| non port: security/vuxml/vuln.xml |
|
SVNWeb
|
Number of commits found: 6268 (showing only 100 on this page) |
|
Wed, 5 Jan 2022
|
[ 13:14 Rene Ladan (rene)  ]  355c650
security/vuxml: document www/chromium < 97.0.4692.71
While here add definitions for 2022, as this is the first vuxml commit
of the year. This cannot be done in its own commit because `make
validate` complains in that case (even with a 0-byte vuln-2022.xml).
Obtained
from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
|
|
Thu, 24 Jun 2021
|
[ 10:03 Li-Wen Hsu (lwhsu) ] 9f71f97
security/vuxml: Update the doc link and the comment of where to add new entry
Approved by: ports-secteam (implicitly)
|
|
Wed, 23 Jun 2021
|
[ 14:34 Li-Wen Hsu (lwhsu) ] 6954792
security/vuxml: Create 2021 entity
Let's create a new entity in the beginning of each year and append to it,
instead of massive copying in the end of each year.
|
[ 10:00 Li-Wen Hsu (lwhsu) ] f3e4dbc
security/vuxml: Fix version range of www/py-aiohttp
This also marks 3.7.4.p0 as fixed.
PR: 256219
|
|
Tue, 22 Jun 2021
|
[ 16:14 Juraj Lutter (otis) ] 235ae87
security/vuxml: Document mail/dovecot vulnerabilities
|
[ 16:14 Juraj Lutter (otis) ] a7e91b4
security/vuxml: Document mail/dovecot-pigeonhole vulnerability
|
|
Mon, 21 Jun 2021
|
[ 20:34 Brad Davis (brd) ] c2a2f2b
security/vuxml: Fix range for www/nginx CVE-2021-23017
Reviewed by: garga
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
[ 16:20 Danilo G. Baio (dbaio) ] 9dc61dc
security/vuxml: Fix 'make validate'
While here, remove hyperlinks to simplify, they can be accessed through
the report's url.
|
|
Sun, 20 Jun 2021
|
[ 01:31 Adam Weinberger (adamw) ] f7a5ae5
security/vuxml: Add entry for gitea < 1.14.3
PR: 256720
|
|
Fri, 18 Jun 2021
|
[ 11:01 Rene Ladan (rene) ] fd3ddca
security/vuxml: Add www/chromium < 91.0.4472.114
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
|
|
Tue, 15 Jun 2021
|
[ 15:48 Kevin Bowling (kbowling) ] bfa2545
security/vuxml: Document CVE-2021-29376 for irc/ircII
PR: 255492
Reported by: Andrew Gierth <andrew@tao11.riddles.org.uk>
|
|
Mon, 14 Jun 2021
|
[ 07:15 Bernard Spil (brnrd) ] 029ca9d
security/vuxml: Document Apache httpd vulns
|
|
Fri, 11 Jun 2021
|
[ 10:50 Dmitry Marakasov (amdmi3) ] 8c237a2
security/vuxml: document CVE-2021-33564 for rubygem-dragonfly
|
|
Thu, 10 Jun 2021
|
[ 14:37 Rodrigo Osorio (rodrigo) ] c7737d4
security/vuxml: Document CVE-2020-35701 for net-mgmt/cacti
|
[ 11:37 Rene Ladan (rene) ] e3a211b
security/vuxml: add Chromium < 91.0.4472.101
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
|
|
Tue, 8 Jun 2021
|
[ 19:30 Ashish SHUKLA (ashish) ] 4d17731
security/vuxml: Document CVE-2021-33896 in net-im/dino port
|
|
Sun, 6 Jun 2021
|
[ 20:48 Matthew Seaman (matthew) ] ef3b8b2
security/vuxml: Document CVE-2021-3515 for databases/pglogical
A shell injection flaw was found in pglogical in versions before 2.3.4
and before 3.6.26. An attacker with CREATEDB privileges on a
PostgreSQL server can craft a database name that allows execution of
shell commands as the postgresql user when calling
pglogical.create_subscription().
|
[ 08:48 Kurt Jaeger (pi) Author: Simon Wright ] daffeee
security/vuxml: add www/drupal7 CVE
|
|
Fri, 4 Jun 2021
|
[ 18:29 Tobias C. Berner (tcberner) ] 0958ffc
security/vuxml: document vulnerability in sysutils/polkit
Cedric Buissart reports:
The function `polkit_system_bus_name_get_creds_sync` is used to get the
uid and pid of the process requesting the action. It does this by
sending the unique bus name of the requesting process, which is
typically something like ":1.96", to `dbus-daemon`. These unique names
are assigned and managed by `dbus-daemon` and cannot be forged, so this
is a good way to check the privileges of the requesting process.
