| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_1
16 Oct 2004 20:31:23
  |
simon  |
- Change a few uses of <url> into <mlist>.
OK'ed by: nectar
Additional comment to the Tor entry from v. 1.302, it was:
Submitted by: rik <freebsd-security@rikrose.net> (original version) |
1.1_1
15 Oct 2004 21:21:08
|
simon |
- Document remote DoS and loss of anonymity in Tor.
- Update a Samba entry with new information about vulnerable versions.
Approved by: nectar |
1.1_1
14 Oct 2004 17:52:41
|
nectar |
lesstif has been upgraded to a version that is not affected by the
libXpm vulnerability. |
1.1_1
14 Oct 2004 17:06:55
|
simon |
Recommit my changes from 1.298 which was accidently removed in 1.299.
Pointy hat to: josef (who also noticed the problem) |
1.1_1
14 Oct 2004 16:55:27
|
josef |
Document two seperate security vulnerabilities in
icecast1 and icecast2.
Approved by: nectar |
1.1_1
14 Oct 2004 16:46:39
|
simon |
Change the Xerces-C++ entry to match the xerces-c2 port.
Noticed by: nectar |
1.1_1
13 Oct 2004 22:00:21
|
josef |
Document vulnerability in freeradius.
Approved by: nectar |
1.1_1
13 Oct 2004 21:50:58
|
simon |
- Document DoS in Xerces-C++.
- Fix typo in a mozilla entry.
Approved by: nectar |
1.1_1
13 Oct 2004 21:12:02
|
nectar |
It turns out that lesstif has libXpm sneakily embedded. There are at
least three files with this comment at the top:
* This file contains most of the source files of Xpm, concatenated and with
* the public names changed (to have an _LtXpm prefix). |
1.1_1
13 Oct 2004 21:01:12
|
simon |
Document XSS in wordpress.
Approved by: nectar |
1.1_1
13 Oct 2004 20:39:48
|
nectar |
Document integer overflows in libtiff. |
1.1_1
13 Oct 2004 17:18:02
|
simon |
- Document a CUPS local information disclosure.
- Note the impact of the sharutils buffer overflows.
Approved by: nectar |
1.1_1
13 Oct 2004 16:55:35
|
josef |
Document a vulnerability in Zinf (freeamp).
Approved by: nectar |
1.1_1
13 Oct 2004 16:06:34
|
nectar |
Document libtiff RLE decoder issues. |
1.1_1
13 Oct 2004 10:27:33
|
simon |
The sharutils buffer overflows has been fixed in sharutils 4.2.1_2. |
1.1_1
12 Oct 2004 23:46:41
|
simon |
Document a vulnerability in sharutils.
Approved by: nectar |
1.1_1
12 Oct 2004 21:58:58
|
josef |
Document 2 DoS attacks possible against
older versions of mail-notifier.
Based on the security advisories
mentioned in the reference links.
Approved by: nectar |
1.1_1
12 Oct 2004 15:39:33
|
nectar |
ale@ reports that the only ports affected are php[45], php[45]-cgi,
and mod_php[45]. |
1.1_1
12 Oct 2004 15:09:53
|
nectar |
Note squid SNMP DoS. Based on an entry that was
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> |
1.1_1
12 Oct 2004 02:08:57
|
nectar |
The documented xv vulnerabilities were fixed by dinoex@
Approved by: portmgr |
1.1_1
12 Oct 2004 01:07:22
|
nectar |
Note that the image decoding vulnerabilities in gdk-pixbuf have been
fixed.
Reported by: marcus
Approved by: portmgr |
1.1_1
12 Oct 2004 00:58:31
|
nectar |
Document older cyrus-sasl bug affecting DIGEST-MD5.
Submitted by: simon
Approved by: portmgr |
1.1_1
12 Oct 2004 00:57:22
|
nectar |
Update the description of and list of packages affected by the PHP file
upload processing bug.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
08 Oct 2004 16:50:15
|
nectar |
Document unsafe use of environmental variable SASL_PATH in cyrus-sasl.
Approved by: portmgr |
1.1_1
05 Oct 2004 19:28:26
|
trhodes |
Add some more apache ports.
Fix two errors found by nectar.
Approved by: portmgr |
1.1_1
05 Oct 2004 17:41:55
|
trhodes |
Add imp3 issue, add apache13-ssl issue, correct a tag.
