non port: security/vuxml/vuln.xml |
Number of commits found: 6271 (showing only 100 on this page) |
Wednesday, 5 Apr 2017
|
14:34 brnrd
security/vuxml: Document curl vulnerability
|
Tuesday, 4 Apr 2017
|
18:10 miwi
- Document django -- multible vulnerabilities
|
16:39 madpilot
Document net/asterisk13 vulnerability.
|
02:27 danfe
- Document recent NVIDIA GPU display driver vulnerabilities
- Spell "NVIDIA UNIX driver" consistently throughout the file
PR: 217341
|
Thursday, 30 Mar 2017
|
21:43 cpm
Document new vulnerabilities in www/chromium < 57.0.2987.133
Obtained
from: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html
|
01:58 junovitch
Document Xen Security Advisory (XSA 206)
CVE lists none (yet) assigned
While here, fix a typo on my last Xen entry
Security: https://vuxml.FreeBSD.org/freebsd/47873d72-14eb-11e7-970f-002590263bf5.html
|
01:47 junovitch
Actually, let's refer to the original entries for these hostapd CVEs
Reflect CVE-2016-4476 / VID 967b852b-1e28-11e6-8dd3-002590263bf5 in cancelled
CVE-2015-5314 is in VID 976567f6-05c5-11e6-94fa-002590263bf5
PR: 217906
Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html
|
Wednesday, 29 Mar 2017
|
16:47 matthew
phpMyAdmin: document PMASA-2017-8 -- bypass restrictions on 'no
password' accounts.
|
Tuesday, 28 Mar 2017
|
23:19 feld
Document hostapd vulnerabilities
PR: 217906
|
Saturday, 25 Mar 2017
|
00:01 timur
Add entry about Samba vulnerability CVE-2017-2619
Security: CVE-2017-2619
|
Thursday, 23 Mar 2017
|
01:51 junovitch
Document Xen Security Advisory (XSA 211)
Security: CVE-2016-9603
Security: https://vuxml.FreeBSD.org/freebsd/af19ecd0-0f6a-11e7-970f-002590263bf5.html
|
Wednesday, 22 Mar 2017
|
19:14 riggs
Add CVE ID for recent irssi vulnerability
PR: 217878
Submitted by: dor.bsd@xm0.uk (irssi mainainer)
|
03:01 junovitch
Update hostapd on two older entries.
Fixes were not backported prior. Recent update is v2.6 as noted in advisory.
Security: CVE-2015-5310
Security: CVE-2015-5315
Security: CVE-2015-5316
Security: CVE-2016-4476
Security: CVE-2016-4477
Security: https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
|
Saturday, 18 Mar 2017
|
13:57 riggs
Document use-after-free vulnerability in irc/irssi
PR: 217878
|
11:00 brnrd
security/vuxml: Add DoS vuln for mysql-client
- Fix typo in 5f453b69-abab-4e76-b6e5-2ed0bafcaee3 while here
|
09:40 jbeich
security/vuxml: mark firefox < 52.0.1 as vulnerable
Note, sandboxing isn't implemented on FreeBSD.
|
02:15 junovitch
Document Moodle security advisories from January (MSA-17-0001 - MSF-17-0004)
and March releases (details not yet released).
Security: CVE-2017-2576
Security: CVE-2017-2578
Security: CVE-2016-10045
Security: https://vuxml.FreeBSD.org/freebsd/f72d98d1-0b7e-11e7-970f-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/df45b4bd-0b7f-11e7-970f-002590263bf5.html
|
01:47 junovitch
Fix incorrect PKGNAME in www/tomcat6 entries. It's been tomcat since r238618.
Pointy hat to: junovitch (for most of them)
|
Friday, 17 Mar 2017
|
15:34 acm
- Document multiple vulnerabilities in www/drupal8
Security: CVE-2017-6377
Security: CVE-2017-6379
Security: CVE-2017-6381
Security: 2730c668-0b1c-11e7-8d52-6cf0497db129
|
Thursday, 16 Mar 2017
|
23:00 mandree
Document PuTTY < 0.68 agent forwarding vuln.
