Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 17 Dec 2004 14:56:28 |
simon |
Correct recent php entry, 4.3.10 and 5.0.3 are fixed. |
1.1_1 17 Dec 2004 10:56:20 |
sem |
Fix VID for the last commit. |
1.1_1 17 Dec 2004 09:32:44 |
sem |
Multiple vulnerabilities in PHP. From Secunia report. |
1.1_1 16 Dec 2004 10:51:18 |
niels |
Added 5 MySQL vulnerabilities
Approved by: nectar (mentor) |
1.1_1 15 Dec 2004 22:21:35 |
simon |
Document two vulnerabilities in phpMyAdmin. |
1.1_1 14 Dec 2004 17:55:52 |
simon |
Document multiple vulnerabilities in wget. |
1.1_1 12 Dec 2004 22:15:01 |
simon |
- Add bugtraqid references to several entries.
- Fix typo in msgid for a samba entry.
- Bump modification date for updated entries. |
1.1_1 12 Dec 2004 21:14:14 |
josef |
Document security issue in Konqueror. |
1.1_1 11 Dec 2004 16:22:38 |
simon |
Document a NULL pointer dereference vulnerability in mod_access_referer.
Submitted by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1 08 Dec 2004 23:16:53 |
sem |
Integrate the following vendor patches as published on
http://www.squid-cache.org/Versions/v2/2.5/bugs/:
- a malformed hostname can cause squid to return random data as error messages,
possibly leaking internal information from former requests (squid bug #1143).
(This is classified as a minor security issue by the squid developers, so
maintainer cc'ed security-team@. See VuXML entry.)
- the "httpd_accel_port 0" directive does not work on its own (squid bug #1121)
- fix crashes occuring when using cachemgr's "vm_objects" operation (squid
bug #1149)
PR: ports/74859
Submitted by: maintainer |
1.1_1 07 Dec 2004 23:38:32 |
simon |
Document information leakage in viewcvs. |
1.1_1 07 Dec 2004 13:35:43 |
simon |
Document a symlink attack vulnerability in cscope. |
1.1_1 05 Dec 2004 06:53:54 |
glewis |
. Put the topic in the same format all other recent topics have been in for
the Java plugin vulnerability.
. Note that the diablo-jdk and diablo-jre packages are vulnerable to the
plugin issue. [1]
Prodded by: simon [1] |
1.1_1 04 Dec 2004 21:12:13 |
simon |
Add cvename to bnc vulnerability. |
1.1_1 04 Dec 2004 20:47:45 |
simon |
Document a remote code execution vulnerability in bnc. |
1.1_1 04 Dec 2004 18:21:14 |
simon |
Fix grammar nit in ImageMagick entry.
Submitted by: Daniel Seuffert <DS@praxisvermittlung24.de> |
1.1_1 04 Dec 2004 18:09:43 |
simon |
For the Java plugin vulnerability, also match the linux-jdk package
(old name for linux-jdk-sun). |
1.1_1 03 Dec 2004 17:24:38 |
glewis |
. Note that although linux-sun-jdk13 had one plugin vulnerability fixed
in 1.3.1.13, it contained another problem. This is fixed in 1.3.1.14. |
1.1_1 03 Dec 2004 08:22:51 |
rushani |
Document vulnerability that allows arbitrary command execution in rssh
and scponly.
Approved & reviewed by: josef (security team) |
1.1_1 02 Dec 2004 21:04:06 |
naddy |
Document buffer overflows in rockdodger. |
1.1_1 01 Dec 2004 20:08:05 |
simon |
Add CVE to zip vulnerability. |
1.1_1 01 Dec 2004 19:38:39 |
simon |
Document a long path buffer overflow in zip. |
1.1_1 01 Dec 2004 15:30:46 |
simon |
Document signal delivery vulnerability in sudoscript. |
1.1_1 30 Nov 2004 21:54:54 |
josef |
Document vulnerability in net/jabberd. |
1.1_1 29 Nov 2004 21:05:00 |
josef |
Document vulnerability in net/opendchub.