The vulnerability happens when the requesting process disconnects from
`dbus-daemon` just before the call to
`polkit_system_bus_name_get_creds_sync` starts. In this scenario, the
unique bus name is no longer valid, so `dbus-daemon` sends back an error (Only the first 15 lines of the commit message are shown above  )
|
[ 09:59 Thomas Zander (riggs) ] 44ca757
security/vuxml: Document CVE-2021-33054 for www/sogo*.
PR: 256374
Reported by: rob2g2 <spam123@bitbert.com>
|
[ 09:38 Fernando ApesteguĂa (fernape) ] a64c3e0
security/vuxml: Add CVE-2020-8492 for lang/tauthon
PR: 256387
Reported by: olivier.freebsd@free.fr
|
[ 09:32 Thomas Zander (riggs) ] df775d9
security/vuxml: Document CVE-2021-28091 for security/lasso.
PR: 256373
Reported by: spam123@bitbert.com
|
|
Thu, 3 Jun 2021
|
[ 23:17 Dmitri Goutnik (dmgk) ] 597614c
security/vuxml: Document lang/go vulnerabilities
|
[ 11:26 Dmitry Marakasov (amdmi3) ] 35af594
security/vuxml: document aiohttp CVE-2021-21330
|
|
Wed, 2 Jun 2021
|
[ 23:53 Craig Leres (leres) ] 29ff379
security/vuxml: Mark zeek < 4.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.2
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability.
|
[ 18:41 Dmitry Marakasov (amdmi3) ] 2acbd03
security/vuxml: add entry for PyYAML CVE-2020-14343
PR: 256220
|
[ 13:48 Ryan Steinmetz (zi) ] 687785a
security/vuxml: Document isc-dhcp44-* vulnerability
PR: 256377
|
[ 13:48 Ryan Steinmetz (zi) ] 72a5d3c
security/vuxml: Fix overly large entry that violates 'make validate'
|
|
Tue, 1 Jun 2021
|
[ 22:37 Matthias Fechner (mfechner) ] ddf691d
security/vuxml: Document gitlab vulnerabilities.
|
[ 16:59 Jung-uk Kim (jkim) ] 6e4e874
security/vuxml: Correct CVE entry for the x11/libX11 vulnerability
|
[ 15:35 Sergey A. Osokin (osa) ] ae21649
security/vuxml: document vulnerability in databases/redis
Security: CVE-2021-32625
|
[ 15:13 Jung-uk Kim (jkim) ] 51990d4
security/vuxml: Document vulnerability in x11/libX11
PR: 256034
Security: CVE-2021-31535
|
[ 03:02 Guangyuan Yang (ygy) Author: David O'Rourke ] 6890a3c
security/vuxml: Document vulnerability in net-mgmt/prometheus2
PR: 255976
Security: CVE-2021-29622
Approved by: lwhsu (mentor)
|
|
Mon, 31 May 2021
|
[ 20:55 Adriaan de Groot (adridg) ] 0bd31cd
security/vuxml: Document graphics/wayland <= 1.19.0
|
|
Thu, 27 May 2021
|
[ 05:17 Philip Paeps (philip) ] 23f6f30
security/vuxml: add FreeBSD SA-21:11.smap
|
[ 05:17 Philip Paeps (philip) ] bbd2f19
security/vuxml: add FreeBSD SA-21:12.libradius
|
|
Wed, 26 May 2021
|
[ 10:17 Rene Ladan (rene) ] 05bea26
vuln.xml: Document chromium < 91.0.4472.77
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
|
[ 00:33 Danilo G. Baio (dbaio) ] b48ef26
security/vuxml: Document net/libzmq4 issues
PR: 255102
Reported by: Thomas Petig <thomas@petig.eu>
