| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_5
04 Feb 2022 16:21:33
     |
Matthias Fechner (mfechner)  |
security/vuxml: Document gitlab vulnerabilities |
1.1_5
03 Feb 2022 14:02:33
|
Tobias Kortkamp (tobik) |
security/vuxml: Fix recent lang/rust entry
PR: 261449 |
1.1_5
02 Feb 2022 21:33:47
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 98.0.4758.80
Obtained
from: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html |
1.1_5
02 Feb 2022 12:48:15
|
Dave Cottlehuber (dch) |
security/vuxml: add h2o-devel vuln details
Security: CVE-2021-43848 |
1.1_5
02 Feb 2022 05:05:00
|
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:01.vt |
1.1_5
02 Feb 2022 01:47:37
|
Timur I. Bakeyev (timur) |
security/vuxml: Add a note about recent Samba vulnerabilities.
CVE-2021-43566
CVE-2021-44141
CVE-2021-44142
CVE-2022-0336
Security: CVE-2021-43566
CVE-2021-44141
CVE-2021-44142
CVE-2022-0336 |
1.1_5
31 Jan 2022 08:27:47
|
Bernard Spil (brnrd) |
security/vuxml: Document Rust vulnerability |
1.1_5
30 Jan 2022 00:12:57
|
Danilo G. Baio (dbaio) |
security/vuxml: Remove wrong cvename entry
From:
<vuln vid="7262f826-795e-11ec-8be6-d4c9ef517024">
<topic>MySQL -- Multiple vulnerabilities</topic>
<entry>2022-01-19</entry> |
1.1_5
29 Jan 2022 23:17:04
|
Danilo G. Baio (dbaio) |
security/vuxml: Document varnish cache vulnerability
PR: 261562
Security: CVE-2022-23959 |
1.1_5
28 Jan 2022 18:51:52
|
Matthias Andree (mandree) |
security/vuxml: document OpenEXR < 3.1.4 vuln
Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
Security: b6ef8a53-8062-11ec-9af3-fb232efe4d2e
Security: CVE-2021-45942 |
1.1_5
28 Jan 2022 15:21:05
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL MIPS vulnerability |
1.1_5
27 Jan 2022 07:18:51
|
Fernando ApesteguĂa (fernape) |
security/vuxml: Add CVE-2022-0323 (www/phpmustache)
Following change in 4f0a5e1540c3..6901bf72b3b2
Reported by: Marc Veldman <marc@bumblingdork.com> (maintainer) |
1.1_5
26 Jan 2022 23:05:01
|
Adriaan de Groot (adridg) |
security/vuxml: notify polkit local-privilege-escalation
It was unclear if the actual explot would work on FreeBSD,
since there's no GNU libc which the payload would work on.
The following changes are / have been applied:
- fix in polkit from upstream (from Greg V)
- at kernel level, fixes to disallow argc==0 (from kevans, I think)
PR: 261482 |
1.1_5
26 Jan 2022 18:54:49
|
Dries Michiels (driesm)
Author: Francois ten Krooden |
security/vuxml: Document security/strongswan CVE-2021-45079
PR: 261462 |
1.1_5
26 Jan 2022 04:44:03
|
Li-Wen Hsu (lwhsu)
Author: Francois ten Krooden |
security/vuxml: Add CVE-2021-41990 and CVE-2021-41991 for security/strongswan
PR: 259267 |
1.1_5
23 Jan 2022 23:01:46
|
Cy Schubert (cy) |
security/vuxml: Document aide CVE-2021-45417
Document aide heap buffer overflow.
PR: 261407
Reported by: Yonas Yanfa <yonas.yanfa@gmail.com> |
1.1_5
20 Jan 2022 16:42:12
|
Rene Ladan (rene) |
security/vuxml: document www/chromium < 97.0.4692.99
Obtained
from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html |
1.1_5
19 Jan 2022 19:48:50
|
Bernard Spil (brnrd) |
security/vuxml: Document MySQL vulnerabilities |
1.1_5
16 Jan 2022 06:30:30
|
Thomas Zander (riggs) |
security/vuxml: Document Prosody XMPP server advisory 2022-01-13
PR: 261210
Reported by: thomas@beingboiled.info
Security: CVE-2022-0217 |
1.1_5
13 Jan 2022 18:40:54
|
Bernard Spil (brnrd) |
security/vuxml: Document WordPress vulnerabilities |
1.1_5
13 Jan 2022 11:46:14
|
Matthias Fechner (mfechner) |
security/vuxml: document www/gitlab-ce vulnerabilities |
1.1_5
13 Jan 2022 03:32:20
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document invalid pointer read vulnerability in ClamAV. |
1.1_5
12 Jan 2022 18:57:55
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2022-01-12
Sponsored by: The FreeBSD Foundation |
1.1_5
09 Jan 2022 13:37:24
|
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in net/uniparser before 0.9.6
PR: 261056
Security: CVE-2021-46141
CVE-2021-46142 |
1.1_5
06 Jan 2022 01:35:36
|
Wen Heping (wen) |
security/vuxml: Document django multiple vulnerabilities. |
1.1_5
05 Jan 2022 14:46:17
|
Fernando ApesteguĂa (fernape) |
security/vuxml: document routinator vulnerabilities |
1.1_5
05 Jan 2022 13:14:51
|
Rene Ladan (rene) |
security/vuxml: document www/chromium < 97.0.4692.71
While here add definitions for 2022, as this is the first vuxml commit
of the year. This cannot be done in its own commit because `make
validate` complains in that case (even with a 0-byte vuln-2022.xml).