Based on submission by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1 28 Nov 2004 17:03:16 |
simon |
Add Bugtraq ID for SA-04:16.fetch entry. |
1.1_1 26 Nov 2004 20:41:06 |
simon |
Document two vulnerabilities in unarj. |
1.1_1 25 Nov 2004 19:29:27 |
glewis |
. Mark linux-ibm-jdk as also vulnerable to the Java plugin vulnerability. |
1.1_1 25 Nov 2004 18:43:18 |
glewis |
. Fix the range and add an additional range for the jdk vulnerability.
. Note that linux-sun-jdk and linux-blackdown-jdk are also vulnerable. |
1.1_1 25 Nov 2004 17:56:03 |
glewis |
. Fix whitespace. |
1.1_1 25 Nov 2004 16:10:29 |
glewis |
. Add an entry for the problem in the Java plugin. |
1.1_1 25 Nov 2004 15:32:16 |
simon |
Update ruby CGI DoS entry to note that the most recent version in
ports is fixed. Also remove ruby-static as vulnerable, since it does
not contain cgi.rb. |
1.1_1 25 Nov 2004 13:38:59 |
josef |
Document vulnerability in ftp/prozilla.
Submitted by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1 24 Nov 2004 15:46:48 |
ume |
correct fixed version
Pointed out by: josef |
1.1_1 24 Nov 2004 08:04:13 |
ume |
c0a269d5-3d16-11d9-8818-008088034841 and
114d70f3-3d16-11d9-8818-008088034841 are fixed in cyrus-imapd 2.1.17. |
1.1_1 23 Nov 2004 13:52:32 |
simon |
Document that the twiki vulnerability is fixed in twiki-20040902. |
1.1_1 23 Nov 2004 06:29:38 |
ume |
add Cyrus IMAP Server multiple remote vulnerabilities.
Obtained from: http://security.e-matters.de/advisories/152004.html |
1.1_1 20 Nov 2004 22:21:09 |
simon |
Add CVE reference for the SA-04:16.fetch entry. |
1.1_1 20 Nov 2004 00:39:56 |
josef |
Document vulnerability in phpmyadmin. |
1.1_1 18 Nov 2004 19:06:17 |
josef |
Add localized versions of gd port to the VuXML entry. |
1.1_1 18 Nov 2004 15:47:48 |
simon |
Document SA-04:16.fetch. |
1.1_1 17 Nov 2004 19:05:46 |
josef |
Document the buffer overrun vulnerability in samba3
CAN-2004-882 |
1.1_1 17 Nov 2004 17:11:32 |
josef |
Correct range for xpdf vulnerability, as cups-base got a fixing
update. |
1.1_1 16 Nov 2004 23:16:44 |
josef |
The last commit to japanese/samba also fixed the security issue
in samba (CAN-2004-0815)
As discussed with: NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer) |
1.1_1 16 Nov 2004 22:53:06 |
simon |
Add CVE name to twiki entry.
Noticed by: josef |
1.1_1 16 Nov 2004 20:02:09 |
josef |
Add teTeX-base to affected packages in xpdf's vuxml entry. |
1.1_1 15 Nov 2004 10:18:50 |
simon |
Document arbitrary shell command execution in twiki. |
1.1_1 14 Nov 2004 23:05:37 |
simon |
Document a format string vulnerability in proxytunnel. |
1.1_1 13 Nov 2004 09:05:02 |
simon |
Fix entry date for the ruby entry from the last commit. |
1.1_1 13 Nov 2004 08:54:20 |
simon |
- Document at DoS in the Ruby CGI module.
- Document a privilege escalation in sudo. |
1.1_1 12 Nov 2004 15:23:39 |
nectar |
Add CVE name for gnats issue. |
1.1_1 12 Nov 2004 15:01:57 |
nectar |
Note (likely) remotely exploitable vulnerability in samba 3.
