Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_6 31 May 2023 06:08:43 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 114.0.5735.90
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html |
1.1_6 28 May 2023 09:09:37 |
Bernard Spil (brnrd) |
security/vuxml: Document MariaDB vulnerability |
1.1_6 22 May 2023 17:33:26 |
Florian Smeets (flo) |
security/vuxml: add phpmyfaq < 3.1.14 |
1.1_6 19 May 2023 21:04:47 |
Renato Botelho (garga) Author: R. Christian McDonald |
security/vuxml: Add curl 8.1.0 CVEs
Sponsored by: <Rubicon Communications, LLC ("Netgate") |
1.1_6 19 May 2023 17:35:07 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.9 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.9
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of FTP packets with a CMD command
with a large path followed by a very large number of replies
could cause Zeek to spend a long time processing the data.
- A specially-crafted with a truncated header can cause Zeek to
overflow memory and potentially crash.
- A specially-crafted series of SMTP packets can cause Zeek to
generate a very large number of events and take a long time to
process them.
- A specially-crafted series of POP3 packets containing MIME data
can cause Zeek to spend a long time dealing with each individual
file ID.
Reported by: Tim Wojtulewicz |
1.1_6 18 May 2023 07:56:43 |
Hiroki Tagato (tagattie) |
security/vuxml: document electron vulnerability
Obtained from: https://github.com/electron/electron/releases/tag/v22.3.10,
https://github.com/electron/electron/releases/tag/v23.3.3 |
1.1_6 17 May 2023 11:45:07 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 113.0.5672.126
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html |
1.1_6 16 May 2023 02:07:19 |
Danilo G. Baio (dbaio) |
security/vuxml: Remove empty cvename entry
This should fix the FreeBSD VuXML website build. |
1.1_6 13 May 2023 21:11:47 |
Matthias Andree (mandree) |
security/vuxml: add missing xmlns to body tag of
2023's vuln entry 8e20430d-a72b-11ed-a04f-40b034455553
(MinIO admin user creation from unprivileged account, CVE-2022-24842)
This fixes vxquery complaints (the line number might differ
depending on how many entries we've added to vuln/2023.xml):
Parsing failed @ line 4675:
Expected element in XHTML namespace. |
1.1_6 13 May 2023 05:56:47 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerability |
1.1_6 12 May 2023 07:39:35 |
Alexander Leidinger (netchild) |
security/vuxml: add piwigo vulnerabilities |
1.1_6 11 May 2023 15:42:13 |
Palle Girgensohn (girgen) |
security/vuxml: document postgresql-server vulnerabilities
CVE-2023-2454
CVE-2023-2455 |
1.1_6 10 May 2023 11:35:05 |
Hiroki Tagato (tagattie) |
security/vuxml: document vscode information disclosure vulnerability
Obtained
from: https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr |
1.1_6 08 May 2023 13:03:02 |
Fernando Apesteguía (fernape) |
security/vuxml: Multiple glpi vulnerabilities
CVE-2023-28849
CVE-2023-28632
CVE-2023-28838
CVE-2023-28852
CVE-2023-28636
CVE-2023-28639
CVE-2023-28634
CVE-2023-28633
PR: 271286
Reported by: mathias@monnerville.com |
1.1_6 08 May 2023 06:22:36 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document crash on access vulnerability in redis |
1.1_6 06 May 2023 05:57:41 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerability |
1.1_6 05 May 2023 00:44:57 |
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_6 03 May 2023 06:15:46 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 113.0.5672.63
Approved by: rene (mentor, implicit)
Obtained
from: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html |
1.1_6 02 May 2023 20:09:52 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_6 01 May 2023 18:15:43 |
Fernando Apesteguía (fernape) |
security/vuxml: Add net/cloud-init* CVE
CVE-2023-1786: Sensitive data leak. |
1.1_6 30 Apr 2023 20:20:46 |
Dave Cottlehuber (dch) |
security/vuxml: add h2o CVE-2023-30847 entry
Security: 4da51989-5a8b-4eb9-b442-46d94ec0802d
Security: CVE-2023-30847 |
1.1_6 28 Apr 2023 14:20:47 |
Matthias Andree (mandree) |
security/vuxml: Update ghostscript CVE-2023-28879 entry
and mark ghostscript9-agpl-base 9.56.1_10 as fixed,
and remove ghostscript9-agpl-x11 which does not seem to be
using the vulnerable code.