Obtained
from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html |
1.1_5
31 Dec 2021 09:19:15
|
Bernard Spil (brnrd) |
security/vuxml: Document Roundcube vulnerability |
1.1_5
30 Dec 2021 19:00:00
|
Tijl Coosemans (tijl) |
security/vuxml: Document Mbed TLS advisory 2021-12
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 |
1.1_5
30 Dec 2021 03:24:47
|
Philip Paeps (philip)
Author: Dan Mahoney |
security/vuxml: OpenDMARC 1.4.1 vulnerability
PR: 260594 |
1.1_5
30 Dec 2021 03:23:33
|
Philip Paeps (philip)
Author: Dan Mahoney |
security/vuxml: OpenDMARC 1.3.2 vulnerabilities
PR: 240505 |
1.1_5
29 Dec 2021 17:55:31
|
Steve Wills (swills) |
security/vuxml: document minio issue |
1.1_5
27 Dec 2021 22:06:58
|
Thierry Thomas (thierry) |
security/vuxml: add an entrey for ReDoS in graphics/py-pillow
Security: CVE-2021-23437 |
1.1_5
27 Dec 2021 18:18:46
|
Romain Tartière (romain) |
security/vuxml: Document more Log4Shell vulnerabilities
With hat: opensearch |
1.1_5
21 Dec 2021 23:41:14
|
Don Lewis (truckman) |
security/vuxml: Document opengrok RCE CVE-2021-2322 |
1.1_5
21 Dec 2021 13:39:58
|
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_5
21 Dec 2021 07:15:20
|
Dave Cottlehuber (dch) |
security/vuxml: add graylog RCE via log4j CVE-2021-45046
Security: CVE-2021-45046
Sponsored by: SkunkWerks, GmbH |
1.1_5
20 Dec 2021 15:37:40
|
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulnerabilities |
1.1_5
18 Dec 2021 20:11:37
|
Matthew Seaman (matthew) |
security/vuxml: add two grafana security advisories
Moderate severity directory traversal vulnerabilities for .csv
(CVE-2021-43815) and .md (CVE-2021-43813) files.
PR: 260358, 260401
Reported by: Boris Kozun (maintainer), ohauer |
1.1_5
15 Dec 2021 07:00:52
|
Alexander Leidinger (netchild) |
security/vuxml: add serviio (log4j) |
1.1_5
15 Dec 2021 04:03:47
|
Neel Chauhan (nc) |
security/vuxml: Add provoxy vulnerability |
1.1_5
14 Dec 2021 19:11:53
|
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL 3.0 vulnerability |
1.1_5
14 Dec 2021 12:42:11
|
Alexander Leidinger (netchild) |
security/vuxml: add security/bastillion (log4j) |
1.1_5
14 Dec 2021 10:21:55
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 96.0.4664.110
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html |
1.1_5
13 Dec 2021 16:52:39
|
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerabilities in Matrix clients
Security: 0dcf68fa-5c31-11ec-875e-901b0e9408dc |
1.1_5
13 Dec 2021 16:48:00
|
Ashish SHUKLA (ashish) |
security/vuxml: Fix tab/spaces in openhab2, and solr entries
This was breaking make validate for the entry I am trying to add
While here also purge the likely accidentally added file vuln.xml.unexpanded
in 00bad07fd782 |
1.1_5
13 Dec 2021 13:50:20
|
Matthias Fechner (mfechner) |
security/vuxml: fixed solr entry, only version 8.11.1 will fix it
The fixed version is not released yet. |
1.1_5
13 Dec 2021 13:04:38
|
Alexander Leidinger (netchild) |
security/vuxml: fix Solr XML and add openhab (log4shell) |
1.1_5
13 Dec 2021 07:22:56
|
Matthias Fechner (mfechner) |
security/vuxml: added vulnerability entry for solr |
1.1_5
13 Dec 2021 05:28:28
|
Romain Tartière (romain) |
security/vuxml: Document OpenSearch might be vulnerable to Log4Shell
With hat: opensearch |
1.1_5
12 Dec 2021 00:46:03
|
Xin LI (delphij)
Author: Boris Korzun |
security/vuxml: Document multiple vulnerabilities of grafana8
PR: ports/259638 |
1.1_5
11 Dec 2021 21:58:59
|
Carlo Strub (cs) |
security/vuxml: p7zip CVE-2018-10115
PR: 228239
Reported by: Dani <i.dani@outlook.com>
Security: CVE-2018-10115 |
1.1_5
11 Dec 2021 11:48:34
|
