Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_1 27 Aug 2004 04:29:59 |
marcus |
Remove <modified/> from the gnomevfs vulnerability since it was the same
as <entry/> and it needed to be last anyway.
Suggested by: nectar |
1.1_1 27 Aug 2004 01:48:56 |
marcus |
Update the gnomevfs entry to reflect the fixed versions. |
1.1_1 26 Aug 2004 22:30:07 |
trhodes |
Add entry for moinmoin ACL bypass. |
1.1_1 26 Aug 2004 22:10:50 |
nectar |
Note sanitize_path bug in rsync (already referenced in portaudit.txt). |
1.1_1 26 Aug 2004 21:12:28 |
nectar |
Unsafe URI handling in gnome-vfs, MidnightCommander. |
1.1_1 26 Aug 2004 20:34:41 |
nectar |
Document buffer overflows in SoX (already referenced in portaudit.txt). |
1.1_1 26 Aug 2004 20:15:22 |
nectar |
Document cookie bug in Konqueror (already referenced in portaudit.txt). |
1.1_1 25 Aug 2004 15:36:09 |
hrs |
- Fix "make validate" problem when textproc/xhtml-basic is
installed by adding an SGML declaration and DTDDECL.
- Remove the --catalogs option for xmllint(1) in validate.sh.
Approved by: nectar (maintainer)
PR: ports/63035 |
1.1 23 Aug 2004 19:18:08 |
trhodes |
Place port name in the description.
Suggested by: eik |
1.1 23 Aug 2004 16:08:13 |
nectar |
Add libxine vcd URL handling issue. |
1.1 23 Aug 2004 14:51:53 |
nectar |
Add DoS in SpamAssassin. |
1.1 23 Aug 2004 13:06:44 |
nectar |
Add <modified> date for previous commit. |
1.1 23 Aug 2004 13:05:07 |
nectar |
fidogate-ds was also affected by the ``write files as `news' user''
issue. |
1.1 22 Aug 2004 23:14:53 |
nectar |
Off-by-one error in courier-imap entry.
Noticed by: oliver |
1.1 22 Aug 2004 22:58:19 |
nectar |
Add a more useful reference for the Qt issue. |
1.1 22 Aug 2004 22:56:56 |
nectar |
Add Qt heap overflow issue. |
1.1 22 Aug 2004 22:39:32 |
nectar |
Add a security issue affected courier-imap when run with certain debug
flags. |
1.1 22 Aug 2004 22:28:54 |
nectar |
Add fidogate issue. |
1.1 22 Aug 2004 22:07:52 |
nectar |
Add an issue covering a vulnerability in mysqlhotcopy.
Reported by: robert@openbsd.org |
1.1 22 Aug 2004 21:44:40 |
nectar |
Cancel a VuXML entry for an Apache vulnerability that does not affect
FreeBSD.
Reminded by: recent conversations :-) |
1.1 21 Aug 2004 08:29:24 |
eik |
cancelled 6fd9a1e9-efd3-11d8-9837-000c41e2cdad: does not affect FreeBSD
<http://docs.FreeBSD.org/cgi/mid.cgi?20040817123651.GB930> |
1.1 17 Aug 2004 21:18:28 |
nectar |
Add a pointer to Przemyslaw Frasunek's advisory. |
1.1 17 Aug 2004 18:30:08 |
nectar |
For the lukemftpd/tnftpd issue, add a reference to NetBSD security
advisory now that it is available. |
1.1 17 Aug 2004 18:01:37 |
nectar |
Note a vulnerability in lukemftpd/tnftpd. |
1.1 17 Aug 2004 12:07:30 |
eik |
multiple CVS vulnerabilities |
1.1 17 Aug 2004 06:46:49 |
knu |
Correct the version numbers and dates in the last entry. |
1.1 17 Aug 2004 06:40:37 |
knu |
Add an entry for:
Ruby insecure file permissions in the CGI session management |
1.1 16 Aug 2004 22:38:28 |
nectar |
Document a setgid "games" security issue in xonix. Based on a VuXML
entry that was
Submitted by: robert@OpenBSD.org |
1.1 15 Aug 2004 15:51:15 |
nectar |
Correct the version number range affected for ja-samba.
Correct the version number range affected for Mozilla 1.8 alphas.
Problem hinted at by: eik |
1.1 15 Aug 2004 14:31:56 |
nectar |
Correct the version number range affected for Mozilla 1.8 alphas.