Security: CVE-2017-6542
Security: 9b973e97-0a99-11e7-ace7-080027ef73ec
|
11:37 tijl
Document latest Flash Player vulnerabilities.
Security: https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
|
Tuesday, 14 Mar 2017
|
19:47 gjb
Attempt to fix vuxml build.
Sponsored by: The FreeBSD Foundation
|
19:43 brnrd
security/vuxml: modify most recent mariadb entries
- ChangeLog of 10.0.30 and 10.1.22 refer to CVE-2017-3313
Security: 4d2f9d09-ddb7-11e6-a9a5-b499baebfeaf
Security: CVE-2017-3313
|
Sunday, 12 Mar 2017
|
21:49 tijl
Document mbed TLS Security Advisory 2017-01
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
|
20:18 cpm
Document new vulnerabilities in www/chromium < 57.0.2987.98
Obtained
from: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
|
Saturday, 11 Mar 2017
|
23:24 eugen
Document several security defects in the Bouncy Castle Crypto APIs
PR: 215507
Approved by: vsevolod (mentor)
Obtained from: https://www.bouncycastle.org/releasenotes.html
Security:
https://vuxml.FreeBSD.org/freebsd/89cf8cd2-0698-11e7-aa3f-001b216d295b
|
21:42 rakuco
Add entry for CVE-2016-7787 in x11/kde4-runtime.
Security announcement:
https://www.kde.org/info/security/advisory-20160621-1.txt
|
21:09 rakuco
Add entry for KTNEF directory traversal issue in deskutils/kdepimlibs4.
There is no CVE assigned at the moment.
More information: https://www.kde.org/info/security/advisory-20170227-1.txt
|
10:28 tcberner
Adress CVE-2017-6410 in devel/kf5-kio and x11/kdelibs4
Using a malicious PAC file, and then using exfiltration methods in the PAC
function FindProxyForURL() enables the attacker to expose full https URLs.
This is a security issue since https URLs may contain sensitive
information in the URL authentication part (user:password@host), and in the
path and the query (e.g. access tokens).
This attack can be carried out remotely (over the LAN) since proxy settings
allow ``Detect Proxy Configuration Automatically''
This setting uses WPAD to retrieve the PAC file, and an attacker who has access
to the victim's LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP)
and inject his/her own malicious PAC instead of the legitimate one.
Reviewed by: mat, rakuco
Approved by: rakuco (mentor), mat (mentor)
Obtained from: https://marc.info/?l=kde-announce&m=148831226706885&w=2
MFH: 2017Q1
Security: CVE-2017-6410
Differential Revision: https://reviews.freebsd.org/D9908
|
Wednesday, 8 Mar 2017
|
13:19 tz
Document wordpress security issues
PR: 217608, 217598
Security:
https://vuxml.FreeBSD.org/freebsd/82752070-0349-11e7-b48d-00e04c1ea73d.html
|
Tuesday, 7 Mar 2017
|
18:13 jbeich
security/vuxml: mark firefox < 52 as vulnerable
|
Sunday, 5 Mar 2017
|
16:39 junovitch
Document security issues fixed in CodeIgniter 3.1.3
Security: https://vuxml.FreeBSD.org/freebsd/71ebbc50-01c1-11e7-ae1b-002590263bf5.html
|
16:15 junovitch
Fix PORTEPOCH on Chicken VuXML entry; also additional CVE affecting Chicken
PR: 216661
Reported by: sevan, Vitaly Magerya
Security: CVE-2016-9954
Security: https://vuxml.FreeBSD.org/freebsd/c6932dd4-eaff-11e6-9ac1-a4badb2f4699.html
|
03:25 junovitch
Add missing reference to last commit for ikiwiki vulnerabilities
PR: 216665
Reported by: sevan
Security: CVE-2016-9646
Security: https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html
|
03:18 junovitch
Document ikiwiki vulnerabilities
PR: 216665
Reported by: sevan
Security: CVE-2016-9645
Security: CVE-2016-10026
Security: CVE-2017-0356
Security: https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/7b35a77a-0151-11e7-ae1b-002590263bf5.html
|
Tuesday, 28 Feb 2017
|
18:35 olivierd
Document multiple memory failure in potrace
PR: 217347
Reported by: lightside
|
Sunday, 26 Feb 2017
|
08:41 riggs
Document buffer overflows in audio/musicpd http output module
|
Wednesday, 22 Feb 2017
|
16:34 tijl
Add linux-*-openssl to recent openssl vulnerabilities.