Dave Cottlehuber (dch) |
security/vuxml: document sysutils/graylog log4j vuln
Reported
by: https://github.com/Graylog2/graylog2-server/commit/d3e441f1126f0dc292e986879039a87c59375b2a
Security: CVE-2021-44228 |
1.1_5
10 Dec 2021 02:36:34
|
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5
07 Dec 2021 20:59:33
|
Rene Ladan (rene) |
security/vuxml: document www/chromium < 96.0.4664.93
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html |
1.1_5
07 Dec 2021 08:05:25
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_5
02 Dec 2021 13:58:50
|
Bernard Spil (brnrd) |
security/vuxml: Record NSS vulnerability |
1.1_5
01 Dec 2021 19:09:11
|
Matthias Andree (mandree) |
security/vuxml: mail/mailman < 2.1.38 CSRF vuln.
Security: CVE-2021-44227
Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e |
1.1_5
25 Nov 2021 01:54:25
|
Mateusz Piotrowski (0mp) |
security/vuxml: Mark java/bouncycastle as vulnerable where applicable
Some of the reported java/bouncycastle15 security issues affect the
legacy port of java/bouncycastle as well. Update vuxml.xml accordingly.
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc. |
1.1_5
24 Nov 2021 15:18:56
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document cookie prefix spoofing in rubygem-cgi |
1.1_5
24 Nov 2021 15:18:56
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document buffer overrun in rubygem-cgi |
1.1_5
24 Nov 2021 15:18:56
|
Yasuhiro Kimura (yasu) |
security/vuxml: Update affecting packages of
6916ea94-4628-11ec-bbe2-0800270512f4
This vulnerability also affects ruby ports. |
1.1_5
23 Nov 2021 16:53:00
|
Ashish SHUKLA (ashish)
Author: Evilham |
security/vuxml: Document vulnerability in Matrix Synapse
PR: 259994
Reported by: Sascha Biberhofer <ports at skyforge dot at>
Security: 27aa2253-4c72-11ec-b6b9-e86a64caca56
Security: CVE-2021-41281 |
1.1_5
19 Nov 2021 09:47:50
|
Guangyuan Yang (ygy)
Author: Robert Clausecker |
security/vuxml: Document archivers/advancecomp vulnerabilities
PR: 259534 |
1.1_5
16 Nov 2021 22:48:48
|
Rene Ladan (rene) |
security/vuxml: document www/chromium < 96.0.4664.45
Obtained
from: https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html |
1.1_5
15 Nov 2021 15:42:11
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document denial of service vunlerability in rubygem-date |
1.1_5
15 Nov 2021 11:04:58
|
Bernard Spil (brnrd) |
security/vuxml: Mark roundcube vuln in quarterly |
1.1_5
13 Nov 2021 10:52:32
|
Matthias Andree (mandree) |
security/vuxml: also list mailman exim4/postfix pkgs
The initial commit 162e701a5982 omitted listing the
-exim4 and -postfix packages. Make up for that.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332 |
1.1_5
13 Nov 2021 10:06:43
|
Matthias Andree (mandree) |
security/vuxml: document mail/mailman < 2.1.37 issues
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
LP: A crafted URL to the user options page can execute arbitrary
javascript.
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
LP: The CSRF token for the admindb page contains an encrypted version of
the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332 |
1.1_5
11 Nov 2021 14:45:28
|
Palle Girgensohn (girgen) |
security-vuxml: Add URL for PostgreSQL release notes |
1.1_5
11 Nov 2021 14:37:01
|
Palle Girgensohn (girgen) |
security/vuxml: Document latest PostgreSQL vulnerability
* CVE-2021-23214
* CVE-2021-23222 |
1.1_5
10 Nov 2021 06:31:25
|
Romain Tartière (romain) |
security/vuxml: Document latest Puppet issues
* CVE-2021-27023
* CVE-2021-27025 |
1.1_5
10 Nov 2021 02:04:01
|
Timur I. Bakeyev (timur) |
security/vuxml: Document latest Samba security issues.