Problem hinted at by: eik
While I'm here, add a CVE name reference and a couple of other relevant
Bugzilla links. It is interesting that this security issue was reported
as early as 1999. Also, replace the text plagiarized from the Secunia
advisory without attribution with a more helpful (maybe?) description of
the issue. |
1.1 13 Aug 2004 21:31:53 |
trhodes |
Format string vulnerability in jftpgw.
Informed by: Robert Nagy <robert@openbsd.org> |
1.1 12 Aug 2004 22:06:17 |
nectar |
Repair broken URL.
Noticed by: simon |
1.1 12 Aug 2004 21:07:06 |
nectar |
Add two issues covering three KDE advisories: two temporary file
handling issues, and a KHTML issue. |
1.1 12 Aug 2004 20:54:13 |
marcus |
The last commit should have changed the comparison tag from <le> to <lt>. |
1.1 12 Aug 2004 20:44:41 |
marcus |
Update Gaim vulnerability (5b8f9a02-ec93-11d8-b913-000c41e2cdad) to indicate
that gaim-0.81_1 has a fix for this. |
1.1 12 Aug 2004 19:23:23 |
nectar |
The MSN component of Gaim contains remotely exploitable buffer
overflows. |
1.1 12 Aug 2004 19:05:51 |
nectar |
The Adobe Acrobat Reader can be coerced into executing arbitrary
commands on UNIX systems. |
1.1 12 Aug 2004 18:56:10 |
nectar |
Under certain configurations of POPfile may allow an attacker to
retrieve files from the victim's machine.
Reported by: Daniel Grund <mail@dgrund.de> |
1.1 12 Aug 2004 18:43:01 |
nectar |
Correct version information syntax in a number of entries. VuXML-using
tools are expected only to understand actual package names and version
numbers, not globs such as `foo-{bar,baz}' or `1.*'. |
1.1 12 Aug 2004 11:58:18 |
eik |
give the ImageMagick png vulnerability an own entry |
1.1 11 Aug 2004 22:57:51 |
eik |
f72ccf7c-e607-11d8-9b0a-000347a4fa7d is a duplicate of
6f955451-ba54-11d8-b88c-000d610a3b12, move references |
1.1 10 Aug 2004 11:00:48 |
eik |
add a reference for linux-png-1.0.x to 3a408f6f-9c52-11d8-9366-0020ed76ef5a |
1.1 09 Aug 2004 15:10:03 |
eik |
add ImageMagick to the list of png-vulnerable ports |
1.1 07 Aug 2004 08:33:00 |
eik |
correct typo |
1.1 06 Aug 2004 21:51:24 |
marcus |
Add an entry for Thunderbird to the libpng vulnerability. |
1.1 05 Aug 2004 23:35:33 |
eik |
move abe47a5a-e23c-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports |
1.1 05 Aug 2004 14:27:36 |
eik |
move f9e3e60b-e650-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports |
1.1 30 Jul 2004 11:19:37 |
eik |
Mozilla / Firefox user interface spoofing vulnerability |
1.1 27 Jul 2004 11:46:15 |
des |
Use & instead of naked &. |
1.1 27 Jul 2004 11:45:05 |
des |
Add CVE name and correct URL to iDEFENSE advisory for the SSLtelnet issue. |
1.1 22 Jul 2004 23:30:11 |
eik |
- add some references
- correctly match samba 3.0
- add ja-samba |
1.1 22 Jul 2004 15:45:05 |
trhodes |
Fix an XML tag. |
1.1 22 Jul 2004 15:22:43 |
trhodes |
Mark the 2.2.x series of Samba as vulnerable. |
1.1 22 Jul 2004 14:43:13 |
trhodes |
Recently announced Samba issue. |
1.1 16 Jul 2004 07:31:22 |
eik |
fix courier-imap version number |
1.1 15 Jul 2004 08:01:25 |
eik |
PHP memory_limit and strip_tags() vulnerabilities. |
1.1 11 Jul 2004 00:59:46 |
eik |
ethereal |
1.1 08 Jul 2004 14:24:07 |
eik |
move e5e2883d-ceb9-11d8-8898-000d6111a684 to vuln.xml |
1.1 05 Jul 2004 21:27:12 |
eik |
XSS vulnerability affecting other webmail systems |
1.1 05 Jul 2004 17:24:44 |
nectar |
Add missing mandatory <body> element for SSLtelnet issue. |
1.1 05 Jul 2004 12:03:53 |
des |
Add an entry for the SSLtelnet format string vulnerability. |
1.1 03 Jul 2004 15:27:22 |
naddy |
Pavuk HTTP Location header overflow |
1.1 03 Jul 2004 06:48:34 |
trhodes |
Move phpnuke vulnerabilities to VuXML. |
1.1 02 Jul 2004 14:24:04 |
eik |
GNATS local privilege elevation (corrected PORTREVISION) |
1.1 02 Jul 2004 13:31:45 |
eik |
GNATS local privilege elevation |
1.1 02 Jul 2004 09:13:07 |
des |
Whitespace cleanup. |
1.1 02 Jul 2004 09:12:52 |
des |
Add SA-04:13.linux |
1.1 02 Jul 2004 00:48:56 |
eik |
move "phpMyAdmin code injection" to vuxml |
1.1 01 Jul 2004 23:55:39 |
pav |
- Add phpMyAdmin 2.5.7 vulnerability.
