Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 04 Feb 2022 16:21:33 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5 03 Feb 2022 14:02:33 |
Tobias Kortkamp (tobik) |
security/vuxml: Fix recent lang/rust entry
PR: 261449 |
1.1_5 02 Feb 2022 21:33:47 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 98.0.4758.80
Obtained
from: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html |
1.1_5 02 Feb 2022 12:48:15 |
Dave Cottlehuber (dch) |
security/vuxml: add h2o-devel vuln details
Security: CVE-2021-43848 |
1.1_5 02 Feb 2022 05:05:00 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:01.vt |
1.1_5 02 Feb 2022 01:47:37 |
Timur I. Bakeyev (timur) |
security/vuxml: Add a note about recent Samba vulnerabilities.
CVE-2021-43566
CVE-2021-44141
CVE-2021-44142
CVE-2022-0336
Security: CVE-2021-43566
CVE-2021-44141
CVE-2021-44142
CVE-2022-0336 |
1.1_5 31 Jan 2022 08:27:47 |
Bernard Spil (brnrd) |
security/vuxml: Document Rust vulnerability |
1.1_5 30 Jan 2022 00:12:57 |
Danilo G. Baio (dbaio) |
security/vuxml: Remove wrong cvename entry
From:
<vuln vid="7262f826-795e-11ec-8be6-d4c9ef517024">
<topic>MySQL -- Multiple vulnerabilities</topic>
<entry>2022-01-19</entry> |
1.1_5 29 Jan 2022 23:17:04 |
Danilo G. Baio (dbaio) |
security/vuxml: Document varnish cache vulnerability
PR: 261562
Security: CVE-2022-23959 |
1.1_5 28 Jan 2022 18:51:52 |
Matthias Andree (mandree) |
security/vuxml: document OpenEXR < 3.1.4 vuln
Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
Security: b6ef8a53-8062-11ec-9af3-fb232efe4d2e
Security: CVE-2021-45942 |
1.1_5 28 Jan 2022 15:21:05 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL MIPS vulnerability |
1.1_5 27 Jan 2022 07:18:51 |
Fernando ApesteguĂa (fernape) |
security/vuxml: Add CVE-2022-0323 (www/phpmustache)
Following change in 4f0a5e1540c3..6901bf72b3b2
Reported by: Marc Veldman <marc@bumblingdork.com> (maintainer) |
1.1_5 26 Jan 2022 23:05:01 |
Adriaan de Groot (adridg) |
security/vuxml: notify polkit local-privilege-escalation
It was unclear if the actual explot would work on FreeBSD,
since there's no GNU libc which the payload would work on.
The following changes are / have been applied:
- fix in polkit from upstream (from Greg V)
- at kernel level, fixes to disallow argc==0 (from kevans, I think)
PR: 261482 |
1.1_5 26 Jan 2022 18:54:49 |
Dries Michiels (driesm) Author: Francois ten Krooden |
security/vuxml: Document security/strongswan CVE-2021-45079
PR: 261462 |
1.1_5 26 Jan 2022 04:44:03 |
Li-Wen Hsu (lwhsu) Author: Francois ten Krooden |
security/vuxml: Add CVE-2021-41990 and CVE-2021-41991 for security/strongswan
PR: 259267 |
1.1_5 23 Jan 2022 23:01:46 |
Cy Schubert (cy) |
security/vuxml: Document aide CVE-2021-45417
Document aide heap buffer overflow.
PR: 261407
Reported by: Yonas Yanfa <yonas.yanfa@gmail.com> |
1.1_5 20 Jan 2022 16:42:12 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 97.0.4692.99
Obtained
from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html |
1.1_5 19 Jan 2022 19:48:50 |
Bernard Spil (brnrd) |
security/vuxml: Document MySQL vulnerabilities |
1.1_5 16 Jan 2022 06:30:30 |
Thomas Zander (riggs) |
security/vuxml: Document Prosody XMPP server advisory 2022-01-13
PR: 261210
Reported by: thomas@beingboiled.info
Security: CVE-2022-0217 |
1.1_5 13 Jan 2022 18:40:54 |
Bernard Spil (brnrd) |
security/vuxml: Document WordPress vulnerabilities |
1.1_5 13 Jan 2022 11:46:14 |
Matthias Fechner (mfechner) |
security/vuxml: document www/gitlab-ce vulnerabilities |
1.1_5 13 Jan 2022 03:32:20 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document invalid pointer read vulnerability in ClamAV. |
1.1_5 12 Jan 2022 18:57:55 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2022-01-12
Sponsored by: The FreeBSD Foundation |
1.1_5 09 Jan 2022 13:37:24 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in net/uniparser before 0.9.6
PR: 261056
Security: CVE-2021-46141
CVE-2021-46142 |
1.1_5 06 Jan 2022 01:35:36 |
Wen Heping (wen) |
security/vuxml: Document django multiple vulnerabilities. |
1.1_5 05 Jan 2022 14:46:17 |
Fernando ApesteguĂa (fernape) |
security/vuxml: document routinator vulnerabilities |
1.1_5 05 Jan 2022 13:14:51 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 97.0.4692.71
While here add definitions for 2022, as this is the first vuxml commit
of the year. This cannot be done in its own commit because `make
validate` complains in that case (even with a 0-byte vuln-2022.xml).