* CVE-2020-25717
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* CVE-2016-2124
* CVE-2021-3738
* CVE-2021-23192 |
1.1_5
09 Nov 2021 08:41:37
|
Bernard Spil (brnrd) |
security/vuxml: Update latest MySQL entry
* Mark MariaDB vulnerable
* Add list of CVE's |
1.1_5
05 Nov 2021 08:35:56
|
Kai Knoblich (kai) |
security/vuxml: Document net/pyrad security issues
PR: 259332 |
1.1_5
05 Nov 2021 07:51:39
|
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5
04 Nov 2021 14:52:01
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-11-04
Sponsored by: The FreeBSD Foundation |
1.1_5
04 Nov 2021 08:51:40
|
Li-Wen Hsu (lwhsu)
Author: Stefan Bethke |
security/vuxml: Document security issues in gitlab <= 1.15.5
PR: 259548 |
1.1_5
30 Oct 2021 08:33:11
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5
29 Oct 2021 19:33:45
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 95.0.4638.69
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html |
1.1_5
28 Oct 2021 15:23:09
|
Sergey A. Osokin (osa) |
security/vuxml: fix openssl-devel-3.0.0-alpha12 package version |
1.1_5
27 Oct 2021 15:48:14
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible RCE vulnerability in fail2ban.
Differential Revision: https://reviews.freebsd.org/D32575 |
1.1_5
27 Oct 2021 09:01:21
|
Yasuhiro Kimura (yasu)
Author: Boris Korzun |
security/vuxml: Document snapshot authentication bypass vulnerability in Grafana
PR: 258962
Differential Revision: https://reviews.freebsd.org/D32667 |
1.1_5
23 Oct 2021 19:50:04
|
Steve Wills (swills) |
security/vuxml: document minio issue |
1.1_5
20 Oct 2021 17:59:37
|
Matthias Andree (mandree) |
security/vuxml: two mail/mailman < 2.1.35 vulns
Security: CVE-2021-42096
Security: CVE-2021-42097
Security: 8d65aa3b-31ce-11ec-8c32-a14e8e520dc7 |
1.1_5
19 Oct 2021 20:14:42
|
Rene Ladan (rene) |
security/vuxml: add www/chromium < 95.0.4638.54
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html |
1.1_5
17 Oct 2021 15:42:44
|
Bernard Spil (brnrd) |
security/vuxml: Document 2021Q4 MySQL vulnerabilities |
1.1_5
14 Oct 2021 18:31:11
|
Bradley T. Hughes (bhughes) |
security/vuxml: document Node.js October 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
Sponsored by: Miles AS |
1.1_5
12 Oct 2021 21:15:17
|
Bryan Drewery (bdrewery) |
security/vuxml: Update OpenSSH CVE-2021-41617 fix for quarterly commit |
1.1_5
12 Oct 2021 18:06:43
|
Bryan Drewery (bdrewery) |
security/vuxml: Document OpenSSH CVE-2021-41617 |
1.1_5
12 Oct 2021 13:16:54
|
Dave Cottlehuber (dch) |
security/vuxml: add CouchDB CVE details
while here, appease `make validate` indentation
Security: https://docs.couchdb.org/en/stable/cve/2021-38295.html
Sponsored by: SkunkWerks, GmbH |
1.1_5
11 Oct 2021 18:36:00
|
Don Lewis (truckman) |
security/vuxml: topic format consistency
Reformat to be consistent with other entries. |
1.1_5
11 Oct 2021 18:33:34
|
Don Lewis (truckman) |
security/vuxml: update editors/openoffice-{4,devel} latest entry
Add info about three just announced CVEs. |
1.1_5
11 Oct 2021 17:43:09
|
Mateusz Piotrowski (0mp) |
security/vuxml: Document Ansible vulnerability
Security: CVE-2021-3620 |
1.1_5
09 Oct 2021 21:20:53
|
Don Lewis (truckman) |
security/vuxml: Document editors/openoffice-{4,devel} vulnerability |
1.1_5
09 Oct 2021 07:02:33
|
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerability |
1.1_5
08 Oct 2021 08:25:04
|
Rene Ladan (rene) |
security/vuxml: document www/chromium < 94.0.4606.81
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html |
1.1_5
07 Oct 2021 17:38:35
|
Cy Schubert (cy) |
security/vuxml: Only apache24 2.4.49 and 2.4.50 are vulnerable |
1.1_5
07 Oct 2021 02:24:55
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range of 9bad457e-b396-4452-8773-15bec67e1ceb
Sponsored by: The FreeBSD Foundation |
1.1_5
07 Oct 2021 02:22:48
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-10-06
Sponsored by: The FreeBSD Foundation |
As an Amazon Associate I earn from qualifying purchases.
