non port: security/vuxml/vuln-2021.xml |
Number of commits found: 180 (showing only 100 on this page) |
Tuesday, 15 Nov 2022
|
19:27 Rene Ladan (rene)
security/vuxml: re-organize port
- move vuln-YYYY.xml files into vuln/ as just YYYY.xml
- this prevents problems with the new check_files hook when 2023 arrives.
87748de |
Wednesday, 9 Feb 2022
|
02:32 Jung-uk Kim (jkim)
security/vuxml: Add missing PORTEPOCH for x11/libX11
PR: 261804
392e232 |
Friday, 31 Dec 2021
|
09:19 Bernard Spil (brnrd)
security/vuxml: Document Roundcube vulnerability
b71e619 |
Thursday, 30 Dec 2021
|
19:00 Tijl Coosemans (tijl)
security/vuxml: Document Mbed TLS advisory 2021-12
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12
e362772 |
03:24 Philip Paeps (philip) Author: Dan Mahoney
security/vuxml: OpenDMARC 1.4.1 vulnerability
PR: 260594
06c4c6b |
03:23 Philip Paeps (philip) Author: Dan Mahoney
security/vuxml: OpenDMARC 1.3.2 vulnerabilities
PR: 240505
af45137 |
Wednesday, 29 Dec 2021
|
17:55 Steve Wills (swills)
security/vuxml: document minio issue
8885fea |
Monday, 27 Dec 2021
|
22:06 Thierry Thomas (thierry)
security/vuxml: add an entrey for ReDoS in graphics/py-pillow
Security: CVE-2021-23437
4019e41 |
18:18 Romain Tartière (romain)
security/vuxml: Document more Log4Shell vulnerabilities
With hat: opensearch
5e1978e |
Tuesday, 21 Dec 2021
|
23:41 Don Lewis (truckman)
security/vuxml: Document opengrok RCE CVE-2021-2322
49ba7b2 |
13:39 Wen Heping (wen)
security/vuxml: Document mediawiki multiple vulnerabilities
968c140 |
07:15 Dave Cottlehuber (dch)
security/vuxml: add graylog RCE via log4j CVE-2021-45046
Security: CVE-2021-45046
Sponsored by: SkunkWerks, GmbH
9195804 |
Monday, 20 Dec 2021
|
15:37 Bernard Spil (brnrd)
security/vuxml: Document Apache httpd vulnerabilities
13dbc3e |
Saturday, 18 Dec 2021
|
20:11 Matthew Seaman (matthew)
security/vuxml: add two grafana security advisories
Moderate severity directory traversal vulnerabilities for .csv
(CVE-2021-43815) and .md (CVE-2021-43813) files.
PR: 260358, 260401
Reported by: Boris Kozun (maintainer), ohauer
adfdbdd |
Wednesday, 15 Dec 2021
|
07:00 Alexander Leidinger (netchild)
security/vuxml: add serviio (log4j)
b864713 |
04:03 Neel Chauhan (nc)
security/vuxml: Add provoxy vulnerability
50ddf26 |
Tuesday, 14 Dec 2021
|
19:11 Bernard Spil (brnrd)
security/vuxml: Document OpenSSL 3.0 vulnerability
6b9cf2b |
12:42 Alexander Leidinger (netchild)
security/vuxml: add security/bastillion (log4j)
065c287 |
10:21 Rene Ladan (rene)
security/vuxml: add www/chromium < 96.0.4664.110
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
723ef71 |
Monday, 13 Dec 2021
|
16:52 Ashish SHUKLA (ashish)
security/vuxml: Document vulnerabilities in Matrix clients
Security: 0dcf68fa-5c31-11ec-875e-901b0e9408dc
c378636 |
16:48 Ashish SHUKLA (ashish)
security/vuxml: Fix tab/spaces in openhab2, and solr entries
This was breaking make validate for the entry I am trying to add
While here also purge the likely accidentally added file vuln.xml.unexpanded
in 00bad07fd782
590bbd1 |
13:50 Matthias Fechner (mfechner)
security/vuxml: fixed solr entry, only version 8.11.1 will fix it
The fixed version is not released yet.