Obtained
from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html |
1.1_5 31 Dec 2021 09:19:15 |
Bernard Spil (brnrd) |
security/vuxml: Document Roundcube vulnerability |
1.1_5 30 Dec 2021 19:00:00 |
Tijl Coosemans (tijl) |
security/vuxml: Document Mbed TLS advisory 2021-12
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 |
1.1_5 30 Dec 2021 03:24:47 |
Philip Paeps (philip) Author: Dan Mahoney |
security/vuxml: OpenDMARC 1.4.1 vulnerability
PR: 260594 |
1.1_5 30 Dec 2021 03:23:33 |
Philip Paeps (philip) Author: Dan Mahoney |
security/vuxml: OpenDMARC 1.3.2 vulnerabilities
PR: 240505 |
1.1_5 29 Dec 2021 17:55:31 |
Steve Wills (swills) |
security/vuxml: document minio issue |
1.1_5 27 Dec 2021 22:06:58 |
Thierry Thomas (thierry) |
security/vuxml: add an entrey for ReDoS in graphics/py-pillow
Security: CVE-2021-23437 |
1.1_5 27 Dec 2021 18:18:46 |
Romain Tartière (romain) |
security/vuxml: Document more Log4Shell vulnerabilities
With hat: opensearch |
1.1_5 21 Dec 2021 23:41:14 |
Don Lewis (truckman) |
security/vuxml: Document opengrok RCE CVE-2021-2322 |
1.1_5 21 Dec 2021 13:39:58 |
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_5 21 Dec 2021 07:15:20 |
Dave Cottlehuber (dch) |
security/vuxml: add graylog RCE via log4j CVE-2021-45046
Security: CVE-2021-45046
Sponsored by: SkunkWerks, GmbH |
1.1_5 20 Dec 2021 15:37:40 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulnerabilities |
1.1_5 18 Dec 2021 20:11:37 |
Matthew Seaman (matthew) |
security/vuxml: add two grafana security advisories
Moderate severity directory traversal vulnerabilities for .csv
(CVE-2021-43815) and .md (CVE-2021-43813) files.
PR: 260358, 260401
Reported by: Boris Kozun (maintainer), ohauer |
1.1_5 15 Dec 2021 07:00:52 |
Alexander Leidinger (netchild) |
security/vuxml: add serviio (log4j) |
1.1_5 15 Dec 2021 04:03:47 |
Neel Chauhan (nc) |
security/vuxml: Add provoxy vulnerability |
1.1_5 14 Dec 2021 19:11:53 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL 3.0 vulnerability |
1.1_5 14 Dec 2021 12:42:11 |
Alexander Leidinger (netchild) |
security/vuxml: add security/bastillion (log4j) |
1.1_5 14 Dec 2021 10:21:55 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 96.0.4664.110
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html |
1.1_5 13 Dec 2021 16:52:39 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerabilities in Matrix clients
Security: 0dcf68fa-5c31-11ec-875e-901b0e9408dc |
1.1_5 13 Dec 2021 16:48:00 |
Ashish SHUKLA (ashish) |
security/vuxml: Fix tab/spaces in openhab2, and solr entries
This was breaking make validate for the entry I am trying to add
While here also purge the likely accidentally added file vuln.xml.unexpanded
in 00bad07fd782 |
1.1_5 13 Dec 2021 13:50:20 |
Matthias Fechner (mfechner) |
security/vuxml: fixed solr entry, only version 8.11.1 will fix it
The fixed version is not released yet. |
1.1_5 13 Dec 2021 13:04:38 |
Alexander Leidinger (netchild) |
security/vuxml: fix Solr XML and add openhab (log4shell) |
1.1_5 13 Dec 2021 07:22:56 |
Matthias Fechner (mfechner) |
security/vuxml: added vulnerability entry for solr |
1.1_5 13 Dec 2021 05:28:28 |
Romain Tartière (romain) |
security/vuxml: Document OpenSearch might be vulnerable to Log4Shell
With hat: opensearch |
1.1_5 12 Dec 2021 00:46:03 |
Xin LI (delphij) Author: Boris Korzun |
security/vuxml: Document multiple vulnerabilities of grafana8
PR: ports/259638 |
1.1_5 11 Dec 2021 21:58:59 |
Carlo Strub (cs) |
security/vuxml: p7zip CVE-2018-10115
PR: 228239
Reported by: Dani <i.dani@outlook.com>
Security: CVE-2018-10115 |
1.1_5 11 Dec 2021 11:48:34 |