Submitted by: Shane Kinney <mod6@freebsdhackers.net> |
1.1_1 12 Nov 2004 11:15:02 |
josef |
Document vulnerability in GNATS. |
1.1_1 11 Nov 2004 23:53:33 |
simon |
Document a XSS in squirrelmail. |
1.1_1 11 Nov 2004 23:01:51 |
josef |
Fix entry date. |
1.1_1 11 Nov 2004 22:46:39 |
josef |
Document BNC vulnerability. |
1.1_1 11 Nov 2004 17:29:54 |
nectar |
Note old hafiye bug.
Submitted by: Shane Kinney <mod6@freebsdhackers.net> |
1.1_1 11 Nov 2004 15:46:05 |
naddy |
Fix a format string vulnerability in ez-ipupdate.
Approved by: se@
Obtained from: Ulf Harnhammar <Ulf.Harnhammar.9485@student.uu.se> |
1.1_1 11 Nov 2004 14:17:16 |
simon |
Document a buffer overflow in ImageMagick's EXIF parser. |
1.1_1 11 Nov 2004 13:34:17 |
simon |
Correct recent Apache 2 entry to not match Apache 1.X.
Noticed by: Dan Langille <dan@langille.org> |
1.1_1 10 Nov 2004 22:48:58 |
josef |
Document vulnerability in Apache 2 (CAN-2004-0942). |
1.1_1 10 Nov 2004 20:25:02 |
marcus |
Update the libxml vulnerability to indicate the fixed version. |
1.1_1 09 Nov 2004 23:30:01 |
simon |
Document a format string vulnerability in socat. |
1.1_1 09 Nov 2004 22:07:15 |
simon |
Document remote buffers overflow in libxml and libxml2. |
1.1_1 09 Nov 2004 17:00:58 |
nectar |
The bugs discovered by Chris Evans have been fixed
in linux-gdk-pixbuf.
Reported by: thierry |
1.1_1 08 Nov 2004 10:26:50 |
josef |
Fix pkgnames for mod_include vulnerability.
Thanks to Dan Langille for helping me to track these down. |
1.1_1 08 Nov 2004 00:07:23 |
simon |
Document a virus detection evasion in p5-Archive-Zip. |
1.1_1 06 Nov 2004 12:31:29 |
josef |
Document mod_include vulnerability in apache and related ports. |
1.1_1 06 Nov 2004 00:38:28 |
simon |
Document an insecure temporary file creation in postgresql-contrib. |
1.1_1 05 Nov 2004 21:57:00 |
simon |
Bump modified date in the entry for the last commit. |
1.1_1 05 Nov 2004 21:54:05 |
simon |
Update latest mpg123 entry to note that the port is fixed in the most
recent port version. |
1.1_1 05 Nov 2004 14:48:02 |
simon |
There was a gd 1.X port with portepoch 2 for a while, so let the gd
entry also match that. |
1.1_1 05 Nov 2004 13:59:20 |
simon |
Document an integer overflow in the GD Graphics Library. |
1.1_1 04 Nov 2004 08:56:41 |
simon |
Correct entry date for the putty entry.
OK'ed by: josef |
1.1_1 04 Nov 2004 00:05:23 |
josef |
Document vulnerability in putty
Reviewed by: simon |
1.1_1 03 Nov 2004 22:49:13 |
simon |
Add an entry for a wzdftpd remote DoS. |
1.1_1 03 Nov 2004 22:36:09 |
simon |
Updates to the bogofilter entry:
- Improve information about which versions are vulnerable. [1]
- Add a few more references.
Submitted by: Matthias Andree <matthias.andree@gmx.de> [1] |
1.1_1 01 Nov 2004 21:24:39 |
mezz |
Update linux-openmotif to 2.2.4 to fix the security.
http://vuxml.freebsd.org/ef253f8b-0727-11d9-b45d-000c41e2cdad.html |
1.1_1 27 Oct 2004 21:11:09 |
josef |
Document rssh format string vulnerability.