Security: CVE-2019-13132
Security: CVE-2020-15166
|
|
Tue, 25 May 2021
|
[ 15:40 Sergey A. Osokin (osa) ] 1109a4b
security/vuxml: document vulnerability in www/nginx and www/nginx-devel
Security: CVE-2021-23017
|
|
Mon, 24 May 2021
|
[ 15:57 Palle Girgensohn (girgen) ] 4132a67
databases/pg_partman: arbitrary code execution
Security: CVE-2021-33204
|
[ 15:02 Tobias C. Berner (tcberner) ] 4ff5444
security/vuxml: document vulnerability in texptroc/expat2
Security: CVE-2013-0340
PR: 256121
|
|
Sun, 23 May 2021
|
[ 14:44 Tobias C. Berner (tcberner) Author: Yasuhiro Kimura ] d4a4187
security/vuxml: document vulnerability in texptroc/libxml2
PR: 256093
Security: CVE-2021-3541
|
|
Sat, 15 May 2021
|
[ 09:12 Palle Girgensohn (girgen) ] 4106061
databases/postgresql??-server: multiple security issues
|
|
Thu, 13 May 2021
|
[ 19:44 Neel Chauhan (nc) Author: Thomas Morper ] b1a6389
security/vuxml: Add entry for net-im/prosody
PR: 255845, 255849
|
[ 14:43 Thierry Thomas (thierry) ] 0e7c332
security/vuxml: declare vulnerabilities for ImageMagick7
PR: 255802
|
[ 14:43 Thierry Thomas (thierry) ] e34fc76
security/vuxml: declare vulnerabilities for ImageMagick6
PR: 255818
|
|
Wed, 12 May 2021
|
[ 10:09 Thierry Thomas (thierry) ] b1fa93c
security/vuxml: add vunerabilities fixed in 8.2.0
PR: 255361
|
|
Tue, 11 May 2021
|
[ 18:11 Rene Ladan (rene) ] 8a46088
Document vulnerabilities in Chromium < 90.0.4430.212
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
|
[ 15:19 Neel Chauhan (nc) Author: Sascha Biberhofer ] d110fd2
security/vuxml: Add entry for net-im/py-matrix-synapse
|
|
Mon, 10 May 2021
|
[ 12:35 Hajimu UMEMOTO (ume) ] ca28595
security/vuxml: cyrus-imapd -- Remote authenticated users could bypass intended
access restrictions on c\ertain server annotations.
|
|
Sat, 8 May 2021
|
[ 16:03 Christian Weisgerber (naddy) ] 11845a3
security/vuxml: Document FLAC out-of-bounds read
|
[ 09:33 Matthias Andree (mandree) ] 4878286
security/vuxml: add CVE #s for OpenEXR 2.5.4 fixes
|
|
Fri, 7 May 2021
|
[ 09:52 Po-Chuan Hsieh (sunpoet) ] 066d3db
security/vuxml: Document rails vulnerability
|
|
Thu, 6 May 2021
|
[ 20:12 Dmitri Goutnik (dmgk) ] bf7bd67
security/vuxml: Document lang/go vulnerability
|
|
Wed, 5 May 2021
|
[ 08:39 Mateusz Piotrowski (0mp) ] 56db844
security/vuxml: Document Ansible vulnerability
|
[ 07:05 Wen Heping (wen) ] f468496e
security/vuxml : Document django's multiple vulnerabilities
|
[ 03:39 Wen Heping (wen) ] 1388ee6
Document Python's multiple vulnerabilities
|
|
Tue, 4 May 2021
|
[ 14:26 Bernard Spil (brnrd) ] ebf2986
security/vuxml: Update latest MySQL vuln entry
* Adds CVE numbers
* Mark MariaDB partially affected
|
|
Mon, 3 May 2021
|
[ 21:44 Sergey A. Osokin (osa) ] f774368
security/vuxml: document recent vulnerabilities with redis ports.