Security: https://rhn.redhat.com/errata/RHSA-2017-0286.html
|
11:21 brnrd
security/vuxml: curl only vulnerable >= 7.52.0
|
11:09 brnrd
security/vuxml: Document cURL vulnerability
|
04:48 junovitch
Document Xen Security Advisory (XSA 209)
Reported by: royger
Security: CVE-2017-2620
Security: https://vuxml.FreeBSD.org/freebsd/8cbd9c08-f8b9-11e6-ae1b-002590263bf5.html
|
Tuesday, 21 Feb 2017
|
11:18 amdmi3
Document information disclosure vulnerability on fbsdmon
PR: 217099
Submitted by: asomers
|
Monday, 20 Feb 2017
|
02:58 jbeich
security/vuxml: chase r434427
$ svn ci -F libevent-rename.msg
[...]
svn: E165001: Commit failed (details follow):
svn: E165001: Commit blocked by pre-commit hook (exit code 1) with output:
Commit to security/vuxml/vuln.xml first, and then other files
PR: 216777
|
Saturday, 18 Feb 2017
|
15:00 riggs
Document multiple vulnerabilities in audio/wavpack
PR: 216847
Submitted by: pkubaj@anongoth.pl
|
Thursday, 16 Feb 2017
|
21:40 madpilot
Document multiple vulnerabilities in optipng.
PR: 216955
Submitted by: Thomas Hurst <tom@hur.st> (affected port maintainer)
|
12:51 sunpoet
Complete PKGNAMEPREFIX of py-diffoscope
|
12:42 brnrd
security/vuxml: Document openssl-devel vulnerability
- While here fix whitespace on 077bbadf-f2f4-11e6-92a7-902b34361349
|
Wednesday, 15 Feb 2017
|
18:38 emaste
Document arbitrary file write in diffoscope < 76
Reported by: koobs (via Debian bug report)
Reviewed by: delphij
Approved by: delphij
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D9598
|
Sunday, 12 Feb 2017
|
12:19 riggs
Document heap overflow in multimedia/ffmpeg < 3.2.4
|
Saturday, 11 Feb 2017
|
11:09 kwm
Document gtk-vnc bounds checking vulnabilities
Security: CVE-2017-5884, CVE-2017-5885
|
02:10 junovitch
Document Xen Security Advisory (XSA 208)
Reported by: royger
Security: CVE-2017-2615
Security: https://vuxml.FreeBSD.org/freebsd/a73aba9a-effe-11e6-ae1b-002590263bf5.html
|
Tuesday, 7 Feb 2017
|
11:43 tijl
List all linux package names in latest libtiff vulnerability.
|
Monday, 6 Feb 2017
|
18:13 tijl
Undocument a linux-*-curl vulnerability that has low impact and Red Hat
"will not fix".
Security: https://access.redhat.com/security/cve/CVE-2016-0755
|
18:09 tijl
Document libtiff vulnerabilities.
Security: http://simplesystems.org/libtiff/v4.0.7.html
|
Saturday, 4 Feb 2017
|
18:08 feld
Document mantis vulnerability
PR: 216662
Security: CVE-2016-6837
|
17:53 feld
Document vulnerabilities in guile2
PR: 216663
Security: CVE-2016-8605 CVE-2016-8606
|
17:39 feld
Document vulnerabilities in chicken
PR: 216661
Security: CVE-2016-6830 CVE-2016-6831
|
17:31 feld
Document libebml vulnerabilities
PR: 216659
Security: CVE-2015-8789
Security: CVE-2015-8790
Security: CVE-2015-8791
|
17:21 feld
Document freeimage vulnerability
PR: 216657
Security: CVE-2016-5684
|
Thursday, 2 Feb 2017
|
22:48 woodsb02
Add additional vulnerability for wordpress 4.7.1 that was initially kept
quiet by the wordpress team [1].