Approved by: nectar |
1.1_1 27 Oct 2004 12:25:06 |
nectar |
Create a VuXML entry for Horde XSS help window vulnerability to replace
the portaudit-db entry. |
1.1_1 26 Oct 2004 11:12:57 |
nectar |
Document a denial-of-service issue in bogofilter.
This entry is slightly modified from one that was
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1_1 26 Oct 2004 05:41:47 |
nork |
Fix integer overflow vulnerabilities.
Patch made by: Chris Evans, Dirk Muller, Sebastian Krahmer,
Derek Noonburg and Marcus Meissner
Submitted by: nectar |
1.1_1 25 Oct 2004 20:22:38 |
nectar |
Document xpdf 2 and xpdf 3 vulnerabilities. |
1.1_1 25 Oct 2004 19:27:02 |
nectar |
Document several security issues in gaim, fixed in various versions from
0.82 through 1.0.2. While I'm here, notice that there have been ru-,
ko-, and ja- flavors of gaim, as well as a fairly short-lived range of
version numbers based on dates (snapshots). |
1.1_1 25 Oct 2004 17:21:16 |
nectar |
Note that the Red Hat based linux_base ports contain
vulnerable libXpm.so files.
Noticed by: maho |
1.1_1 24 Oct 2004 19:39:27 |
josef |
Document SSL_Cypherbypass vulnerability in mod_ssl
and buffer overflow vulnerability in gaim. |
1.1_1 23 Oct 2004 16:08:43 |
simon |
- Document more buffer overflows in mpg123.
- Fix package name in two older mpg123 entries.
Approved by: nectar |
1.1_1 22 Oct 2004 12:21:53 |
nectar |
I suck. (Correct a typo that would have been readily detected if
I would have run `make validate' before committing.) |
1.1_1 22 Oct 2004 12:13:40 |
nectar |
Add CVE name for cabextract issue. |
1.1_1 21 Oct 2004 22:23:56 |
simon |
Fix a copy/paste typo in last commit. |
1.1_1 21 Oct 2004 22:17:21 |
simon |
Document DoS in Apache 2 SSL handling.
Approved by: nectar |
1.1_1 21 Oct 2004 20:04:21 |
nectar |
Note that xpm has been fixed.
Also, it appears that Motif itself is affected, so add related packages. |
1.1_1 21 Oct 2004 12:34:33 |
nectar |
Update entry regarding INN 2.4.x buffer overflow:
- The email archive referenced is no longer available. Use
marc.theaimsgroup.com archive instead.
- Note that only 2.4.x versions are affected (earlier ones
are not).
Reported by: leeym |
1.1_1 20 Oct 2004 21:21:53 |
simon |
Document remote command execution vulnerability in phpMyAdmin.
Approved by: nectar |
1.1_1 20 Oct 2004 18:38:08 |
simon |
Document insecure directory handling in cabextract.
Approved by: nectar |
1.1_1 19 Oct 2004 22:08:34 |
simon |
Set correct entry date for the a2ps issue.
Noticed by: nectar
Pointy hat to: simon |
1.1_1 19 Oct 2004 21:41:22 |
simon |
Document insecure command line argument handling in a2ps.
Approved by: nectar |
1.1_1 19 Oct 2004 16:40:34 |
nectar |
Document a vulnerability in ifmail. (There does not exist
an appropriate public reference yet--- this entry should be
updated when the port is updated.)
Reported by: Niels Heinen <niels.heinen@ubizen.com> |
1.1_1 19 Oct 2004 15:41:37 |
nectar |
Document a vulnerability in imwheel. |
1.1_1 19 Oct 2004 14:11:44 |
nectar |
Add CVE names for FreeRADIUS vulnerabilities. |