Security: 25872b25-da2d-11ed-b715-a1e76793953b
Security: CVE-2023-28879
PR: 270823 |
1.1_6 27 Apr 2023 07:49:23 |
Matthew Seaman (matthew) Author: Boris Korzun |
security/vuxml: Document grafana{8,9} security vulnerabilities
* CVE-2023-1387
* CVE-2023-24538
PR: 271086
Reported by: Boris Korzun |
1.1_6 26 Apr 2023 14:26:37 |
Renato Botelho (garga) |
security/vuxml: Document devel/git vulnerabilities
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_6 26 Apr 2023 06:12:59 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability in www/element-web |
1.1_6 25 Apr 2023 13:20:40 |
Fernando Apesteguía (fernape) |
security/vuxml: jellyfin multiple vulnerabilities
CVE-2023-30626 - directory traversal vulnerability
CVE-2023-30627 - XSS vulnerability
PR: 271041
Reported by: debdrup@ |
1.1_6 24 Apr 2023 18:00:50 |
Florian Smeets (flo) |
security/vuxml: add phpmyfaq < 3.1.13 |
1.1_6 22 Apr 2023 12:27:15 |
Bernard Spil (brnrd) |
security/vuxml: Fix URLs in MySQL 2023Q2 vulnerabilities |
1.1_6 22 Apr 2023 12:20:32 |
Bernard Spil (brnrd) |
security/vuxml: Document MySQL 2023Q2 vulnerabilities |
1.1_6 21 Apr 2023 18:16:34 |
Matthias Andree (mandree) |
security/vuxml: fix typo in ghostscript entry update |
1.1_6 21 Apr 2023 18:09:19 |
Matthias Andree (mandree) |
security/vuxml: fix up ghostscript version range of CVE-2023-28879
Pointy hat to: mandree@ for misreading the quoted Artifex page
Reported by: Nicholas Taylor <nicholas.e.taylor@gmail.com>
PR: 270823 (comment #3)
Security: CVE-2023-28879
Security: 25872b25-da2d-11ed-b715-a1e76793953b |
1.1_6 20 Apr 2023 17:49:18 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.165
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Differential Revision: https://reviews.freebsd.org/D39717 |
1.1_6 16 Apr 2023 07:09:27 |
Florian Smeets (flo) |
security/vuxml: add libxml2 < 2.10.4 |
1.1_6 15 Apr 2023 21:11:18 |
Florian Smeets (flo) |
security/vuxml: add mod_gnutls <= 0.12.1 |
1.1_6 15 Apr 2023 17:53:33 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.121
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
Differential Revision: https://reviews.freebsd.org/D39578 |
1.1_6 14 Apr 2023 08:29:45 |
Philip Paeps (philip) |
security/vuxml: fix vuxml build
Remove invalid CVE entries introduced in d58bc805721a.
Pointy hat to: wen |
1.1_6 13 Apr 2023 20:10:39 |
Matthias Andree (mandree) |
security/vuxml: revise ghostscript vuln entry. |
1.1_6 13 Apr 2023 19:20:07 |
Matthias Andree (mandree) |
security/vuxml: ghostscript < 10.01.1 buffer overflow
Security: 25872b25-da2d-11ed-b715-a1e76793953b
Security: CVE-2023-28879 |
1.1_6 12 Apr 2023 06:16:37 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.8 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.8
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted stream of FTP packets containing a command
reply with many intermediate lines can cause Zeek to spend a
large amount of time processing data.
- A specially-crafted set of packets containing extremely large
file offsets cause cause the reassembler code to allocate large
amounts of memory.
- The DNS manager does not correctly expire responses that don't (Only the first 15 lines of the commit message are shown above ) |
1.1_6 12 Apr 2023 04:32:25 |
Philip Paeps (philip) Author: Hubert Tournier |
security/vuxml: add another batch of pysec vulnerabilities
Vulnerable Python ports discovered with pysec2vuxml.
See also: <https://github.com/HubTou/pysec2vuxml>.
PR: 270744 |
1.1_6 10 Apr 2023 22:54:54 |
Jan Beich (jbeich) |
security/vuxml: mark ffmpeg >= 4.4.4,1 as not vulnerable |
1.1_6 10 Apr 2023 21:39:54 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerability in traefik before 2.9.9_1 |
1.1_6 10 Apr 2023 06:38:03 |
Philip Paeps (philip) Author: Hubert Tournier |
security/vuxml: document 20 py*-* vulnerabilities
Vulnerable Python ports discovered with pysec2vuxml.
See also: <https://github.com/HubTou/pysec2vuxml>.