[1]
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
Security: https://vuxml.FreeBSD.org/freebsd/54e50cd9-c1a8-11e6-ae1b-002590263bf5.html
|
Wednesday, 1 Feb 2017
|
17:05 cmt
document shotwell vulnerability
|
16:54 lwhsu
Document Jenkins Security Advisory 2017-02-01
|
Monday, 30 Jan 2017
|
14:27 feld
Fix openssl vuxml entry
PR: 216524
|
Sunday, 29 Jan 2017
|
03:13 woodsb02
Document Wordpress security issues in 4.7.1.
PR: 216540
PR: 216515
Reported by: Jochen Neumeister <joneum@bsdproject.de>
Reported by: Mikhail Timofeev <9267096@gmail.com>
Security: CVE-2017-5610
Security: CVE-2017-5611
Security: CVE-2017-5612
Security: https://vuxml.FreeBSD.org/freebsd/14ea4458-e5cd-11e6-b56d-38d547003487.html
|
Friday, 27 Jan 2017
|
22:58 feld
Document vulnerability in net-mgmt/nfsen
|
Thursday, 26 Jan 2017
|
17:44 cpm
Document new vulnerabilities in www/chromium < 56.0.2924.76
Obtained
from: https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
|
14:44 brnrd
security/vuxml: Document new OpenSSL vulnerabilities
|
Tuesday, 24 Jan 2017
|
22:50 jbeich
security/vuxml: mark Gecko < 51.0/45.7esr as vulnerable
|
08:28 matthew
Document security vulnerabilities fixed in phpMyAdmin 4.6.6
|
Monday, 23 Jan 2017
|
17:53 swills
Document nvmupdate security issue
Submitted by: kozlov.sergey.404@gmail.com (maintainer)
Reviewed by: sbruno
Sponsored by: Intel
Differential Revision: https://reviews.freebsd.org/D9121
|
02:36 junovitch
Update OpenSSL impacted version
The reference cites 1.0.1u and prior as impacted. security/openssl would
have resolved in r381789. security/openssl-devel would have not have been
impacted as that port had been the newer 1.1.x branch since inception.
Reported by: Thomas Schemme (via email)
Security: CVE-2016-7056
Security: https://vuxml.FreeBSD.org/freebsd/7caebe30-d7f1-11e6-a9a5-b499baebfeaf.html
|
Friday, 20 Jan 2017
|
02:41 junovitch
Include php56 in today's PHP vulnerability
Security: https://vuxml.FreeBSD.org/freebsd/709e025a-de8b-11e6-a9a5-b499baebfeaf.html
|
Thursday, 19 Jan 2017
|
21:14 brnrd
security/vuxml: Document PHP vulnerabilities
|
04:08 jhale
Document graphics/icoutils vulnerabilities
|
Wednesday, 18 Jan 2017
|
20:04 brnrd
security/vuxml: Document mysql vulnerabilities
- Documented in Oracle Critical Patch Update
- MariaDB ChangeLogs refer to the same CVE IDs
|
11:22 junovitch
Document mulitiple PowerDNS vulnerabilities
PR: 216135
PR: 216136
Reported by: Dani <i.dani@outlook.com>
Security: CVE-2016-2120
Security: CVE-2016-7068
Security: CVE-2016-7072
Security: CVE-2016-7073
Security: CVE-2016-7074
Security: https://vuxml.FreeBSD.org/freebsd/e3200958-dd6c-11e6-ae1b-002590263bf5.html
|
Monday, 16 Jan 2017
|
19:09 thierry
Adding www/tt-rss to the phpmailer 5.2.22 vulnerability.
|
Sunday, 15 Jan 2017
|
15:08 junovitch
Document groovy remote execution of untrusted code/DoS vulnerability
Security: CVE-2016-6814
Security: https://vuxml.FreeBSD.org/freebsd/4af92a40-db33-11e6-ae1b-002590263bf5.html
|
03:03 junovitch
Document RabbitMQ Authentication vulnerability
PR: 216026
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: CVE-2016-9877
Security: https://vuxml.FreeBSD.org/freebsd/6aa956fb-d97f-11e6-a071-001e67f15f5a.html
|
02:48 junovitch
Amend Irssi 0.8.21 entry. Another CVE was assigned.