00bad07 |
13:04 Alexander Leidinger (netchild)
security/vuxml: fix Solr XML and add openhab (log4shell)
b0989e4 |
07:22 Matthias Fechner (mfechner)
security/vuxml: added vulnerability entry for solr
01f7fdd |
05:28 Romain Tartière (romain)
security/vuxml: Document OpenSearch might be vulnerable to Log4Shell
With hat: opensearch
4486ff8 |
Sunday, 12 Dec 2021
|
00:46 Xin LI (delphij) Author: Boris Korzun
security/vuxml: Document multiple vulnerabilities of grafana8
PR: ports/259638
615d669 |
Saturday, 11 Dec 2021
|
21:58 Carlo Strub (cs)
security/vuxml: p7zip CVE-2018-10115
PR: 228239
Reported by: Dani <i.dani@outlook.com>
Security: CVE-2018-10115
221e594 |
11:48 Dave Cottlehuber (dch)
security/vuxml: document sysutils/graylog log4j vuln
Reported
by: https://github.com/Graylog2/graylog2-server/commit/d3e441f1126f0dc292e986879039a87c59375b2a
Security: CVE-2021-44228
4080607 |
Friday, 10 Dec 2021
|
02:36 Guangyuan Yang (ygy)
security/vuxml: Document lang/go vulnerabilities
cf5e0ff |
Tuesday, 7 Dec 2021
|
20:59 Rene Ladan (rene)
security/vuxml: document www/chromium < 96.0.4664.93
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
61be3bb |
08:05 Matthias Fechner (mfechner)
security/vuxml: document gitlab vulnerabilities
946f6a7 |
Thursday, 2 Dec 2021
|
13:58 Bernard Spil (brnrd)
security/vuxml: Record NSS vulnerability
30e0367 |
Wednesday, 1 Dec 2021
|
19:09 Matthias Andree (mandree)
security/vuxml: mail/mailman < 2.1.38 CSRF vuln.
Security: CVE-2021-44227
Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e
f1e61db |
Thursday, 25 Nov 2021
|
01:54 Mateusz Piotrowski (0mp)
security/vuxml: Mark java/bouncycastle as vulnerable where applicable
Some of the reported java/bouncycastle15 security issues affect the
legacy port of java/bouncycastle as well. Update vuxml.xml accordingly.
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
a1d3393 |
Wednesday, 24 Nov 2021
|
15:18 Yasuhiro Kimura (yasu)
security/vuxml: Update affecting packages of
6916ea94-4628-11ec-bbe2-0800270512f4
This vulnerability also affects ruby ports.
1ea17b42 |
15:18 Yasuhiro Kimura (yasu)
security/vuxml: Document buffer overrun in rubygem-cgi
81d7209 |
15:18 Yasuhiro Kimura (yasu)
security/vuxml: Document cookie prefix spoofing in rubygem-cgi
e7ee2d3 |
Tuesday, 23 Nov 2021
|
16:53 Ashish SHUKLA (ashish) Author: Evilham
security/vuxml: Document vulnerability in Matrix Synapse
PR: 259994
Reported by: Sascha Biberhofer <ports at skyforge dot at>
Security: 27aa2253-4c72-11ec-b6b9-e86a64caca56
Security: CVE-2021-41281
c6782b5 |
Friday, 19 Nov 2021
|
09:47 Guangyuan Yang (ygy) Author: Robert Clausecker
security/vuxml: Document archivers/advancecomp vulnerabilities
PR: 259534
866e2e8 |
Tuesday, 16 Nov 2021
|
22:48 Rene Ladan (rene)
security/vuxml: document www/chromium < 96.0.4664.45
Obtained
from: https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
aead957 |
Monday, 15 Nov 2021
|
15:42 Yasuhiro Kimura (yasu)
security/vuxml: Document denial of service vunlerability in rubygem-date
2bcc2e1 |
11:04 Bernard Spil (brnrd)
security/vuxml: Mark roundcube vuln in quarterly
51fac43 |
Saturday, 13 Nov 2021
|
10:52 Matthias Andree (mandree)
security/vuxml: also list mailman exim4/postfix pkgs
The initial commit 162e701a5982 omitted listing the
-exim4 and -postfix packages. Make up for that.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332
881fe68 |
10:06 Matthias Andree (mandree)
security/vuxml: document mail/mailman < 2.1.37 issues
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
LP: A crafted URL to the user options page can execute arbitrary
javascript.