PR: 270723 |
1.1_6 09 Apr 2023 10:02:35 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 112.0.5615.49
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
Differential Revision: https://reviews.freebsd.org/D39423 |
1.1_6 09 Apr 2023 09:56:01 |
Rene Ladan (rene) |
security/vuxml: fix whitespace error
Reported by: `make validate` |
1.1_6 08 Apr 2023 15:13:24 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6 07 Apr 2023 14:52:06 |
Timur I. Bakeyev (timur) |
securily/vuxml: document Samba vulnerabilities
CVE-2023-0225, CVE-2023-0922, CVE-2023-0614
Security: CVE-2023-0225
CVE-2023-0922
CVE-2023-0614 |
1.1_6 07 Apr 2023 12:25:37 |
Jan Beich (jbeich) |
security/vuxml: mark ffmpeg < 5.0.3,1 as vulnerable |
1.1_6 01 Apr 2023 07:33:55 |
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6 01 Apr 2023 07:12:53 |
Matthew Seaman (matthew) |
security/vuxml: document grafana vulnerabilities
CVE-2023-1410
PR: 270562
Reported by: Boris Korzun |
1.1_6 31 Mar 2023 04:29:06 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_6 30 Mar 2023 21:27:40 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document ReDoS vulnerability in rubygem-time |
1.1_6 30 Mar 2023 21:27:36 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document ReDoS vulnerability in rubygem-uri |
1.1_6 30 Mar 2023 19:02:28 |
Florian Smeets (flo) Author: Ralf van der Enden |
security/vuxml: Document powerdns vulnerabilities
PR: 270537 |
1.1_6 30 Mar 2023 11:42:19 |
Bernard Spil (brnrd) |
security/vuxml: Fix typo in blockquote |
1.1_6 29 Mar 2023 23:42:05 |
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.8,1 as vulnerable |
1.1_6 29 Mar 2023 18:31:57 |
Bernard Spil (brnrd) |
security/vuxml: Document 2 OpenSSL vulnerabilities |
1.1_6 29 Mar 2023 00:26:44 |
Ashish SHUKLA (ashish) |
security/vuxml: Document security vulnerabilities in Matrix clients |
1.1_6 24 Mar 2023 18:16:54 |
Florian Smeets (flo) |
security/vuxml: phpmyfaq vulnerabilities |
1.1_6 24 Mar 2023 12:36:45 |
Bernard Spil (brnrd) |
security/vuxml: Adapt OpenSSL vuln for openssl-quictls |
1.1_6 24 Mar 2023 11:42:38 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL DoS vulnerability |
1.1_6 24 Mar 2023 09:54:08 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible denial of service vulnerability in rack |
1.1_6 24 Mar 2023 09:52:58 |
Yasuhiro Kimura (yasu) |
security/vuxml: Fix range of rubygem-rack22 in
f0798a6a-bbdb-11ed-ba99-080027f5fec9
Fixes: ea12c503acc8 |
1.1_6 24 Mar 2023 05:05:24 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability in net-im/dino |
1.1_6 23 Mar 2023 18:05:12 |
Jan Beich (jbeich) |
security/vuxml: mark libXpm < 3.5.15 as vulnerable |
1.1_6 23 Mar 2023 15:01:09 |
Ashish SHUKLA (ashish) |
security/vuxml: Remove empty cvename tag in jenkins entry |
1.1_6 23 Mar 2023 13:54:03 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for security/tailscale
PR: 270406 |
1.1_6 22 Mar 2023 09:12:58 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 111.0.5563.110
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html |
1.1_6 21 Mar 2023 08:01:05 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document denial-of-serviece vulnerability in redis |
1.1_6 20 Mar 2023 09:10:32 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in curl |
1.1_6 16 Mar 2023 19:44:47 |
Florian Smeets (flo) |
security/vuxml: Document phpmyadmin vulnerabilities |
1.1_6 12 Mar 2023 18:31:09 |
Fernando Apesteguía (fernape) |
security/vuxml: Autofill CVE information
The `newentry` target accepts an optional parameter CVE_ID.
When provided, the newentry.sh script tries to retrieve information from the
NVD and MITRE databases and fill the template accordingly.
The script needs `textproc/jq` and warns the user and exists if it is not found.
How to use it:
make newentry CVE_ID=CVE-2022-39282
Note that this is just a helper. *YOU HUMAN* have to check that the information
is correct.
