notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

Finally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combination for a given watch list. This is what FreshPorts will look for.

non port: security/vuxml/vuln.xml

Number of commits found: 6271 (showing only 100 on this page)

[First Page]  «  1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11  »  [Last Page]

Wednesday, 7 Apr 2021
11:24 Philip Paeps (philip) search for other commits by this committer
security/vuxml: add FreeBSD SA-21:09.accept_filter
commit hash: ea0a0473cb840eba059195fb2b36d912f60ec060 commit hash: ea0a0473cb840eba059195fb2b36d912f60ec060 commit hash: ea0a0473cb840eba059195fb2b36d912f60ec060 commit hash: ea0a0473cb840eba059195fb2b36d912f60ec060 ea0a047
Tuesday, 6 Apr 2021
14:31 Mathieu Arnold (mat) search for other commits by this committer
all: Remove all other $FreeBSD keywords.
commit hash: 135fdeebb99c3569e42d8162b265e15d29bd937d commit hash: 135fdeebb99c3569e42d8162b265e15d29bd937d commit hash: 135fdeebb99c3569e42d8162b265e15d29bd937d commit hash: 135fdeebb99c3569e42d8162b265e15d29bd937d 135fdee
13:53 Koichiro Iwao (meta) search for other commits by this committer
security/vuxml: Document XML round-trip vulnerability of REXML in Ruby

Document XML round-trip vulnerability of REXML in Ruby.

PR:		254793
Reported by:	Yasuhiro Kimura <yasu@utahime.org>
Security:	CVE-2021-28965
commit hash: cbbdab46f9b73b3593fb453c4a2523936d569e15 commit hash: cbbdab46f9b73b3593fb453c4a2523936d569e15 commit hash: cbbdab46f9b73b3593fb453c4a2523936d569e15 commit hash: cbbdab46f9b73b3593fb453c4a2523936d569e15 cbbdab4
08:46 Rene Ladan (rene) search for other commits by this committer
Document new vulnerabilities in www/chromium < 89.0.4389.114

Obtained from: 
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
commit hash: a8416100c4e9b0dd5090c78d09ef6a94293b3c02 commit hash: a8416100c4e9b0dd5090c78d09ef6a94293b3c02 commit hash: a8416100c4e9b0dd5090c78d09ef6a94293b3c02 commit hash: a8416100c4e9b0dd5090c78d09ef6a94293b3c02 a841610
08:01 Matthias Fechner (mfechner) search for other commits by this committer
Document gitlab-ce vulnerabilities.
commit hash: b1a2d52166abffd763c903ff7a5bf5dfb84c13a2 commit hash: b1a2d52166abffd763c903ff7a5bf5dfb84c13a2 commit hash: b1a2d52166abffd763c903ff7a5bf5dfb84c13a2 commit hash: b1a2d52166abffd763c903ff7a5bf5dfb84c13a2 b1a2d52
Sunday, 28 Mar 2021
21:37 mandree search for other commits by this committer
security/linux-c7-nettle: mark vulnerable, too

See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254355#c14

PR:		254355
Reported by:	Graham Perrin <grahamperrin@gmail.com>
Original commitRevision:569416 
03:20 timur search for other commits by this committer
Add entry about recent Samba4* vulnerabilities:

CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by
sending easily crafted DNs as part of a bind request. More serious heap
corruption is likely also possible.
CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP
server may crash the LDAP server.

Security:	CVE-2020-27840
		CVE-2021-20277
Original commitRevision:569371 
Saturday, 27 Mar 2021
11:12 mandree search for other commits by this committer
vuln.xml: mention nettle < 3.7.2 ECDSA verify bugs

Security:	80f9dbd3-8eec-11eb-b9e8-3525f51429a0
Original commitRevision:569321 
Friday, 26 Mar 2021
08:09 brnrd search for other commits by this committer
security/vuxml: Document High OpenSSL vulnerabilities

 * While here, fix incorrect year in ec04f3d0-8cd9-11eb-bb9f-206a8a720317
Original commitRevision:569246 
Wednesday, 24 Mar 2021
20:02 cy search for other commits by this committer
security/vuxml: Document spamassassin CVE-2020-1946

PR:		254526
Security:	https://s.apache.org/ng9u9
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946
Original commitRevision:569157 
03:15 adamw search for other commits by this committer
security/vuxml: Add entry for gitea < 1.13.6

PR:		254515
Submitted by:	maintainer
Original commitRevision:569083 
Sunday, 21 Mar 2021
18:30 adamw search for other commits by this committer
security/vuxml: Add entry for gitea < 1.13.5

PR:		254468
Submitted by:	maintainer
Original commitRevision:568929 
Thursday, 18 Mar 2021
20:52 bdrewery search for other commits by this committer
OpenSSH CVE-2021-28041 fixed in 8.4.p1_4,1.