PR: 255580
|
[ 13:59 Koichiro Iwao (meta) ] 4689236
security/vuxml: Document command injection vulnerability in RDoc
PR: 255552
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Security: CVE-2021-31799
|
|
Sun, 2 May 2021
|
[ 12:59 Kurt Jaeger (pi) Author: Geoffroy Desvernay ] 5271fab
security/vuxml: add mail/sympa CVE
PR: 252464
|
|
Sat, 1 May 2021
|
[ 01:25 Timur I. Bakeyev (timur) ] 265e9a6
Add an entry about Samba vulnerability CVE-2021-20254:
Negative idmap cache entries can cause incorrect group entries in the Samba file
server process token.
PR:
Submitted by:
Reported by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
MFH:
Relnotes:
Security: CVE-2021-20254
Sponsored by:
Differential Revision:
|
|
Thu, 29 Apr 2021
|
[ 23:00 Don Lewis (truckman) ] 4eea2e5
security/vuxml: Update fixed version of openoffice-devel.
CVE-2021-30245 is fixed in version 1619649022 of
editors/openoffice-devel.
|
|
Wed, 28 Apr 2021
|
[ 21:57 Matthias Fechner (mfechner) ] 199adc3
Document gitlab-ce vulnerabilities.
|
[ 21:57 Matthias Fechner (mfechner) ] 41ffee8
Document vulnerabilities for www/rubygem-carrierwave.
|
[ 16:56 Neel Chauhan (nc) ] 10ad22f
mail/sympa: add vuxml entry
PR: 255455
Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer)
|
|
Tue, 27 Apr 2021
|
[ 17:11 Rene Ladan (rene) ] 1eeb9f4
Document new vulns, www/chromium < 90.0.4430.93
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
|
|
Mon, 26 Apr 2021
|
[ 13:30 Palle Girgensohn (girgen) ] 7e0f5d9
security/shibboleth.sp: add more information to security advisory
|
[ 08:36 Palle Girgensohn (girgen) ] f0d60c4
security/shibboleth-sp: add entry for upcoming vulnerability
The details are not yet disclosed.
|
|
Wed, 21 Apr 2021
|
[ 21:40 Craig Leres (leres) ] 53d0f5e
security/vuxml: Mark zeek < 4.0.1 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.1
Fix null-pointer dereference when encountering an invalid enum name
in a config/input file that tries to read it into a set[enum]. For
those that have such an input feed whose contents may come from
external/remote sources, this is a potential DoS vulnerability.
|
[ 17:48 Matthias Andree (mandree) ] d1184f2
security/vuxml: add devel/openvpn < 2.5.2 entry
Security: CVE-2020-15078
Security: efb965be-a2c0-11eb-8956-1951a8617e30
|
[ 08:11 Rene Ladan (rene) ] d70c998
Document new vulnerabilities in www/chromium < 90.0.4430.85
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
|
|
Tue, 20 Apr 2021
|
[ 19:28 Bryan Drewery (bdrewery) ] c55e97c
Another openssh version fix for CVE-2021-28041.
Reported by: leres
|
[ 19:26 Li-Wen Hsu (lwhsu) ] 87da009
Document Jenkins Security Advisory 2021-04-20
Sponsored by: The FreeBSD Foundation
|
[ 15:37 Bryan Drewery (bdrewery) ] da89336
Fix openssh version in entry for CVE-2021-28041
Reported by: leres
|
[ 10:00 Bernard Spil (brnrd) ] 7dc3c80
security/vuxml: Add MySQL vulns
|
[ 03:49 Don Lewis (truckman) ] 940cf97
security/vuxml: Document OpenOffice vulnerability CVE-2021-30245
|
|
Mon, 19 Apr 2021
|
[ 04:11 Kevin Bowling (kbowling) ] 887cfad
devel/maven: update to 3.8.1
This is not just a bugfix as it contains three features that cause a change of
default behavior (external HTTP insecure URLs are now blocked by default): your
builds may fail when using this new Maven release, if you use now blocked
repositories. Please check and eventually fix before upgrading.