Reviewed by: tcberner, jlduran_gmail.com, mat
Differential Revision: https://reviews.freebsd.org/D38894 |
1.1_6 11 Mar 2023 09:12:55 |
Jochen Neumeister (joneum) |
security/vuxml: Document Apache httpd vulnerabilities
Sponsored by: Netzkommune GmbH |
1.1_6 10 Mar 2023 08:30:56 |
Don Lewis (truckman) |
security/vuxml: fix typo in the openoffice entry
Fix a typo in the openoffice devel version value in the latest
openoffice entry. |
1.1_6 09 Mar 2023 17:46:35 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 111.0.5563.64
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
Differential Revision: https://reviews.freebsd.org/D38992 |
1.1_6 09 Mar 2023 16:35:07 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2023-03-08
Sponsored by: The FreeBSD Foundation |
1.1_6 09 Mar 2023 07:56:23 |
Fernando Apesteguía (fernape) Author: Zoltan ALEXANDERSON BESSE |
security/vuxml: databases/mantis <2.25.6 CVEs
CVE-2023-22476 and CVE-2022-31129
ChangeLog:
https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6
PR: 270039
Reported by: zab@zltech.eu |
1.1_6 08 Mar 2023 14:44:44 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerability |
1.1_6 08 Mar 2023 01:17:01 |
Don Lewis (truckman) |
security/vuxml: openoffice 2022 vulnerabilities
Belatedly document Apache OpenOffice vulnerabilities from 2022. The
port was broken at the time. |
1.1_6 06 Mar 2023 05:26:54 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible DoS vulnerability in rack |
1.1_6 05 Mar 2023 01:02:16 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in curl |
1.1_6 04 Mar 2023 07:04:51 |
Eugene Grosbein (eugen) |
security/vuxml: document strongSwan certificate verification vulnerability
Security: 3f9b6943-ba58-11ed-bbbd-00e0670f2660 |
1.1_6 03 Mar 2023 19:53:11 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab-ce vulnerabilities |
1.1_6 03 Mar 2023 10:46:53 |
Fernando Apesteguía (fernape) Author: Boris Korzun |
security/vuxml: document grafana{8,9} CVEs
* CVE-2023-0507 - Stored XSS in geomap panel plugin via attribution (High)
* CVE-2023-0594 - Stored XSS in TraceView panel (High)
* CVE-2023-22462 - Stored XSS in text panel plugin
PR: 269903
Reported by: drtr0jan@yandex.ru |
1.1_6 01 Mar 2023 01:54:52 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6 27 Feb 2023 15:08:46 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in Emacs |
1.1_6 25 Feb 2023 09:01:24 |
Jan Beich (jbeich) Author: Tom Hukins |
security/vuxml: correct "vulnerabilities" spelling
Closes: https://github.com/freebsd/freebsd-ports/pull/164 |
1.1_6 24 Feb 2023 13:36:11 |
Fernando Apesteguía (fernape) |
security/vuxml: document vulnerabilities for net/freerdp
CVE-2022-39282 and CVE-2022-39283.
PR: 269667
Reported by: grahamperrin@freebsd.org |
1.1_6 23 Feb 2023 06:17:11 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 110.0.5481.177
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html |
1.1_6 21 Feb 2023 22:37:24 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.7 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.7
This release fixes the following potential DoS vulnerabilities:
- Receiving DNS responses from async DNS requests (via the
lookup_addr, etc BIF methods) with the TTL set to zero could
cause the DNS manager to eventually stop being able to make new
requests.
- Specially-crafted FTP packets with excessively long usernames,
passwords, or other fields could cause log writes to use large
amounts of disk space.
- The find_all and find_all_ordered BIF methods could take extremely
large amounts of time to process incoming data depending on the
size of the input.
Reported by: Tim Wojtulewicz |
1.1_6 21 Feb 2023 20:57:38 |
Koop Mast (kwm) |
security/vuxml: Document libde265 vulnabilities.
PR: 269382
Reported by: diizzy@ |
1.1_6 21 Feb 2023 11:37:19 |
Renato Botelho (garga) |
security/vuxml: Document recent git CVEs
Document CVEs fixed by devel/git 2.39.1 and 2.39.2:
CVE-2022-41903
CVE-2022-23521
CVE-2023-22490
CVE-2023-23946
PR: 269655
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_6 20 Feb 2023 09:34:49 |
Florian Smeets (flo) Author: Stefan Bethke |
security/vuxml: Add gitea vulnerabilities
PR: 269707 |
1.1_6 19 Feb 2023 18:12:33 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerable x/net/http2 module in traefik |
1.1_6 19 Feb 2023 11:01:41 |
Robert Clausecker (fuz) |
security/vuxml: document log4j vulnerability in sysutils/rundeck3
PR: 261748
Reported by: ruben@verweg.com
Approved by: flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38636 |
1.1_6 18 Feb 2023 17:33:09 |
Fernando Apesteguía (fernape) Author: Tom Hukins |
security/vuxml: Add www/minio vulnerability
CVE-2022-24842: unprivileged users can create service accounts for admin users.
PR: 268656
Reported by: adam@omega.org.uk
Obtained from: https://github.com/freebsd/freebsd-ports/pull/158 |
1.1_6 16 Feb 2023 04:09:33 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in ClamAV |
1.1_6 15 Feb 2023 19:06:01 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6 14 Feb 2023 13:55:02 |
Wen Heping (wen) |
security/vuxml: Fix typo in my previous commit
Reported by: dan@langille.org(via email) |
1.1_6 14 Feb 2023 12:03:59 |
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |