31 May 2018 12:42:04 |
krion |
Document security/strongswan multiple vulnerabilities
((CVE-2018-10811, CVE-2018-5388)
PR: 228631
Submitted by: strongswan@Nanoteq.com |
1.1_3 30 May 2018 21:47:40 |
cpm |
Document new vulnerabilities in www/chromium < 67.0.3396.62
Obtained
from: https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html |
1.1_3 21 May 2018 03:12:12 |
delphij |
Document BIND multiple vulnerabilities. |
1.1_3 20 May 2018 13:14:18 |
zeising |
Update VuXML entry for xorg-server issues
Update VuXML entry for xorg-server issues related to CVE-2017-10971 and
CVE-2017-10972. The version check was wrong missing the portepoch which
meant that the entry never matched anything. It was also only added for
xorg-server 1.19, while we have 1.18 in base.
Fix formatting and edit the overly long lines. |
1.1_3 16 May 2018 23:56:06 |
sunpoet |
Document curl vulnerability |
1.1_3 13 May 2018 07:21:27 |
riggs |
Document vulnerabilities in wavpack 5.1.0 and earlier
PR: 228146
Submitted by: yasu@utahime.org |
1.1_3 13 May 2018 06:16:49 |
riggs |
Bump maximum description length to 5000
Details:
Thanks to www/chromium, we now have a valid entry with 4933 characters.
Entries this long will probably remain exceptions, but there should
not be a warning for the currently valid entries. |
1.1_3 13 May 2018 06:01:45 |
riggs |
Bump copyright to 2018 |
1.1_3 13 May 2018 06:00:55 |
riggs |
Document vulnerabilities in chromium before 66.0.3359.170
Reported by: Tommi Pernila <tommi.pernila@iki.fi> via e-mail |
1.1_3 10 May 2018 14:47:46 |
swills |
Document jenkins security issues |
1.1_3 09 May 2018 20:32:25 |
jbeich |
security/vuxml: mark firefox < 60 as vulnerable
PR: 226476 |
1.1_3 09 May 2018 16:32:15 |
pi |
security/vuxml: document kamailio CVE-2018-8828
PR: 227677
Submitted by: Ben Hood <ben@relops.com> |
1.1_3 09 May 2018 16:15:24 |
vd |
Document ftp/wget's cookie injection vulnerability
Submitted by: Yasuhiro KIMURA <yasu@utahime.org>
MFH: 2018Q2
Security: CVE-2018-0494 |
1.1_3 09 May 2018 05:54:52 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb18-16.html |
1.1_3 08 May 2018 20:21:39 |
feld |
Document FreeBSD-SA-18:06.debugreg |
1.1_3 05 May 2018 17:22:42 |
sunpoet |
Document python vulnerability |
1.1_3 04 May 2018 14:28:58 |
adridg |
Security notice regarding kwallet-pam (KDE Plasma5).
https://www.kde.org/info/security/advisory-20180503-1.txt
The port is not built by default through the regular KDE packages,
and has been in the ports tree only a week; the impact is expected
to be low.
Approved by: tcberner (mentor, implicit) |
1.1_3 03 May 2018 18:45:49 |
joneum |
Document multiple vulnerabilities in www/drupal7 and www/drupal8 |
1.1_3 02 May 2018 10:39:24 |
mfechner |
Document vulnerabilities in gitlab for several versions.
Reviewed by: eugen_grosbein.net, tz (mentor)
Approved by: eugen_grosbein.net, tz (mentor)
Differential Revision: https://reviews.freebsd.org/D15248 |
1.1_3 30 Apr 2018 19:19:35 |
riggs |
Document free-after-use issue in chromium before 66.0.3359.139
Submitted by: Tommi Pernila <tommi.pernila@iki.fi> via e-mail
Security: CVE-2018-6118 |
1.1_3 26 Apr 2018 11:00:39 |
woodsb02 |
Document vulnerabilities in quassel before 0.12.5
Security: https://vuxml.freebsd.org/freebsd/499f6b41-58db-4f98-b8e7-da8c18985eda.html |
1.1_3 24 Apr 2018 18:07:21 |
riggs |
Document vulnerabilities in chromium before 66.0.3359.117
Submitted by: tommi.pernila@iki.fi (via mail to ports-secteam)
Reviewed by: riggs |
1.1_3 23 Apr 2018 19:17:27 |
tijl |
Document mbed TLS vulnerabilities
Security: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released |
1.1_3 21 Apr 2018 09:07:08 |
brnrd |
security/vuxml: Document MySQL vulns from quarterly Oracle CPU |
1.1_3 20 Apr 2018 20:50:36 |
joneum |
Document wordpress issues |
1.1_3 19 Apr 2018 19:17:33 |
matthew |
Document the latest phpMyAdmin vulnerabilities |
1.1_3 19 Apr 2018 18:08:47 |
acm |
- Document drupal8 vulnerability |
1.1_3 16 Apr 2018 17:46:26 |
brnrd |
security/vuxml: Bump portrev for latest OpenSSL vuln |
1.1_3 16 Apr 2018 17:05:57 |
brnrd |
security/vuxml: Add OpenSSL vulnerability |
1.1_3 16 Apr 2018 07:32:49 |
joneum |
Add Blockquote
pointy hat to joneum |
1.1_3 16 Apr 2018 07:26:58 |
joneum |
Document multiple vulnerabilities in www/drupal7
Security: CVE-2018-7600 |
1.1_3 15 Apr 2018 20:04:09 |
sunpoet |
Document Perl vulnerability |
1.1_3 15 Apr 2018 19:12:25 |
sunpoet |
Update freeimage vulnerability |
1.1_3 14 Apr 2018 12:04:55 |
eugen |
ipsec-tools: document remotely exploitable computational-complexity attack.
PR: 225066
Security: CVE-2016-10396 |
1.1_3 13 Apr 2018 20:49:04 |
sunpoet |
Document nghttp2 vulnerability |
1.1_3 13 Apr 2018 07:18:56 |
ale |
Document roundcube IMAP command injection vulnerability. |
1.1_3 12 Apr 2018 17:54:28 |
swills |
Document Jenkins vulnerabilities |
1.1_3 10 Apr 2018 18:41:22 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb18-08.html |
1.1_3 09 Apr 2018 13:55:20 |
mfechner |
Fixed a wrong version definition for gitlab that report 10.4.6 as affected.
PR: 227293
Reported by: majo-bugs.freebsd.org@cerny.sk
Reviewed by: dbaio, swills (mentor)
Approved by: swills (mentor)
Differential Revision: https://reviews.freebsd.org/D14999 |