I hope I got XML right. |
1.1 28 Jun 2004 22:49:17 |
trhodes |
Use the equal '=' sign as only the current version was affected. |
1.1 28 Jun 2004 21:27:16 |
eik |
add a reference to ISC DHCP overflows |
1.1 28 Jun 2004 21:20:00 |
trhodes |
Add xorg-clients due to xdm socket vuln. |
1.1 28 Jun 2004 03:58:47 |
trhodes |
Move MoinMoin entry to VuXML. |
1.1 27 Jun 2004 19:26:14 |
eik |
reference cleanup |
1.1 26 Jun 2004 00:45:08 |
trhodes |
Fix the previous entry; it had an incorrect port range. |
1.1 25 Jun 2004 20:01:28 |
trhodes |
Add an entry for recent isc-dhcp3-server buffer overflows.
Remove the one in portaudit.txt. |
1.1 25 Jun 2004 17:18:57 |
trhodes |
Move giFT-FastTrack to VuXML. |
1.1 25 Jun 2004 02:04:08 |
trhodes |
Fix an older entry which ends with "buffer overflows vuxml".
Fill in a date on my previous entry. |
1.1 25 Jun 2004 01:35:18 |
trhodes |
Move the Gallery entry to VuXML. |
1.1 25 Jun 2004 00:36:12 |
eik |
www/sitecopy uses the included libneon version 0.24.0 |
1.1 21 Jun 2004 22:03:48 |
eik |
I believe that linux-png-1.2.2 still contains the vulnerability.
Add some references that support this opinion. |
1.1 21 Jun 2004 20:04:18 |
pav |
- Extend png entry to cover it's linux-png variant
Requested by: eik |
1.1 14 Jun 2004 21:05:16 |
fjoe |
Midnight Commander security vulnerabilities
CAN-2004-0226, CAN-2004-0231, CAN-2004-0232
fixed in mc-4.6.0_10. |
1.1 12 Jun 2004 12:22:23 |
eik |
add a $FreeBSD$ tag |
1.1 09 Jun 2004 20:38:33 |
des |
Add CAN-2004-0541 (buffer overflow in Squid NTLM authentication helper) |
1.1 08 Jun 2004 12:42:09 |
eik |
Fix for CAN-2004-0097
Forgotten by: sobomax |
1.1 07 Jun 2004 21:21:06 |
des |
Correction: FreeBSD-SA-04:12.jailroute does not apply to 4.7 and older. |
1.1 07 Jun 2004 21:17:33 |
des |
Whitespace cleanup |
1.1 07 Jun 2004 21:17:02 |
des |
Add FreeBSD-SA-04:12.jailroute. |
1.1 26 May 2004 11:32:29 |
des |
FreeBSD-SA-04:11 |
1.1 24 May 2004 11:49:54 |
ale |
Update modified date for mysql bug after fixing typo.
Requested by: nectar |
1.1 21 May 2004 12:42:01 |
nectar |
Add CVE name for one of the leafnode issues. |
1.1 21 May 2004 12:39:46 |
nectar |
Edit the topics to distinguish a bit better between the different
leafnode DoS issues. |
1.1 21 May 2004 12:13:52 |
nectar |
Document several issues in leafnode.
Submitted by: Matthias Andree <matthias.andree@gmx.de> |
1.1 21 May 2004 07:57:39 |
ale |
Fix typo.
Spotted by: eik |
1.1 19 May 2004 21:06:20 |
nectar |
Correct a typo (s/Jon/Joe/) |
1.1 19 May 2004 20:21:32 |
nectar |
Add subversion and neon date parsing vulnerabilities. |
1.1 19 May 2004 12:57:14 |
des |
make tidy |
1.1 19 May 2004 12:55:35 |
des |
Add an entry for the cvs pserver heap overflow. |
1.1 18 May 2004 14:53:33 |
nectar |
Add CVE name and CERT Vulnerability Note references for old Cyrus bug. |