Dave Cottlehuber (dch) |
security/vuxml: document sysutils/graylog log4j vuln
Reported
by: https://github.com/Graylog2/graylog2-server/commit/d3e441f1126f0dc292e986879039a87c59375b2a
Security: CVE-2021-44228 |
1.1_5 10 Dec 2021 02:36:34 |
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 07 Dec 2021 20:59:33 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 96.0.4664.93
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html |
1.1_5 07 Dec 2021 08:05:25 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_5 02 Dec 2021 13:58:50 |
Bernard Spil (brnrd) |
security/vuxml: Record NSS vulnerability |
1.1_5 01 Dec 2021 19:09:11 |
Matthias Andree (mandree) |
security/vuxml: mail/mailman < 2.1.38 CSRF vuln.
Security: CVE-2021-44227
Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e |
1.1_5 25 Nov 2021 01:54:25 |
Mateusz Piotrowski (0mp) |
security/vuxml: Mark java/bouncycastle as vulnerable where applicable
Some of the reported java/bouncycastle15 security issues affect the
legacy port of java/bouncycastle as well. Update vuxml.xml accordingly.
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc. |
1.1_5 24 Nov 2021 15:18:56 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document cookie prefix spoofing in rubygem-cgi |
1.1_5 24 Nov 2021 15:18:56 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document buffer overrun in rubygem-cgi |
1.1_5 24 Nov 2021 15:18:56 |
Yasuhiro Kimura (yasu) |
security/vuxml: Update affecting packages of
6916ea94-4628-11ec-bbe2-0800270512f4
This vulnerability also affects ruby ports. |
1.1_5 23 Nov 2021 16:53:00 |
Ashish SHUKLA (ashish) Author: Evilham |
security/vuxml: Document vulnerability in Matrix Synapse
PR: 259994
Reported by: Sascha Biberhofer <ports at skyforge dot at>
Security: 27aa2253-4c72-11ec-b6b9-e86a64caca56
Security: CVE-2021-41281 |
1.1_5 19 Nov 2021 09:47:50 |
Guangyuan Yang (ygy) Author: Robert Clausecker |
security/vuxml: Document archivers/advancecomp vulnerabilities
PR: 259534 |
1.1_5 16 Nov 2021 22:48:48 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 96.0.4664.45
Obtained
from: https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html |
1.1_5 15 Nov 2021 15:42:11 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document denial of service vunlerability in rubygem-date |
1.1_5 15 Nov 2021 11:04:58 |
Bernard Spil (brnrd) |
security/vuxml: Mark roundcube vuln in quarterly |
1.1_5 13 Nov 2021 10:52:32 |
Matthias Andree (mandree) |
security/vuxml: also list mailman exim4/postfix pkgs
The initial commit 162e701a5982 omitted listing the
-exim4 and -postfix packages. Make up for that.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332 |
1.1_5 13 Nov 2021 10:06:43 |
Matthias Andree (mandree) |
security/vuxml: document mail/mailman < 2.1.37 issues
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
LP: A crafted URL to the user options page can execute arbitrary
javascript.
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
LP: The CSRF token for the admindb page contains an encrypted version of
the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332 |
1.1_5 11 Nov 2021 14:45:28 |
Palle Girgensohn (girgen) |
security-vuxml: Add URL for PostgreSQL release notes |
1.1_5 11 Nov 2021 14:37:01 |
Palle Girgensohn (girgen) |
security/vuxml: Document latest PostgreSQL vulnerability
* CVE-2021-23214
* CVE-2021-23222 |
1.1_5 10 Nov 2021 06:31:25 |
Romain Tartière (romain) |
security/vuxml: Document latest Puppet issues
* CVE-2021-27023
* CVE-2021-27025 |
1.1_5 10 Nov 2021 02:04:01 |
Timur I. Bakeyev (timur) |
security/vuxml: Document latest Samba security issues.
