Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 02 Feb 2005 15:46:17 |
nectar |
Add Bugtraq ID for evolution issue. |
1.1_1 01 Feb 2005 17:03:31 |
nectar |
Add CVE name for squid WCCP issue. |
1.1_1 01 Feb 2005 14:14:55 |
nectar |
Add a <modified> tag to the perl File::Path issue since the affected
versions were changed.
Forgotten by: tobez |
1.1_1 01 Feb 2005 13:38:16 |
tobez |
Narrow perl File::Path vulnerability version range a bit. |
1.1_1 01 Feb 2005 09:03:52 |
niels |
Documented vulnerabilities found in the newspost, newsfetch and newsgrab ports.
http://people.freebsd.org/~niels/issues/newspost-20050114.txt
http://people.freebsd.org/~niels/issues/newsgrab-20050114.txt
http://people.freebsd.org/~niels/issues/newsfetch-20050119.txt
Approved by: nectar (mentor) |
1.1_1 31 Jan 2005 21:44:32 |
nectar |
The latest xpdf buffer overflow has been repaired in an update
to pdftohtml.
Submitted by: erwin |
1.1_1 31 Jan 2005 21:40:10 |
nectar |
Add CVE names for recent squid vulnerabilities. |
1.1_1 29 Jan 2005 21:43:36 |
sem |
squid -- buffer overflow in WCCP recvfrom() call
PR: ports/76827
Submitted by: squid maintainer |
1.1_1 27 Jan 2005 16:38:35 |
simon |
Mark cups-base as fixed wrt. to "makeFileKey2() buffer overflow
vulnerability". |
1.1_1 26 Jan 2005 20:25:47 |
simon |
Document "makeFileKey2()" buffer overflow vulnerability in xpdf (and
programs embedding xpdf). |
1.1_1 26 Jan 2005 16:20:43 |
nectar |
pdflib has been corrected.
Noticed by: Hilko Meyer <Hilko.Meyer@gmx.de> |
1.1_1 25 Jan 2005 13:50:43 |
nectar |
Document a vulnerability in zhcon. |
1.1_1 25 Jan 2005 10:51:10 |
simon |
Fix last YAMT entry update to actually make sense... Greater than and
less than are not the same...
Pointy hat to: simon |
1.1_1 25 Jan 2005 10:46:29 |
simon |
Mark latest YAMT port version as fixed. |
1.1_1 25 Jan 2005 00:50:02 |
simon |
Document arbitrary code execution vulnerability in evolution. |
1.1_1 24 Jan 2005 22:25:58 |
nectar |
The previous commit was
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1 24 Jan 2005 22:24:02 |
nectar |
Correct the entry date for 4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3
``squid -- HTTP response splitting cache pollution attack''. |
1.1_1 24 Jan 2005 20:12:25 |
nectar |
Document a local vulnerability in mod_dosevasive. |
1.1_1 24 Jan 2005 19:39:20 |
nectar |
Document a possible cache-poisoning issue affecting squid.
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1 24 Jan 2005 18:45:43 |
nectar |
Document Bugzilla XSS issue. |
1.1_1 24 Jan 2005 18:38:47 |
nectar |
Oops, forgot to set <discovery> date. |
1.1_1 24 Jan 2005 17:35:45 |
nectar |
Document window injection vulnerabilities affecting several web browsers. |
1.1_1 24 Jan 2005 15:29:18 |
nectar |
Cancel duplicate phpbb entry e8c6ade2-6bcc-11d9-8e6f-000a95bc6fae. It
was already documented as e3cf89f0-53da-11d9-92b7-ceadd4ac2edd.
Useful references and descriptions were merged.
Noticed by: simon |
1.1_1 23 Jan 2005 23:52:34 |
simon |
Document a vulnerability in YAMT. |
1.1_1 22 Jan 2005 14:37:47 |
simon |
Add squid security advisories for two recent squid entries.
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1 22 Jan 2005 09:35:07 |
edwin |
squid bug #1200:
squid -- HTTP response splitting cache pollution attack
PR: ports/76550
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1 22 Jan 2005 01:13:36 |
simon |
Fix typo in last commit. |
1.1_1 22 Jan 2005 00:55:05 |
simon |
Document XSS in Horde. |
1.1_1 21 Jan 2005 18:30:14 |
nectar |
Oops, I accidently changed an <entry> date when I should have
added a <modified> date. |
1.1_1 21 Jan 2005 17:48:02 |
nectar |
Document vulnerabilities in older versions of Midnight Commander. |
1.1_1 21 Jan 2005 17:34:08 |
nectar |
Document a race condition in Perl's File::Path module. |
1.1_1 21 Jan 2005 17:01:03 |
nectar |
Document phpBB vulnerabilities. |
1.1_1 21 Jan 2005 16:50:40 |
nectar |
Document vulnerabilities in the Opera web browser's Java implementation. |
1.1_1 21 Jan 2005 16:38:02 |
nectar |
Document that older versions of sudo lack CDPATH environmental variable
handling. |
1.1_1 21 Jan 2005 16:30:46 |
nectar |
Document vulnerabilities in fcron. |
1.1_1 21 Jan 2005 16:07:31 |
nectar |
Document vulnerabilities in RealPlayer. |
1.1_1 21 Jan 2005 15:54:15 |
nectar |
Add CVE name and iDEFENSE advisory references to xzgv issue. |
1.1_1 21 Jan 2005 15:37:24 |
nectar |
Grr, get the imlib version number right! |
1.1_1 21 Jan 2005 15:31:52 |
nectar |
Oops, imlib 1.9.15 is still affected. Adjust version number to reflect
upcoming fix. |
1.1_1 21 Jan 2005 15:16:01 |
nectar |
Document xpm heap overflows and integer overflows affecting imlib and imlib2. |
1.1_1 21 Jan 2005 14:53:15 |
nectar |
Document a vulnerability in eGroupWare. |
1.1_1 21 Jan 2005 14:42:29 |
nectar |
Document Quake II vulnerabilities reported by Richard Stanway. |
1.1_1 21 Jan 2005 13:53:46 |
nectar |
Add CVE names for konversation bugs. |
1.1_1 19 Jan 2005 20:47:31 |
josef |
Document security issue in irc/konversation.
Pointed out by: markus |
1.1_1 19 Jan 2005 16:39:29 |
nectar |
Correct several instances where the "msgid" attribute content had an
extraneous trailing greater-than character ">", e.g.
<mlist msgid="some-message@id>">some-url</mlist>
These were probably the result of off-by-one errors during
cut-and-paste. |
1.1_1 19 Jan 2005 16:19:14 |
nectar |
Eliminate character entity references. They are technically fine of
course, but I prefer to use the UTF-8 character directly: it makes
grep'ing and the like easier. |
1.1_1 19 Jan 2005 14:13:09 |
nectar |
Update entries with 12 new CVE name references. |
1.1_1 19 Jan 2005 11:52:27 |
edwin |
Fix date (was YYYY-MM-DD, now 2005-01-19)
Thanks for Chimera@#bsdports |
1.1_1 19 Jan 2005 11:05:02 |
edwin |
squid -- no sanity check of usernames in squid_ldap_auth
(My first attempt to update this thing. Hope all goes fine!)
PR: ports/76364
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1 18 Jan 2005 20:25:53 |
simon |
Document remote DoS in CUPS.
Heads-ups by: Hilko Meyer <hilko.meyer@gmx.de>
Description by: nectar |
1.1_1 18 Jan 2005 17:47:15 |
nectar |
During last year's bumpercrop of vulnerabilities in libtiff, a 2004 CVE
name was assigned to what was actually a much older (circa March 2002)
denial-of-service issue. Document it, since occassionally the CVE name
crops up and then I wonder why we missed it. |
1.1_1 18 Jan 2005 17:23:23 |
nectar |
Document exploitable vulnerabilities in zgv and xzgv. |
1.1_1 18 Jan 2005 16:59:56 |
nectar |
Document bug in Mozilla-based software that may leave downloaded files
or attachments world-readable. |
1.1_1 18 Jan 2005 16:02:38 |
simon |
Add more references to exim entry. |
1.1_1 18 Jan 2005 15:23:49 |
nectar |
pdflib contains libtiff, and thus is affected by several vulnerabilities
that affected libtiff. |
1.1_1 18 Jan 2005 12:29:58 |
simon |
Document remote command execution vulnerability in awstats. |
1.1_1 18 Jan 2005 01:02:45 |
simon |
Document security vulnerability in ImageMagick. |
1.1_1 17 Jan 2005 17:44:13 |
simon |
Update "cups-base -- HPGL buffer overflow vulnerability" entry to
reflect the fix in the latest port version. |
1.1_1 17 Jan 2005 17:20:57 |
nectar |
Spelling corrections. |
1.1_1 17 Jan 2005 13:42:10 |
nectar |
Regarding CUPS lppasswd entry: Add the CVE names for each issue inline
with the excerpt from Bernstein's message. Note that the third issue
does not effect users of FreeBSD 4.6 or later. |
1.1_1 16 Jan 2005 23:15:54 |
simon |
Document two vulnerabilities in CUPS.
Heads up by: Hilko Meyer <hilko.meyer@gmx.de> |
1.1_1 16 Jan 2005 20:46:56 |
simon |
Document mysqlaccess insecure temporary file creation. |
1.1_1 16 Jan 2005 18:47:48 |
simon |
Document buffer overflow vulnerability in unrtf. |
1.1_1 16 Jan 2005 17:18:52 |
simon |
Correct recent squid entry: WCCP is in fact enabled by default.
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer) |
1.1_1 13 Jan 2005 21:22:47 |
nectar |
For mod_access_referer issue:
- Correct spelling.
- `null' in `null pointer' should not be all caps
- Correct the secunia.com URL (it did not identify this particular bug) |
1.1_1 13 Jan 2005 21:13:51 |
nectar |
Add references to Konqueror password disclosure bug: CVE name, CERT
Vulnerability Note, and KDE security advisory. |
1.1_1 13 Jan 2005 20:52:53 |
nectar |
Update phpBB command execution entry references:
- Convert some <url>s into the appropriate <certvu> and <uscertta>
elements.
- Add CVE name
- Add a couple of mailing list posts |
1.1_1 13 Jan 2005 20:42:56 |
nectar |
For the latest three Squid issues, add references to the Squid bug
tracking database. Also, rework the description of the empty ACL issue. |
1.1_1 13 Jan 2005 20:26:03 |
nectar |
Add a better reference and description of the jabberd vulnerability. |
1.1_1 13 Jan 2005 20:04:06 |
nectar |
Oops, add missing closing tag for Bugtraq ID which I recently added. |
1.1_1 13 Jan 2005 20:02:26 |
nectar |
Add CVE name for up-imapproxy issue. |
1.1_1 13 Jan 2005 19:53:32 |
nectar |
Add CVE names to greed buffer overflows issue. Re-indent <references>
children. |
1.1_1 13 Jan 2005 19:51:06 |
nectar |
For mpg123 playlist issue, add CVE name, Bugtraq ID, and X-Force
references. Correct a double slash (`//') in a URL. Re-ident the
<references> children. |
1.1_1 13 Jan 2005 19:46:40 |
nectar |
Add a CVE name for VIM modeline handling issue. |
1.1_1 13 Jan 2005 19:39:14 |
nectar |
Cancel VID 14e8f315-600e-11d9-a9e7-0001020eed82 "tiff -- stripoffsets
integer overflow vulnerability", as it was a subset of VID
3897a2f8-1d57-11d9-bc4a-000c41e2cdad "tiff -- multiple integer
overflows". This is another case of iDEFENSE ``discovering'' a
vulnerability months after it had already been made public and
corrected. I've preserved the iDEFENSE advisory reference by moving it
to the older entry, so that someone won't get misled by it again later. |
1.1_1 13 Jan 2005 19:09:14 |
nectar |
Add CVE name for tnftp mget vulnerability. Re-indent <references>
children while I'm here. |
1.1_1 13 Jan 2005 18:41:58 |
nectar |
For recent squid WCCP DoS issue, correct the URL used in <blockquote>
"cite" attribute and <url> content. It referenced the wrong squid
patch description. |
1.1_1 13 Jan 2005 18:03:57 |
nectar |
Document Mozilla NNTP handler vulnerability. |
1.1_1 13 Jan 2005 16:10:46 |
simon |
- Document a vulnerability in mpg123.
- Add mpg123-nas to an earlier mpg123 entry.
- Make title for exim entry more accurate.
