13:22 tijl 

Add Mbed TLS Security Advisory 2018-03.

Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
Security:	CVE-2018-19608

 

11:57 joneum 

Add entry for typo3-8 and typo3-9

PR:		233935 233936
Sponsored by:	Netzkommune GmbH

 

11:20 mfechner 

Document gitlab-ce vulnerability.

Approved by:	mentors (implicit)

 

10:24 matthew 

Revert r487286 -- PHP70 is still present in the 2018Q4 quarterly branch.

Reported by:	mat

 

09:16 matthew 

PHP 70 was EoL'd and is no longer in the ports.

Reported by:	joneum

 

07:18 matthew 

Document three more security advisories from phpMyAdmin

 

17:50 jbeich 

security/vuxml: update to 1.1_3

 

14:02 feld 

Document FreeBSD-SA-18:14.bhyve

 

14:02 feld 

Document FreeBSD-SA-18:13.nfs

 

05:55 bhughes 

security/vuxml: document Node.js vulnerabilities from November 2018

https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Sponsored by:	Miles AS

 

21:36 swills 

Document powerdns-recursor issue

PR:		233603
Submitted by:	Ralf van der Enden <tremere@cainites.net>

 

01:50 swills 

Correct entry date on previous entry

Pointyhat to:	swills

 

01:47 swills 

Document security/py-asyncssh issue

 

19:30 mfechner 

Document security vulnerability for gitlab-ce < 11.5.3.

Approved by:	mentors (implicit)

 

07:51 jkim 

Document the latest Flash Player vulnerabilities.

https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

 

09:33 lwhsu 

Document Jenkins Security Advisory 2018-12-05

Sponsored by:	The FreeBSD Foundation

 

02:25 wen 

- Document moodle login CSRF vulnerability

 

15:40 sunpoet 

Document Rails vulnerability

 

08:39 riggs 

Document multiple vulnerabilities in net/uniparser

Reported by:	sebastian@pipping.org via e-mail

 

21:07 tcberner 

Add info about security vulnerability in messagelib.

 

19:57 pi 

security/vuxml: document www/payara vulnerabilities

PR:		233573
Submitted by:	Dmytro Bilokha <dmytro@posteo.net>

 

19:03 mfechner 

Document gitlab security vulnerabilities.

Approved by:	mentors (implicit)

 

13:45 timur 

Add an entry about new vulnerabilities in the Samba packages.

Security:	CVE-2018-14629
		CVE-2018-16841
		CVE-2018-16851
		CVE-2018-16852
		CVE-2018-16853
		CVE-2018-16857
Sponsored by:	my wife

 

14:37 joneum 

Modified entry and add phpmailer

PR:		233420 233416
Sponsored by:	Netzkommune GmbH

 

11:47 joneum 

Modified entry and add php70-imap

Sponsored by:	Netzkommune GmbH

 

09:47 ale 

Add VuXML entry for php-imap vulnerability.

 

22:09 joneum 

Add entry for mail/phpmailer6

Sponsored by:	Netzkommune GmbH

 

19:27 jkim 

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-44.html

 

15:42 mfechner 

Document vulnerabilities for gitlab-ce.

Approved by:	mentors (implicit)

 

10:23 krion 

Add entry for dns/powerdns

PR:		233139
Submitted by:	maintainer

 

10:45 joneum 

Add entry for dns/powerdns-recursor40

PR:		233141
Sponsored by:	Netzkommune GmbH

 

18:00 joneum 

Add entry for dns/powerdns-recursor

PR:		233140
Sponsored by:	Netzkommune GmbH

 

17:54 madpilot 

Document recent asterisk vulneraability.