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
LP: The CSRF token for the admindb page contains an encrypted version of
the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332
162e701 |
Thursday, 11 Nov 2021
|
14:45 Palle Girgensohn (girgen)
security-vuxml: Add URL for PostgreSQL release notes
adbbf5c |
14:37 Palle Girgensohn (girgen)
security/vuxml: Document latest PostgreSQL vulnerability
* CVE-2021-23214
* CVE-2021-23222
e48db63 |
Wednesday, 10 Nov 2021
|
06:31 Romain Tartière (romain)
security/vuxml: Document latest Puppet issues
* CVE-2021-27023
* CVE-2021-27025
fca6e90 |
02:04 Timur I. Bakeyev (timur)
security/vuxml: Document latest Samba security issues.
* CVE-2020-25717
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* CVE-2016-2124
* CVE-2021-3738
* CVE-2021-23192
756a109 |
Tuesday, 9 Nov 2021
|
08:41 Bernard Spil (brnrd)
security/vuxml: Update latest MySQL entry
* Mark MariaDB vulnerable
* Add list of CVE's
e9c90a2 |
Friday, 5 Nov 2021
|
08:35 Kai Knoblich (kai)
security/vuxml: Document net/pyrad security issues
PR: 259332
5966fe8 |
07:51 Guangyuan Yang (ygy)
security/vuxml: Document lang/go vulnerabilities
e7ce52c |
Thursday, 4 Nov 2021
|
14:52 Li-Wen Hsu (lwhsu)
security/vuxml: Document Jenkins Security Advisory 2021-11-04
Sponsored by: The FreeBSD Foundation
c5bb74d |
08:51 Li-Wen Hsu (lwhsu) Author: Stefan Bethke
security/vuxml: Document security issues in gitlab <= 1.15.5
PR: 259548
fd3f536 |
Saturday, 30 Oct 2021
|
08:33 Matthias Fechner (mfechner)
security/vuxml: Document gitlab vulnerabilities
714b88f |
Friday, 29 Oct 2021
|
19:33 Rene Ladan (rene)
security/vuxml: add www/chromium < 95.0.4638.69
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
e3b412e |
Thursday, 28 Oct 2021
|
15:23 Sergey A. Osokin (osa)
security/vuxml: fix openssl-devel-3.0.0-alpha12 package version
f19da96 |
Wednesday, 27 Oct 2021
|
15:48 Yasuhiro Kimura (yasu)
security/vuxml: Document possible RCE vulnerability in fail2ban.