- Fix invalid modification date in latest xpdf entry. |
1.1_1 12 Jan 2005 22:37:29 |
simon |
- Integrate vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/> for the following
issues:
+ Prevent a possible denial of service attack via WCCP messages (squid bug
#1190), classified as security issue by the vendor
+ Fix a buffer overflow in the Gopher to HTML conversion routine (squid bug
#1189), classified as security issue by the vendor
+ Fix a null pointer access and plug memory leaks in the fake_auth NTLM
helper (squid bug #1183) (this helper app is not installed by default by
the port)
+ Stop closing open filedescriptors beyond stdin, stdout and stderr on
startup (squid bug #1177)
- Unbreak the port on NO_NIS systems (thanks to "Alexander <freebsd AT
nagilum.de>" for reporting this)
- Document the two security issues in VuXML.
PR: ports/76173
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Approved by: erwin (mentor) |
1.1_1 12 Jan 2005 14:39:04 |
nectar |
- Document some older security issues in libxine.
- Cancel VID bef4515b-eaa9-11d8-9440-000347a4fa7d in favor of a more
complete, new entry. (A xine security announcement covered the same
issue and others.)
- Add references to xine security announcements and iDEFENSE
Security Advisories. |
1.1_1 11 Jan 2005 22:41:50 |
nectar |
Document HylaFAX authentication bypass vulnerability. |
1.1_1 11 Jan 2005 22:18:33 |
naddy |
Document xshisen buffer overflows. |
1.1_1 11 Jan 2005 16:39:19 |
nectar |
Add CERT Vulnerability Note reference for tiff issue. |
1.1_1 11 Jan 2005 14:31:39 |
nectar |
Bump copyright for 2005. |
1.1_1 11 Jan 2005 00:33:21 |
simon |
Mark pdftohtml as vulnerable to recent xpdf vulnerability. |
1.1_1 10 Jan 2005 22:20:51 |
niels |
Documented two vulnerabilities in the helvis port |
1.1_1 09 Jan 2005 18:34:21 |
nectar |
Add CVE names for exim issue. |
1.1_1 08 Jan 2005 20:18:16 |
simon |
Document format string vulnerability in dillo. |
1.1_1 08 Jan 2005 17:47:59 |
sem |
- Shorten exim entry
Thanks to: simon |
1.1_1 08 Jan 2005 17:39:48 |
simon |
Fix typo in latest tiff entry.
Noticed by: bmah |
1.1_1 08 Jan 2005 17:13:09 |
nectar |
Change the behavior of `make newentry' so that it invokes ${EDITOR}
after adding the template, since this is certainly the next required
action. [1]
Fix the error checking: a pipeline was masking some errors, and `set
errexit' was not effective in some other places.
Suggested by: delphij [1] |
1.1_1 08 Jan 2005 15:43:23 |
nectar |
Add a target, `newentry', that will insert a VuXML <vuln> template
(including generated VID) to the top of the `vuln.xml' file. This will
save a little time when adding new entries.
Inspired by: a patch from simon |
1.1_1 08 Jan 2005 00:20:24 |
simon |
- Document that two older tiff vulnerabilities also affects
linux-tiff. [1]
- Add an extra reference to each of the two entries while I'm here
anyway.
- In one of the tiff title elements do s/---/--/ for consistency.
Discussed with: nectar [1]
Approved by: portmgr (implicit, VuXML) |
1.1_1 07 Jan 2005 15:34:42 |
nectar |
The tnftp port has been updated.
Approved by: portmgr (implicit, VuXML) |
1.1_1 07 Jan 2005 13:59:16 |
nectar |
Fix up last commit (tnftp entry):
- Malformed XML
- mismatched tags (<packages></package>)
- invalid entity reference &content-type= (ampersand should have
been replaced with &)
- Replace <range> so that it matches all possible versions for now,
until a fixed version is available in the ports tree
- <entry> date was in the past
Approved by: portmgr (implicit, VuXML)
Pointy hat to: ahze (hint: make validate) |
1.1_1 07 Jan 2005 07:09:45 |
ahze |
Document vulnerabilites in tnftp
PR: ports/75782
Submitted by: Tom McLaughlin
Approved by: portmgr (krion) |
1.1_1 06 Jan 2005 22:41:49 |
simon |
Document several vulnerabilites in tiff.
Approved by: portmgr (implicit, VuXML) |
1.1_1 06 Jan 2005 17:05:22 |
nectar |
Fill in forgotten `cite' attribute value.
Noticed by: simon
Approved by: portmgr (implicit, VuXML) |
1.1_1 06 Jan 2005 16:54:30 |
nectar |
Document a local vulnerability in VIM's modeline handling.
Approved by: portmgr (implicit, VuXML) |