 

23:12 jkim 

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-39.html

 

20:18 brnrd 

security/vuxml: Document openssl vulnerability

 

19:03 tcberner 

security/vuxml: Add entry for devel/kio-extras <= 18.08.3_1

  https://www.kde.org/info/security/advisory-20181012-1.txt

Security:	CVE-2018-19120

 

18:24 sunpoet 

Update openjpeg status

 

18:03 jbeich 

security/vuxml: list CVE numbers forgotten in r484705

 

17:53 jbeich 

security/vuxml: mark patch < 2.7.7 as vulnerable

Another copypasta because pkg-audit(8) doesn't grok CPE e.g.,
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe:2.3:a:gnu:patch:2.7.6

 

14:02 brnrd 

security/vuxml: Update latest openssl entry

 - LibreSSL prior to 2.8 not vulnerable
 - LibreSSL likely not vulnerable to CVE-2018-0735

PR:		233109
Submitted by:	Franco Fichtner <franco opnsense org>

 

10:54 dinoex 

- lighttpd - use-after-free vulnerabilities
PR:		232278

 

23:08 girgen 

Add info about security vulnerability in PostgreSQL

Security:	CVE-2018-16850

 

17:29 brnrd 

security/vuxml: Mark MariaDB 10.3.10 vulnerable

 - From MariaDB release notes (not released yet)

See: https://mariadb.com/kb/en/library/mariadb-10311-release-notes/

PR:		233068

 

17:24 joneum 

Add modified entrey for drupal after changes in r484148

Sponsored by:	Netzkommune GmbH

 

16:34 joneum 

Add entry for nginx and nginx-devel

Sponsored by:	Netzkommune GmbH

 

21:16 acm 

- Add www/drupal8 entry

 

22:00 flo 

Document gitea vulnerability

PR:		232897
Submitted by:	stb@lassitu.de (maintainer)

 

19:20 sunpoet 

Document curl vulnerability

 

19:06 mfechner 

Document gilab-ce vulnerability.

Approved by:	mentors (implicit)

 

14:05 sunpoet 

Document rubygem-loofah vulnerability

 

12:16 brnrd 

security/vuxml: Update latest OpenSSL entry

 - As per a LibreSSL dev, also vulnerable

 

18:33 mfechner 

Documented several security issues with www/gitlab-ce.

Approved by:	mentors (implicit)

 

17:51 brnrd 

security/vuxml: Document OpenSSL 1.1.x vulnerabilities

 

16:26 riggs 

Document potential remote code execution in net/liveMedia (CVE-2018-4013)

 

17:04 leres 

Mark mini_httpd < 1.30 as vulnerable as per:

    http://acme.com/updates/archive/211.html

The issue is arbitrary file disclosure in some circumstances.

Reviewed by:	matthew (mentor)
Approved by:	matthew (mentor)
Differential Revision:	https://reviews.freebsd.org/D17718

 

08:06 woodsb02 

Add entry for sysutils/py-salt

PR:		232663
Reported by:	Christer Edwards <christer.edwards@gmail.com>
Security:	https://www.vuxml.org/freebsd/4f7c6af3-6a2c-4ead-8453-04e509688d45.html

 

17:32 jbeich 

security/vuxml: mark firefox < 63 as vulnerable

 

16:21 joneum 

Add entry for www/drupal7

Sponsored by:	Netzkommune GmbH

 

14:57 sunpoet 

Document ruby vulnerability

PR:		232427 (based on)
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>

 

07:58 brnrd 

security/vuxml: Document 2018-10 MySQL vulnerabilities

 

16:06 joneum 

Add entry for www/matomo

Sponsored by:	Netzkommune GmbH

 

15:54 feld 

Document libssh vulnerability

PR:		232344
Security:	CVE-2018-10933

 

11:29 mfechner 

Document security vulnerability with devel/libgit2 < 0.27.5.

Approved by:	mentors (implicit)

 

19:54 thierry 

Add an entry for a memory leak bug in net-im/tox < v0.2.8.

 

15:28 joneum 

Add entry for www/gitea

PR:		232123
Reported by:	maintainer
Sponsored by:	Netzkommune GmbH

 

13:42 lwhsu 

Document Jenkins Security Advisory 2018-10-10

Sponsored by:	The FreeBSD Foundation

 

21:13 dinoex 

- add entry for tinc and tinc-devel

 

22:06 mfechner 

Document several vulnerabilities for gitlab-ce.