Differential Revision: https://reviews.freebsd.org/D32575
653d4d2 |
09:01 Yasuhiro Kimura (yasu) Author: Boris Korzun
security/vuxml: Document snapshot authentication bypass vulnerability in Grafana
PR: 258962
Differential Revision: https://reviews.freebsd.org/D32667
e2ee21b |
Saturday, 23 Oct 2021
|
19:50 Steve Wills (swills)
security/vuxml: document minio issue
268b61b |
Wednesday, 20 Oct 2021
|
17:59 Matthias Andree (mandree)
security/vuxml: two mail/mailman < 2.1.35 vulns
Security: CVE-2021-42096
Security: CVE-2021-42097
Security: 8d65aa3b-31ce-11ec-8c32-a14e8e520dc7
07cb3b9 |
Tuesday, 19 Oct 2021
|
20:14 Rene Ladan (rene)
security/vuxml: add www/chromium < 95.0.4638.54
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html
578ec26 |
Sunday, 17 Oct 2021
|
15:42 Bernard Spil (brnrd)
security/vuxml: Document 2021Q4 MySQL vulnerabilities
5743630 |
Thursday, 14 Oct 2021
|
18:31 Bradley T. Hughes (bhughes)
security/vuxml: document Node.js October 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/
Sponsored by: Miles AS
5cc1cb5 |
Tuesday, 12 Oct 2021
|
21:15 Bryan Drewery (bdrewery)
security/vuxml: Update OpenSSH CVE-2021-41617 fix for quarterly commit
dd274bd |
18:06 Bryan Drewery (bdrewery)
security/vuxml: Document OpenSSH CVE-2021-41617
3d46198 |
13:16 Dave Cottlehuber (dch)
security/vuxml: add CouchDB CVE details
while here, appease `make validate` indentation
Security: https://docs.couchdb.org/en/stable/cve/2021-38295.html
Sponsored by: SkunkWerks, GmbH
e349d6c |
Monday, 11 Oct 2021
|
18:36 Don Lewis (truckman)
security/vuxml: topic format consistency
Reformat to be consistent with other entries.
aebbed0 |
18:33 Don Lewis (truckman)
security/vuxml: update editors/openoffice-{4,devel} latest entry
Add info about three just announced CVEs.
4d5d4cb |
17:43 Mateusz Piotrowski (0mp)
security/vuxml: Document Ansible vulnerability
Security: CVE-2021-3620
0eb5ae0 |
Saturday, 9 Oct 2021
|
21:20 Don Lewis (truckman)
security/vuxml: Document editors/openoffice-{4,devel} vulnerability
276eed1 |
07:02 Guangyuan Yang (ygy)
security/vuxml: Document lang/go vulnerability
bddf002 |
Friday, 8 Oct 2021
|
08:25 Rene Ladan (rene)
security/vuxml: document www/chromium < 94.0.4606.81
Obtained
from: https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html
6b0fd54 |
Thursday, 7 Oct 2021
|
17:38 Cy Schubert (cy)
security/vuxml: Only apache24 2.4.49 and 2.4.50 are vulnerable
7a1b88f |
02:24 Li-Wen Hsu (lwhsu)
security/vuxml: Fix version range of 9bad457e-b396-4452-8773-15bec67e1ceb
Sponsored by: The FreeBSD Foundation
12e8e45 |
02:22 Li-Wen Hsu (lwhsu)
security/vuxml: Document Jenkins Security Advisory 2021-10-06
Sponsored by: The FreeBSD Foundation
e0831e7 |
Wednesday, 6 Oct 2021
|
13:30 Bernard Spil (brnrd)
security/vuxml: Only apache24 2.4.49 is vulnerable
90eeb7f |
Tuesday, 5 Oct 2021
|
18:51 Sergey A. Osokin (osa)
security/vuxml: document multiple issues with databases/redis-devel
d244cfb |
13:28 Sergey A. Osokin (osa)
security/vuxml: document multiple issue with databases/redis{,5,6}
PR: 258935
84029f1 |
08:47 Bernard Spil (brnrd)
security/vuxml: Document Apache httpd vulnerability
8b6ac76 |
05:09 Matthias Fechner (mfechner)
security/vuxml: Document bacula-web vulnerabilities
1d26021 |
Friday, 1 Oct 2021
|
07:19 Wen Heping (wen)
security/vuxml: Document mediawiki's multiple vulnerabilities
897ec7c |
Thursday, 30 Sep 2021
|
21:03 Rene Ladan (rene)
security/vuxml: add www/chromium < 94.0.4606.71
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
b9a93c0 |
19:28 Matthias Fechner (mfechner)
security/vuxml: Document gitlab vulnerabilities
62420ab |
16:23 Li-Wen Hsu (lwhsu)
security/vuxml: Fix entry 7062bce0-1b17-11ec-9d9d-0022489ad614
This should also fix vuxml build.
