Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_3 02 Nov 2017 21:02:37 |
brnrd |
security/vuxml: Document new OpenSSL vulnerabilitities |
1.1_3 01 Nov 2017 21:14:55 |
joneum |
Document wordpress issues
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D12898 |
1.1_3 30 Oct 2017 16:57:55 |
swills |
Document wireshark issues |
1.1_3 30 Oct 2017 14:31:11 |
tz |
Document PHP Vulnerability
Security: CVE-2016-1283
Security:
https://vuxml.FreeBSD.org/freebsd/de7a2b32-bd7d-11e7-b627-d43d7e971a1b.html |
1.1_3 28 Oct 2017 09:59:31 |
cpm |
Document new vulnerability in www/chromium < 62.0.3202.75
Obtained
from: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop_26.html
Security: CVE-2017-15396 |
1.1_3 27 Oct 2017 12:49:42 |
vd |
Document ftp/wget's stack and heap overflow
Submitted by: Andrew Perry <pez_098@yahoo.com>
Security: CVE-2017-13089
Security: CVE-2017-13090 |
1.1_3 26 Oct 2017 22:56:58 |
truckman |
Add headings to each Apache Openoffice vulnerability description. |
1.1_3 26 Oct 2017 22:46:35 |
truckman |
Update Apache OpenOffice entry. |
1.1_3 26 Oct 2017 18:09:10 |
bhughes |
security/vuxml: add node.js remote DoS vulnerability announced 2017-10-24
Reviewed by: swills
Approved by: swills (ports-secteam)
Security: d7d1cc94-b971-11e7-af3a-f1035dd0da62
Differential Revision: https://reviews.freebsd.org/D12788 |
1.1_3 25 Oct 2017 17:49:46 |
truckman |
Revert r452836 to re-add Apache Openoffice entry.
Remove empty <cvename/> to hopefully not break the build this time.
This passes "make validate" just like the last version did.
Suggested by: gavin |
1.1_3 25 Oct 2017 10:35:10 |
tz |
Document GitLab vulnerabilities
Security:
https://vuxml.FreeBSD.org/freebsd/418c172b-b96f-11e7-b627-d43d7e971a1b.html |
1.1_3 25 Oct 2017 09:18:26 |
gavin |
Revert r452818, the vuxmlweb build does not like empty CVE IDs.
This should likely be tested for as part of "make validate".
Hat: clusteradm |
1.1_3 24 Oct 2017 21:22:59 |
truckman |
Placeholder entry for editors/openoffice-4 and editors/openoffice-devel
multiple vulnerabilities. Details are currently embargoed. |
1.1_3 23 Oct 2017 08:57:12 |
brnrd |
security/vuxml: Document cURL vulnerability
- While here, fix date in latest mysql entry |
1.1_3 22 Oct 2017 22:25:53 |
dch |
Multiple vulnerabilites in www/h2o
Reviewed by: jrm (mentor)
Approved by: jrm (mentor)
Security: CVE-2017-10868
Security: CVE-2017-10869
Differential Revision: https://reviews.freebsd.org/D12763 |
1.1_3 22 Oct 2017 17:46:40 |
dbaio |
security/vuxml: Document multiple vulnerabilities in irc/irssi
Security: CVE-2017-15721
Security: CVE-2017-15722
Security: CVE-2017-15723
Security: CVE-2017-15727
Security: CVE-2017-15228
PR: 223169
Reported by: David O'Rourke <dor.bsd@xm0.uk> |
1.1_3 21 Oct 2017 23:01:18 |
cpm |
Document new vulnerabilities in www/chromium < 62.0.3202.62
Obtained
from: https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html |
1.1_3 19 Oct 2017 19:59:16 |
swills |
Document cacti issue |
1.1_3 19 Oct 2017 14:54:59 |
ak |
- Document arj archiver vulnerabilities |
1.1_3 18 Oct 2017 14:34:04 |
woodsb02 |
Ensure all krb5 packages are listed in the recent vulnerability entry |
1.1_3 18 Oct 2017 14:21:58 |
woodsb02 |
Fix formatting (line length) in recent krb5 vulnerability entry |
1.1_3 18 Oct 2017 14:17:39 |
woodsb02 |
Doucument recent MIT Kerberos (krb5) vulnerabilities |
1.1_3 18 Oct 2017 11:46:59 |
brnrd |
security/vuxml: Document MySQL vulnerabilities Q4 2017 |
1.1_3 17 Oct 2017 17:45:10 |
swills |
Document xorg issues |
1.1_3 17 Oct 2017 05:29:41 |
jkim |
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html |
1.1_3 17 Oct 2017 02:46:46 |
swills |
Fix version on solr issue |
1.1_3 16 Oct 2017 19:57:56 |
swills |
Document hostapd and wpa_supplicant issue
PR: 223051
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> |
1.1_3 16 Oct 2017 16:29:08 |
swills |
Document mercurial issue |
1.1_3 14 Oct 2017 10:46:24 |
madpilot |
Document textproc/freexl security vulnerabilities.