Approved by:	mentors (implicit)

 

01:32 ler 

security/vuxml: add multiple vulnerabilities in security/clamav.

PR:		231924
Submitted by:	yasu@utahime.org

 

13:46 wen 

- Document django21 vulnerability

 

01:01 jbeich 

security/vuxml: mark firefox < 62.0.3 as vulnerable

 

19:02 mfechner 

Document several vulnerabilities for gitlab-ce.

Approved by:	mentors (implicit)

 

14:53 swills 

Document pango DoS

 

06:48 joneum 

Add entry for www/serendipity

Sponsored by:	Netzkommune GmbH

 

23:26 kbowling 

security/vuxml: Add entry for net-p2p/bitcoin CVE-2018-17144

Add VuXML for r480928

Approved by:	timur (mentor)
Differential Revision:	https://reviews.freebsd.org/D17360

 

18:09 zeising 

Document spamassassin - multiple vulnerabilities

Document spamassassin vulnerabilities, as found in this announcement:
https://seclists.org/oss-sec/2018/q3/242

 

13:07 lme 

security/vuxml:

Document wesnoth vulnerability

 

12:49 brnrd 

security/vuxml: Add Apache 2.4 vulnerability

 

16:09 sunpoet 

Update OpenJPEG vulnerability

CVE-2018-5785 was fixed in r480624.

 

14:07 tobik 

Document mantis vulnerability

 

16:50 sunpoet 

Document rubygem-smart_proxy_dynflow vulnerability

 

14:05 wen 

- Document mediawiki's multiple vulnerabilities

 

23:03 jbeich 

security/vuxml: mark firefox < 62.0.2 as vulnerable

 

08:17 madpilot 

Document new asterisk vulnerability.

 

10:48 wen 

- Document moodle multiple vulnerabilities

 

23:40 ler 

security/vuxml: add Joomla3 Vulnerabilities

 

08:54 jbeich 

security/vuxml: mark waterfox < 56.2.3 as vulnerable

 

21:56 sunpoet 

Update OpenJPEG vulnerability

Only CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.

Notified by:	tijl

 

19:08 joneum 

Document vulnerability in www/mybb

Sponsored by:	Netzkommune GmbH

 

13:57 feld 

Document FreeBSD-SA-18:12.elf

 

20:36 yuri 

Add VuXML vulnerability CVE-2018-15598 for traefik.

Port update is already MFHed.

 

18:43 jkim 

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb18-31.html

 

16:13 feld 

Improve formatting
Also add plexmediaserver-plexpass package as vulnerable

 

16:10 feld 

Document Plex vulnerability

Security:	CVE-2018-13415

 

10:39 adridg 

The 0.18 release of x11/sddm contains a fix for a security error
that allows unlocking a session without a password, if the
ReuseSession configuration option is set to true. The default
configuration sets it to false.

I'm setting the version to < 0.17.0_1 here, because I'm going
to update 0.17 with backports rather than pull in 0.18 (there's
a lot more work in that update, because of reorganisation upstream
and none of our patches apply anymore).

PR:		230029
Reported by:	doctorwhoguy@gmail.com

 

09:53 joneum 

Document vulnerability in www/mybb

Sponsored by:	Netzkommune GmbH

 

17:46 flo 

Document gitea vulnerability.

PR:		231180
Submitted by:	stb@lassitu.de
Security:	7c750960-b129-11e8-9fcd-080027f43a02

 

03:49 cy 

Remove duplicate entry for WPA EAPOL vulnerability. Use r477829 instead
as its version range is more complete.

PR:		231054
Reported by:	000.fbsd@quip.cz

 

06:53 yuri 

Add VuXML entry for the fixed CVE-2017-11114 in www/links

PR:		230849
Submitted by:	Dmitri Goutnik <dg@syrec.org>

 

23:30 sunpoet 

Document curl vulnerability