PR: 216020
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: CVE-2017-5356
Security:
https://vuxml.FreeBSD.org/freebsd/3d6be69b-d365-11e6-a071-001e67f15f5a.html
|
02:39 junovitch
Follow up on r431476's MySQL documentation; cite a source
|
02:23 junovitch
Mention later OpenSSH VuXML entry supercedes the duplicate
|
02:16 junovitch
Document Wordpress security issues in 4.7.1.
Note per upstream PHPMailer was updated but "No specific issue appears
to affect WordPress or any of the major plugins we investigated". As such
leave the PHPMailer entry as is at this time.
PR: 216059
Reported by: Jochen Neumeister <joneum@bsdproject.de>
Security: CVE-2017-5487
Security: CVE-2017-5488
Security: CVE-2017-5489
Security: CVE-2017-5490
Security: CVE-2017-5491
Security: CVE-2017-5492
Security: CVE-2017-5493
Security: https://vuxml.FreeBSD.org/freebsd/b180d1fb-dac6-11e6-ae1b-002590263bf5.html
|
Saturday, 14 Jan 2017
|
17:10 brnrd
security/vuxml: Document multiple MySQL vulnerabilities
|
Friday, 13 Jan 2017
|
23:47 bdrewery
OpenSSH 7.3.p1_4,1 had SCTP on by default by accident. Suggest fixed rev 5.
|
23:40 bdrewery
Fix OpenSSH entry as a patch was missed.
|
23:25 bdrewery
OpenSSH 7.3_2 covers CVE-2016-10009 and CVE-2016-10010
|
16:49 feld
Consolidate duplicate openssh vuxml entries
|
15:02 lifanov
replace wildcard in range with a specific version
Reported by: matthew
Reviewed by: matthew
Approved by: matthew (mentor)
Differential Revision: https://reviews.freebsd.org/D9158
|
Thursday, 12 Jan 2017
|
23:09 lifanov
document ansible vulnerabilities
Reviewed by: matthew
Approved by: matthew (mentor)
Security: CVE-2016-9587
Security: https://vuxml.FreeBSD.org/freebsd/a93c3287-d8fd-11e6-be5c-001fbc0f280f.html
Differential Revision: https://reviews.freebsd.org/D9158
|
11:49 tz
Document phpmailer vulnerabilities.
Security: CVE-2017-5223
Security:
https://vuxml.FreeBSD.org/freebsd/7ae0be99-d8bb-11e6-9b7f-d43d7e971a1b.html
|
08:15 mat
Fixup bind9-devel's version for last vuln.
Sponsored by: Absolight
|
07:27 delphij
Document BIND multiple vulnerabilities.
|
Wednesday, 11 Jan 2017
|
17:28 feld
Document FreeBSD-SA-17:01.openssh
|
11:50 brnrd
security/vuxml: Fix version number of libressl-devel
|
11:41 brnrd
security/vuxml: Document OpenSSL ECDSA P-256 vulnerability
- Affects libressl as well
Security: CVE-2016-7056
|
02:21 junovitch
Document Flash vulnerabilities in Adobe Security Bulletin APSB17-02
Security: CVE-2017-2925
Security: CVE-2017-2926
Security: CVE-2017-2927
Security: CVE-2017-2928
Security: CVE-2017-2930
Security: CVE-2017-2931
Security: CVE-2017-2932
Security: CVE-2017-2933
Security: CVE-2017-2934
Security: CVE-2017-2935
Security: CVE-2017-2936
Security: CVE-2017-2937
Security: CVE-2017-2938
Security: https://vuxml.FreeBSD.org/freebsd/2a7bdc56-d7a3-11e6-ae1b-002590263bf5.html
|
Tuesday, 10 Jan 2017
|
03:13 junovitch
Mention pcsc-lite CVE (it was in next message in cited URL)
While here, fix spacing
PR: 215834
|
Monday, 9 Jan 2017
|
18:21 feld
Document moinmoin vulnerabilities
PR: 214937
Security: CVE-2016-7146 CVE-2016-7148 CVE-2016-9119
|
18:12 sunpoet
Fix openssh-portable version
|
Number of commits found: 6271 (showing only 100 on this page) |