PR: 222130
Submitted by: lbartoletti@tuxfamily.org (maintainer) |
1.1_3 13 Oct 2017 17:25:50 |
swills |
Document ffmpeg issues
PR: 222957
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> |
1.1_3 13 Oct 2017 16:53:53 |
kwm |
Document xorg-server CVEs 2017-12176 through 2017-12187.
While here replace the SO-AND-SO part in the description of the previous
xorg-server entry[1], with the Alan Coopersmith who send the announce mail to
xorg-announce@ mailing list.
[1] entry: 4f8ffb9c-f388-4fbd-b90f-b3131559d888 |
1.1_3 13 Oct 2017 16:42:49 |
swills |
Document solr issue |
1.1_3 13 Oct 2017 13:39:52 |
swills |
Document jenkins issues |
1.1_3 12 Oct 2017 15:03:08 |
royger |
Document xen-kernel XSA-{237..244} |
1.1_3 12 Oct 2017 13:52:27 |
swills |
Document nss issue
PR: 222952
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> |
1.1_3 11 Oct 2017 18:30:51 |
swills |
Document libosip2 issue |
1.1_3 11 Oct 2017 18:06:46 |
swills |
Document ncurses issues |
1.1_3 11 Oct 2017 12:54:11 |
swills |
Document python issue |
1.1_3 10 Oct 2017 14:11:48 |
swills |
Document node issue |
1.1_3 10 Oct 2017 14:05:06 |
swills |
Document zookeeper issue |
1.1_3 10 Oct 2017 13:24:08 |
swills |
Document libtiff issue |
1.1_3 10 Oct 2017 11:17:19 |
sunpoet |
Document rubygems vulnerability |
1.1_3 09 Oct 2017 19:29:14 |
kwm |
Document two xorg-server vulnabilities.
Security: CVE-2017-13721, CVE-2017-13723 |
1.1_3 08 Oct 2017 13:26:52 |
jhale |
Fix range for 58fafead-cd13-472f-a9bd-d0173ba1b04c |
1.1_3 07 Oct 2017 00:07:13 |
swills |
update versions for tomcat issue |
1.1_3 07 Oct 2017 00:06:11 |
swills |
Document tomcat issue |
1.1_3 04 Oct 2017 07:56:03 |
brnrd |
security/vuxml: Document latest cURL vulnerability |
1.1_3 03 Oct 2017 15:47:26 |
zi |
- Re-add 6887828f-0229-11e0-b84d-00262d5ed8ee as cancelled, instead of purging
it
Submitted by: Mathieu Arnold <mat@FreeBSD.org> |
1.1_3 03 Oct 2017 13:41:15 |
feld |
Document FreeBSD-SA-17:06.openssh |
1.1_3 03 Oct 2017 13:40:26 |
feld |
Document FreeBSD-SA-17:05.heimdal |
1.1_3 03 Oct 2017 05:54:04 |
jbeich |
security/vuxml: seamonkey 2.49.1 build2 uses gecko from firefox 52.4 |
1.1_3 02 Oct 2017 19:19:10 |
mandree |
fix typo in dnsmasq < 2.78 entries
Security: b77b5646-a778-11e7-ac58-b499baebfeaf |
1.1_3 02 Oct 2017 15:15:13 |
brnrd |
security/vuxml: Fix title on latest entry |
1.1_3 02 Oct 2017 14:06:27 |
brnrd |
security/vuxml: Document dnsmasq vulnerabilities |
1.1_3 29 Sep 2017 16:37:20 |
zi |
- Add a warning if the description section seems unnecessarily large
Submitted by: Vladimir Krstulja
Approved by: ports-secteam (with hat) |
1.1_3 29 Sep 2017 16:28:22 |
zi |
- Condense additional entries where description >4500 characters
Approved by: ports-secteam (with hat) |
1.1_3 29 Sep 2017 15:51:08 |
zi |
- Condense entries whose description is >5000 characters
Approved by: ports-secteam (with hat) |
1.1_3 29 Sep 2017 15:31:32 |
zi |
- Add date format validation
Submitted by: Vladimir Krstulja (via IRC) |
1.1_3 29 Sep 2017 15:28:54 |
zi |
- Purge another batch of superceded www/chromium entries to give us additional
headroom under the 5M vuln.xml file size limit
Approved by: ports-secteam (with hat) |
1.1_3 29 Sep 2017 15:23:57 |
swills |
Document phpmyfaq issues |
1.1_3 29 Sep 2017 15:17:49 |
swills |
Document wordpress issues |
1.1_3 29 Sep 2017 15:17:04 |
zi |
- Fix invalid date entries
- Purge 6887828f-0229-11e0-b84d-00262d5ed8ee as it has been superceded by other
entries and it is massive. (We have hit 5M on vuln.xml) |
1.1_3 29 Sep 2017 13:20:16 |
swills |
Fix date format
While here, correct some grammar
PR: 222683
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> |
1.1_3 28 Sep 2017 22:47:58 |
jbeich |
security/vuxml: mark firefox < 56 as vulnerable |
1.1_3 28 Sep 2017 20:53:46 |
swills |
Document sam2p issue |
1.1_3 28 Sep 2017 14:53:43 |
swills |
docuent libraw issue |
1.1_3 27 Sep 2017 21:16:36 |
mandree |
Extend OpenVPN security issue to slave ports.