Approved by: portmgr |
1.1_1
05 Oct 2004 14:54:27
|
nectar |
Note that older packages of bmon were dangerously installed set-user-ID.
Approved by: portmgr |
1.1_1
05 Oct 2004 14:33:02
|
nectar |
Document GnuTLS denial-of-service (already mentioned in portaudit's
database).
Approved by: portmgr |
1.1_1
05 Oct 2004 14:06:55
|
nectar |
Record another PHP vulnerability.
Approved by: portmgr |
1.1_1
05 Oct 2004 13:52:38
|
nectar |
Record another PHP security issue.
Approved by: portmgr |
1.1_1
05 Oct 2004 12:52:58
|
nectar |
Note that xv should not be used.
Approved by: portmgr |
1.1_1
04 Oct 2004 19:59:35
|
nectar |
Note a symlink vulnerability in getmail.
Submitted by: Shane Kinney <mod6@freebsdhackers.net>
Approved by: portmgr |
1.1_1
04 Oct 2004 17:30:00
|
nectar |
Fill in empty topic from previous commit.
Noticed by: Shane Kinney <mod6@freebsdhackers.net>
Approved by: portmgr |
1.1_1
04 Oct 2004 17:09:55
|
nectar |
Record FreeBSD-SA-04:15.syscons.
Approved by: portmgr |
1.1_1
04 Oct 2004 14:01:46
|
nectar |
Add missing PORTEPOCH for samba.
Noticed by: dinoex
Approved by: portmgr |
1.1_1
03 Oct 2004 22:49:55
|
nectar |
Note racoon certificate verification bug.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
03 Oct 2004 15:51:49
|
nectar |
Note distcc IP address ACL bug.
Submitted by: Jon Passi <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
03 Oct 2004 15:38:27
|
nectar |
Remove a duplicate entry.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
01 Oct 2004 01:40:54
|
nectar |
Correct the version number for latest Mozilla entry.
(cut-n-paste damage)
Approved by: portmgr |
1.1_1
01 Oct 2004 01:37:52
|
nectar |
Document the last few of the relatively recent Mozilla vulnerabilities.
Approved by: portmgr |
1.1_1
30 Sep 2004 23:32:10
|
nectar |
Correct mangled CVE name: s/8983/0903/
Approved by: portmgr |
1.1_1
30 Sep 2004 23:29:23
|
nectar |
Add another two older vulnerabilities affecting Mozilla & co.
Continue to try hard to cover past package names:
- I missed el-linux-mozillafirebird previously.
- Move all the `obsolete' package names into one place
for clarity.
Approved by: portmgr |
1.1_1
30 Sep 2004 22:30:26
|
nectar |
Don't forget `ja-samba' also.
Approved by: portmgr |
1.1_1
30 Sep 2004 22:26:02
|
nectar |
Note samba file disclosure vulnerability.
Approved by: portmgr |
1.1_1
29 Sep 2004 16:48:15
|
trhodes |
Fix apache version number entry, bump modified date for apache as well.
Approved by: portmgr |
1.1_1
28 Sep 2004 18:02:03
|
nectar |
Make an initial attempt at covering all Mozilla/Firefox/Thunderbird
package names that we've had. Similar changes need to be made to many
other entries, but let's use this one as a test subject first.
Approved by: portmgr |
1.1_1
28 Sep 2004 15:06:19
|
nectar |
Correct spelling of phpnuke package name.
Reported by: Dan Langille
Approved by: portmgr |
1.1_1
28 Sep 2004 14:31:41
|
nectar |
Note BMP decoder flaws in Mozilla/Firefox/Thunderbird.
Approved by: portmgr |
1.1_1
28 Sep 2004 14:28:04
|
nectar |
Note stack buffer overflow in Mozilla mail.
Approved by: portmgr |
1.1_1
28 Sep 2004 14:22:35
|
nectar |
Document Mozilla/Firefox/Thunderbird heap buffer overflows.
Approved by: portmgr |
1.1_1
28 Sep 2004 13:36:53
|
nectar |
Correct the package name for phpMyAdmin.
Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by: portmgr |
1.1_1
27 Sep 2004 15:15:21
|
nectar |
Add CERT Vulnerability Note references to xpm entry.
Approved by: portmgr |
1.1_1
27 Sep 2004 02:57:32
|
nectar |
Note two older vulnerabilities in PHP.
Submitted by: Jon Passki <cykyc@yahoo.com>
Approved by: portmgr |
1.1_1
26 Sep 2004 18:17:36
|
nectar |
Note subversion information disclosure vulnerability.
Submitted by: lev
Approved by: portmgr |
1.1_1
26 Sep 2004 18:04:52
|
nectar |
Add missing PORTEPOCH in a mozilla entry.
Correct package name in an apache entry.
Reported by: Dan Langille <dan@langille.org>
Approved by: portmgr |
1.1_1
25 Sep 2004 00:59:48
|
nectar |
Forgot to add <modified> element for last commit.
Approved by: portmgr |
1.1_1
25 Sep 2004 00:58:59
|
nectar |
Add missing PORTEPOCH on one of the mozilla entries.
Noticed by: Dan Langille <dan@langille.org>
Approved by: portmgr |
1.1_1
23 Sep 2004 15:07:39
|
nectar |
Document vulnerabilities in lha.
Reviewed by: dinoex
Approved by: portmgr |
1.1_1
23 Sep 2004 14:16:16
|
nectar |
Lately it seems I like to use dashes in topics... but I should at
least be consistent with how many. s/---/--/
Approved by: portmgr |
1.1_1
23 Sep 2004 14:10:58
|
nectar |
Document mysql buffer overflow.
Reported by: ale
Approved by: portmgr |
1.1_1
22 Sep 2004 16:39:58
|
nectar |
Document Mozilla security icon spoofing vulnerability.
Approved by: portmgr |
1.1_1
22 Sep 2004 16:16:30
|
nectar |
Document Mozilla vulnerability involving NULL bytes in FTP URLs.
Also, correct s/firebird/firefox/ in a previously documented issue.
Approved by: portmgr |
1.1_1
22 Sep 2004 15:59:56
|
nectar |
Document Mozilla automatic file upload vulnerability.
Approved by: portmgr |
1.1_1
22 Sep 2004 15:44:03
|
nectar |
Document mozilla certificate import denial-of-service vulnerability.
Approved by: portmgr |
1.1_1
21 Sep 2004 22:04:54
|
nectar |
Note a file name disclosure issue in rssh.
Reported by: leeym
Approved by: portmgr |
1.1_1
20 Sep 2004 20:13:11
|
nectar |
Add entry describe GNU Radius denial-of-service vulnerability.
Approved by: portmgr |
1.1_1
20 Sep 2004 20:06:44
|
nectar |
Add sudoedit vulnerability.
Approved by: portmgr |
1.1_1
19 Sep 2004 23:36:42
|
nectar |
In latest CVS entry, remove the reference to the exploit. It does
not apply to any of these vulnerabilities, but to the previous CVS
vulnerability (CAN-2004-0396).
Approved by: portmgr |
1.1_1
19 Sep 2004 23:32:05
|
nectar |
Oh yeah, add affected FreeBSD versions for CVS issues.
Approved by: portmgr |
1.1_1
19 Sep 2004 23:23:49
|
nectar |
Update CVS entry with some details.
Approved by: portmgr |
1.1_1
19 Sep 2004 17:38:14
|
trhodes |
Add an entry for the mod_proxy buffer overflow existant in apache13.
Approved by: portmgr |
1.1_1
18 Sep 2004 15:42:01
|
nectar |
Note some fixes for XPM image decoding vulnerabilities.
Submitted by: lesi
Add references to Chris Evans's advisories while I'm at it.
Approved by: portmgr |
1.1_1
17 Sep 2004 02:12:17
|
marcus |
Update to gdk-pixbuf vulnerability to reflect the fixed version of gtk20.
Approved by: portmgr( implicit) |
1.1_1
15 Sep 2004 19:54:22
|
nectar |
Note that a patched version of webmin 1.150 is now available, thanks
to olengi@.
Submitted by: olengi
Add a paragraph introducing the Webmin blockquote while I'm here.
Approved by: portmgr |
1.1_1
15 Sep 2004 18:05:16
|
nectar |
Note gdk-pixbuf image decoding issues.
Approved by: portmgr |
1.1_1
15 Sep 2004 17:39:48
|
nectar |
clement@ has patched Apache 2.
Approved by: portmgr |
1.1_1
15 Sep 2004 16:31:55
|
nectar |
Note CUPS printer queue browser denial-of-service.