Changes http://maven.apache.org/docs/3.8.1/release-notes.html
PR: 255161
Approved by: Jonathan Chen <jonc@chen.org.nz> (maintainer)
Security: CVE-2021-26291
CVE-2020-13956
|
|
Sat, 17 Apr 2021
|
[ 16:31 Brad Davis (brd) ] 7031bbf
Document sysutils/consul vulnerabilities
|
|
Thu, 15 Apr 2021
|
[ 22:55 Mateusz Piotrowski (0mp) ] d227a2f
Document accountsservice vulnerability
|
[ 14:46 Mateusz Piotrowski (0mp) ] bc32e1b
Document textproc/mdbook vulnerability
|
[ 14:32 Matthias Fechner (mfechner) ] d6ac57a
Document gitlab vulnerabilities.
|
[ 13:51 Rene Ladan (rene) ] 4ec0339
Document new vulnerabilities in www/chromium < 90.0.4430.72
|
|
Wed, 14 Apr 2021
|
[ 17:47 Rene Ladan (rene) ] 34921a9
Document new vulnerabilities in www/chromium < 89.0.4389.128
Obtained
from: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.html
|
|
Tue, 13 Apr 2021
|
[ 15:50 Emmanuel Vadot (manu) ] f7859bc
security/vuxml: Document xorg-server vuln
|
|
Mon, 12 Apr 2021
|
[ 18:29 Adam Weinberger (adamw) ] 8497a2d
security/vuxml: Add entry for gitea < 1.14.0
PR: 254976
Submitted by: Stefan Bethke
|
[ 02:04 Steve Wills (swills) ] 6715140
security/vuxml: Document syncthing issue
|
|
Sat, 10 Apr 2021
|
[ 07:13 Thomas Zander (riggs) ] 1d4cfc1
security/vuxml: Document information disclosure vulnerability in python.
PR: 254780
Reported by: yasu@utahime.org
Security: CVE-2021-3426
|
[ 06:31 Thomas Zander (riggs) ] 1e89938
security/vuxml: Document 2 vulnerabilities in ftp/curl
Security: CVE-2021-22876
CVE-2021-22890
PR: 254772
Reported by: yasu@utahime.org
|
|
Fri, 9 Apr 2021
|
[ 22:08 Adam Weinberger (adamw) ] b3cd195
security/vuxml: Add entry for gitea < 1.13.7
PR: 254930
Submitted by: Stefan Bethke
|
|
Thu, 8 Apr 2021
|
[ 04:36 Neel Chauhan (nc) ] 48c9ebf
Document multiple vulnerabilities in security/clamav
PR: 254861
Submitted by: Yasuhiro Kimura <yasu AT utahime DOT org>
|
[ 00:43 Li-Wen Hsu (lwhsu) ] 80690bd
Document Jenkins Security Advisory 2021-04-07
Sponsored by: The FreeBSD Foundation
|
|
Wed, 7 Apr 2021
|
[ 18:58 Bradley T. Hughes (bhughes) ] 9d9b2b9
security/vuxml: document Node.js April 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/
|
[ 16:10 Lewis Cook (lcook) ] 01b07b7
security/vuxml: Document upnp stack overflow vulnerability
Approved by: fernape (mentor)
Differential Revision: https://reviews.freebsd.org/D29618
|
[ 11:24 Philip Paeps (philip) ] 86fc557
security/vuxml: add FreeBSD SA-21:10.jail_mount
|
[ 11:24 Philip Paeps (philip) ] 5fc1c8e
security/vuxml: add FreeBSD SA to CVE-2021-3449/50
Note that FreeBSD 12.2 prior to FreeBSD 12.2-RELEASE-p5 was vulnerable
to CVE-2021-3449 and CVE-2021-3450. Reference FreeBSD-SA-21:07.openssl.
|
[ 11:24 Philip Paeps (philip) ] f564431
security/vuxml: add FreeBSD SA-21:08.vm
|
[ 11:24 Philip Paeps (philip) ] ea0a047
security/vuxml: add FreeBSD SA-21:09.accept_filter
|
|
Tue, 6 Apr 2021
|
[ 14:31 Mathieu Arnold (mat) ] 135fdee (Only the first 10 of 2028 ports in this commit are shown above. )
all: Remove all other $FreeBSD keywords.
|
[ 13:53 Koichiro Iwao (meta) ] cbbdab4
security/vuxml: Document XML round-trip vulnerability of REXML in Ruby
Document XML round-trip vulnerability of REXML in Ruby.
PR: 254793
Reported by: Yasuhiro Kimura <yasu@utahime.org>
Security: CVE-2021-28965
|
Number of commits found: 6268 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.