PR: 258802
Sponsored by: The FreeBSD Foundation
15fa2a7 |
02:02 Alex Kozlov (ak)
security/vuxml: document archivers/ha vulnerabilities
74b0752 |
Wednesday, 29 Sep 2021
|
05:52 Kyle Evans (kevans)
security/vuxml: document recent nexus2-oss vulnerabilities
PR: 252564
6960fe9 |
Tuesday, 28 Sep 2021
|
08:29 Bernard Spil (brnrd)
security/vuxml: Fix range on latest cURL vuln
Submitted by: yasu
PR: 258586
31e18ce |
08:03 Bernard Spil (brnrd)
security/vuxml: Fix double CVE- in latest httpd entry
671ab33 |
Monday, 27 Sep 2021
|
08:39 Baptiste Daroussin (bapt) Author: Evgeniy Khramtsov
security/vuxml: add www/webkit2-gtk3
PR: 255528
Obtained from: https://webkitgtk.org/security/WSA-2021-0005.html
2af423a |
Friday, 24 Sep 2021
|
20:38 Rene Ladan (rene)
security/vuxml: add www/chromium < 94.0.4606.61
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html
5fc28dd |
Thursday, 23 Sep 2021
|
01:03 Craig Leres (leres)
security/vuxml: Fix missing <name> field
I wasn't able to see my mistake based on the error "make validate"
gave me:
Traceback (most recent call last):
File
"/usr/local/poudriere/ports/current-patched/security/vuxml/files/extra-validation.py",
line 99, in <module>
if (re_invalid_package_name.search(name.text) is not None):
TypeError: expected string or bytes-like object
*** Error code 1
Thanks to Dan for the pointy hat save.
Reported by: Dan Langille
d7110e4 |
Wednesday, 22 Sep 2021
|
22:09 Craig Leres (leres)
security/vuxml: Mark zeek < 4.0.4 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.4
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause
it to crash. Due to the possibility of this happening with packets
received from the network, this is a potential DoS vulnerability.
1d63728 |
08:59 Bernard Spil (brnrd)
security/vuxml: Document mod_auth_mellon vulnerability
bfdfd97 |
Tuesday, 21 Sep 2021
|
20:27 Bradley T. Hughes (bhughes)
security/vuxml: document Node.js August 2021 Security Releases (2)
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Sponsored by: Miles AS
ba1131a |
20:26 Bradley T. Hughes (bhughes)
security/vuxml: document Node.js August 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
Sponsored by: Miles AS
25745a7 |
20:26 Bradley T. Hughes (bhughes)
security/vuxml: document Node.js July 2021 Security Releases (2)
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
Sponsored by: Miles AS
f7e492c |
20:26 Bradley T. Hughes (bhughes)
security/vuxml: document Node.js July 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
Sponsored by: Miles AS
8c3ca5e |
20:17 Rene Ladan (rene)
security/vuxml: add chromium < 94.0.4606.54
Obtained
from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
8170e64 |
03:47 Po-Chuan Hsieh (sunpoet)
security/vuxml: Document libssh vulnerability
0e3bea1 |
Monday, 20 Sep 2021
|
06:26 Daniel Engberg (diizzy) Author: Robert Clausecker
security/vuxml: Add entry for libpano13 < 2.9.20
PR: 258354
Approved by: tcberner
Differential Revision: https://reviews.freebsd.org/D31980
8917d9a |
Number of commits found: 180 (showing only 100 on this page) |