Security: CVE-2017-12166
Security: 3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8 |
1.1_3 27 Sep 2017 21:13:24 |
mandree |
Document OpenVPN <2.4.4 CVE-2017-12166 legacy vuln.
Security: CVE-2017-12166
Security: 3dd6ccf4-a3c6-11e7-a52e-0800279f2ff8 |
1.1_3 27 Sep 2017 16:50:21 |
rakuco |
Fix version range for libzip's CVE-2017-14107 (r450692).
I am going to land a fix for libzip 1.1.3 (the version currently in the ports
tree) instead of updating the port to 1.3.0. 1.3.0 has a different SOVERSION
number, which also requires updating dependent ports and makes MFH'ing the fix
more difficult.
PR: 222638 |
1.1_3 27 Sep 2017 15:38:47 |
swills |
Document ImageMagick issue |
1.1_3 27 Sep 2017 15:33:46 |
sunpoet |
Update rubygem-geminabox vulnerability |
1.1_3 27 Sep 2017 15:20:31 |
swills |
Document libofx issue |
1.1_3 27 Sep 2017 14:36:02 |
swills |
Correct version of libbson issue |
1.1_3 26 Sep 2017 21:32:56 |
swills |
Document sugarcrm issue |
1.1_3 26 Sep 2017 18:31:50 |
swills |
Document libzip issue |
1.1_3 26 Sep 2017 18:14:30 |
swills |
Document libbson issue |
1.1_3 26 Sep 2017 17:44:24 |
swills |
Document multiple vulnerabilities in tcpdump |
1.1_3 26 Sep 2017 14:48:25 |
swills |
Document libraw issue |
1.1_3 26 Sep 2017 14:46:57 |
swills |
Document libraw issue |
1.1_3 26 Sep 2017 14:39:02 |
swills |
Document issue in gd |
1.1_3 26 Sep 2017 14:37:01 |
swills |
Document issue in php and gd |
1.1_3 26 Sep 2017 13:20:00 |
swills |
Document ledger vulnerabilities |
1.1_3 26 Sep 2017 12:19:09 |
swills |
Document aacplusenc issue |
1.1_3 26 Sep 2017 12:12:25 |
swills |
Document ansible issue |
1.1_3 25 Sep 2017 14:48:13 |
swills |
Add second CVE To geminabox entry, update versions affected |
1.1_3 25 Sep 2017 11:05:15 |
brnrd |
security/vuxml: Document WeeChat 1.9 vulnerability |
1.1_3 24 Sep 2017 19:08:19 |
sunpoet |
Document Perl vulnerability |
1.1_3 22 Sep 2017 21:45:56 |
cpm |
Document new vulnerabilities in www/chromium < 61.0.3163.100
Obtained
from: https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html |
1.1_3 19 Sep 2017 20:12:53 |
madpilot |
Add new asterisk ports vulnerability. |
1.1_3 19 Sep 2017 18:17:33 |
jbeich |
security/vuxml: adjust for seamonkey 2.49.1 |
1.1_3 19 Sep 2017 16:59:15 |
sunpoet |
Document Ruby vulnerability |
1.1_3 19 Sep 2017 15:49:00 |
sunpoet |
Document rubygem-geminabox vulnerability |
1.1_3 19 Sep 2017 12:23:01 |
brd |
Add new entry for Apache "OptionsBleed"
Reviewed by: zi |
1.1_3 14 Sep 2017 10:12:21 |
tz |
Document GitLab vulnerabilities
Security: CVE-2017-5029
Security: CVE-2016-4738
Security:
https://vuxml.FreeBSD.org/freebsd/6a177c87-9933-11e7-93f7-d43d7e971a1b.html |
1.1_3 13 Sep 2017 13:22:14 |
ashish |
- Add emacs-devel to the list of affected packages by emacs vulnerability
- Move it to the top, didn't realize this before. Sorry |
1.1_3 12 Sep 2017 19:48:41 |
jkim |
Document latest Flash Player vulnerabilities.
https://helpx.adobe.com/security/products/flash-player/apsb17-28.html |
1.1_3 12 Sep 2017 14:53:35 |
ashish |
- Correct package name in Emacs vulnerability
- Also add emacs-nox11 to the list |
1.1_3 12 Sep 2017 13:25:17 |
ashish |
- Document emacs vulnerability |
1.1_3 10 Sep 2017 16:54:03 |
ume |
Document cyrus-imapd vulnerability
Security: CVE-2017-14230 |
1.1_3 07 Sep 2017 20:13:17 |
sunpoet |
Fix indent |