* CVE-2020-25717
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* CVE-2016-2124
* CVE-2021-3738
* CVE-2021-23192 |
1.1_5 09 Nov 2021 08:41:37 |
Bernard Spil (brnrd) |
security/vuxml: Update latest MySQL entry
* Mark MariaDB vulnerable
* Add list of CVE's |
1.1_5 05 Nov 2021 08:35:56 |
Kai Knoblich (kai) |
security/vuxml: Document net/pyrad security issues
PR: 259332 |
1.1_5 05 Nov 2021 07:51:39 |
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 04 Nov 2021 14:52:01 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-11-04
Sponsored by: The FreeBSD Foundation |
1.1_5 04 Nov 2021 08:51:40 |
Li-Wen Hsu (lwhsu) Author: Stefan Bethke |
security/vuxml: Document security issues in gitlab <= 1.15.5
PR: 259548 |
1.1_5 30 Oct 2021 08:33:11 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5 29 Oct 2021 19:33:45 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 95.0.4638.69
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html |
1.1_5 28 Oct 2021 15:23:09 |
Sergey A. Osokin (osa) |
security/vuxml: fix openssl-devel-3.0.0-alpha12 package version |
1.1_5 27 Oct 2021 15:48:14 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible RCE vulnerability in fail2ban.
Differential Revision: https://reviews.freebsd.org/D32575 |
1.1_5 27 Oct 2021 09:01:21 |
Yasuhiro Kimura (yasu) Author: Boris Korzun |
security/vuxml: Document snapshot authentication bypass vulnerability in Grafana
PR: 258962
Differential Revision: https://reviews.freebsd.org/D32667 |
1.1_5 23 Oct 2021 19:50:04 |
Steve Wills (swills) |
security/vuxml: document minio issue |
1.1_5 20 Oct 2021 17:59:37 |
Matthias Andree (mandree) |
security/vuxml: two mail/mailman < 2.1.35 vulns
Security: CVE-2021-42096
Security: CVE-2021-42097
Security: 8d65aa3b-31ce-11ec-8c32-a14e8e520dc7 |
1.1_5 19 Oct 2021 20:14:42 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 95.0.4638.54
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html |
1.1_5 17 Oct 2021 15:42:44 |
Bernard Spil (brnrd) |
security/vuxml: Document 2021Q4 MySQL vulnerabilities |
1.1_5 14 Oct 2021 18:31:11 |
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js October 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
Sponsored by: Miles AS |
1.1_5 12 Oct 2021 21:15:17 |
Bryan Drewery (bdrewery) |
security/vuxml: Update OpenSSH CVE-2021-41617 fix for quarterly commit |
1.1_5 12 Oct 2021 18:06:43 |
Bryan Drewery (bdrewery) |
security/vuxml: Document OpenSSH CVE-2021-41617 |
1.1_5 12 Oct 2021 13:16:54 |
Dave Cottlehuber (dch) |
security/vuxml: add CouchDB CVE details
while here, appease `make validate` indentation
Security: https://docs.couchdb.org/en/stable/cve/2021-38295.html
Sponsored by: SkunkWerks, GmbH |
1.1_5 11 Oct 2021 18:36:00 |
Don Lewis (truckman) |
security/vuxml: topic format consistency
Reformat to be consistent with other entries. |
1.1_5 11 Oct 2021 18:33:34 |
Don Lewis (truckman) |
security/vuxml: update editors/openoffice-{4,devel} latest entry
Add info about three just announced CVEs. |
1.1_5 11 Oct 2021 17:43:09 |
Mateusz Piotrowski (0mp) |
security/vuxml: Document Ansible vulnerability
Security: CVE-2021-3620 |
1.1_5 09 Oct 2021 21:20:53 |
Don Lewis (truckman) |
security/vuxml: Document editors/openoffice-{4,devel} vulnerability |
1.1_5 09 Oct 2021 07:02:33 |
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerability |
1.1_5 08 Oct 2021 08:25:04 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 94.0.4606.81
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html |
1.1_5 07 Oct 2021 17:38:35 |
Cy Schubert (cy) |
security/vuxml: Only apache24 2.4.49 and 2.4.50 are vulnerable |
1.1_5 07 Oct 2021 02:24:55 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range of 9bad457e-b396-4452-8773-15bec67e1ceb
Sponsored by: The FreeBSD Foundation |
1.1_5 07 Oct 2021 02:22:48 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-10-06
Sponsored by: The FreeBSD Foundation |