Approved by: portmgr |
1.1_1
15 Sep 2004 15:57:52
|
nectar |
Note Apache 2 IPv6 address parsing bug.
Approved by: portmgr |
1.1_1
15 Sep 2004 15:16:36
|
nectar |
Note new libXpm vulnerabilities.
Approved by: portmgr |
1.1_1
15 Sep 2004 14:47:36
|
nectar |
I appear to have deleted a line at the last minute. Restore it.
Approved by: portmgr |
1.1_1
15 Sep 2004 14:45:03
|
nectar |
Add mod_dav denial-of-service issue.
Approved by: portmgr |
1.1_1
15 Sep 2004 14:20:53
|
nectar |
Oops, forgot to note that the previous issue affects only the Apache 2.x
series.
Approved by: portmgr |
1.1_1
15 Sep 2004 14:18:17
|
nectar |
Add Apache 2 vulnerability concerning environmental variables in
configuration files.
Approved by: portmgr |
1.1_1
15 Sep 2004 13:52:30
|
nectar |
Repair three <freebsdpr> elements. The content of these elements
must be e.g. "ports/46613", not just "46613".
Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by: portmgr |
1.1_1
15 Sep 2004 03:03:26
|
nectar |
Note that some versions of OpenOffice have been corrected.
Approved by: portmgr |
1.1_1
14 Sep 2004 03:38:59
|
trhodes |
Fix botched date entry and correct iDefense URL.
Approved by: portmgr |
1.1_1
14 Sep 2004 03:19:10
|
trhodes |
Really add Samba 3 vulnerability.
Remove incorrect URL in mpg123 entry.
Approved by: portmgr
URL noticed: nectar |
1.1_1
14 Sep 2004 03:01:07
|
trhodes |
Correct version. Note my last commit here was for mpg123 instead of
samba3.
Noticed by: nectar
Approved by: portmgr |
1.1_1
14 Sep 2004 02:21:06
|
nectar |
- There is a WITHOUT_X11 version of ImageMagick that needs to be
taken into account.
- Fix transposed characters in `isakmpd'.
Noticed by: Dan Langille <dan@langille.org>
- Add CVE name reference for ImageMagick.
- Add webmin temporary file handling issue.
- Add OpenOffice temporary file handling issue.
- Widen the `KDE frame injection' issue to cover Mozilla, Firebird,
Netscape, and Opera as well
- Add Mozilla/Firebird/Netscape SOAPParameter vulnerability
- Add Mozilla/Thunderbird/Netscape POP client vulnerability
Approved by: portmgr |
1.1_1
14 Sep 2004 02:02:25
|
trhodes |
Update for recent Samba3 vulnerabilities.
Approved by: portmgr |
1.1_1
02 Sep 2004 12:02:29
|
nectar |
Adjust the affected version for imlib now that the 2nd instance of BMP
loader has been corrected. |
1.1_1
01 Sep 2004 17:12:54
|
nectar |
The recent commit to the krb5 port brought the version to 1.3.4_1 but
did not correct one of the existing vulnerabilities. Update the
affected range to compensate. |
1.1_1
31 Aug 2004 20:52:16
|
nectar |
Note recent MIT Kerberos 5 vulnerabilities. |
1.1_1
31 Aug 2004 14:55:49
|
nectar |
Document imlib2 BMP decoder bug. |
1.1_1
31 Aug 2004 14:34:03
|
nectar |
Document BMP decoder bugs in imlib1 and ImageMagick. |
1.1_1
30 Aug 2004 14:23:47
|
nectar |
Correct bogus date in mysql entry. (It should be YYYY-MM-DD, not
DD-MM-YYYY.)
Reported by: robert@openbsd.org |
1.1_1
30 Aug 2004 14:21:49
|
nectar |
Add more references (particularly CVE names) for issues affecting
SpamAssassin, tnftpd, ruby, mysql.
Place text taken from another source inside <blockquote cite="...">
for ruby issue. |
1.1_1
30 Aug 2004 11:08:58
|
eik |
correct/add some references |
1.1_1
27 Aug 2004 15:29:58
|
nectar |
Document NSS SSLv2 server buffer overflow (already referenced in
portaudit.txt). |
1.1_1
27 Aug 2004 14:43:07
|
nectar |
Document ripMIME decoding bug (already referenced in portaudit.txt). |
As an Amazon Associate I earn from qualifying purchases.