Also add flavored package names.
Original commitRevision:568762 
19:30 bdrewery search for other commits by this committer
Document OpenSSH CVE-2021-28041

PR:	254258
Submitted by:	Yasuhiro Kimura
Original commitRevision:568757 
14:05 mfechner search for other commits by this committer
Document gitlab vulnerability.
Original commitRevision:568741 
00:27 mandree search for other commits by this committer
fixup PORTEPOCH for dnsmasq-devel

which used to be at 3 already earlier. Adjust vuxml entry accordingly.

Security:	CVE-2021-3448
Security:	5b72b1ff-877c-11eb-bd4f-2f1d57dafe46
Original commitRevision:568705 
00:23 mandree search for other commits by this committer
fixup version range for dnsmasq[-devel] to 2.85.r1,1 not 2.85r1,1

Security:	5b72b1ff-877c-11eb-bd4f-2f1d57dafe46
Security:	CVE-2021-3448
Original commitRevision:568704 
00:09 mandree search for other commits by this committer
vuxml: Add dnsmasq < 2.85 cache poisoning vulnerability.

This affects only certain dnsmasq configurations,
and use of dnsmasq with NetworkManager.

Security:	CVE-2021-3448
Original commitRevision:568701 
Wednesday, 17 Mar 2021
13:04 swills search for other commits by this committer
Document minio issue
Original commitRevision:568653 
Tuesday, 16 Mar 2021
15:42 brnrd search for other commits by this committer
security/vuxml: Document LibreSSL potential use-after-free
Original commitRevision:568571 
08:50 rene search for other commits by this committer
Document new vulnerabilities in www/chromium < 89.0.4389.90

Obtained
from:	https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
Original commitRevision:568546 
Monday, 15 Mar 2021
20:16 crees search for other commits by this committer
Document CVE-2015-4645 in sysutils/squashfs-tools

Security:	CVE-2015-4645
Original commitRevision:568503 
Thursday, 11 Mar 2021
14:01 fernape search for other commits by this committer
security/vuxml: Fix www/gitea entry.

s/1.13.24/1.13.4

PR:	254130
Reported by:	clubok@gmx.net
Original commitRevision:568095 
Wednesday, 10 Mar 2021
23:37 dmgk search for other commits by this committer
security/vuxml: Document lang/go vulnerabilities
Original commitRevision:568051 
18:45 nc search for other commits by this committer
Document vulnerabilities in www/gitea < 1.13.4

PR:		254130
Submitted by:	stb AT lassitu DOT de (maintainer)
Original commitRevision:568030 
14:03 lwhsu search for other commits by this committer
Document vulnerabilities in databases/mantis <2.24.4

PR:		252612
Submitted by:	Zoltan ALEXANDERSON BESSE <zab@zltech.eu>
Original commitRevision:568002 
Tuesday, 9 Mar 2021
06:26 bhughes search for other commits by this committer
security/vuxml: document Node.js February 2021 Security Releases

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/

Sponsored by:	Miles AS
Original commitRevision:567892 
Friday, 5 Mar 2021
21:18 mfechner search for other commits by this committer
Document gitlab vulnerabilities.
Original commitRevision:567419 
Thursday, 4 Mar 2021
19:48 madpilot search for other commits by this committer
Report new asterisk vulnerability.
Original commitRevision:567337 
09:51 rene search for other commits by this committer
Document new vulnerabilities in www/chromium < 89.0.4389.72

Obtained
from:	https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
Original commitRevision:567296 
Wednesday, 3 Mar 2021
18:18 sunpoet search for other commits by this committer
Document jasper vulnerability
Original commitRevision:567244 
06:41 ohauer search for other commits by this committer
- add CVE entries for saltstack
Original commitRevision:567027 
Tuesday, 2 Mar 2021
15:17 osa search for other commits by this committer
Fix the redis5 affected versions.
Original commitRevision:566966 
Saturday, 27 Feb 2021
01:49 swills search for other commits by this committer
Document vault issue
Original commitRevision:566651 
Thursday, 25 Feb 2021
02:33 philip search for other commits by this committer
security/vuxml: add FreeBSD SA-21:04.jail_remove
Original commitRevision:566520 
02:33 philip search for other commits by this committer
security/vuxml: add FreeBSD SA-21:06.xen
Original commitRevision:566519 
02:33 philip search for other commits by this committer
security/vuxml: add FreeBSD SA-21:05.jail_chdir
Original commitRevision:566518 
02:33 philip search for other commits by this committer
security/vuxml: add FreeBSD SA-21:03.pam_login_access
Original commitRevision:566517 
Tuesday, 23 Feb 2021
13:57 osa search for other commits by this committer
Document integer overflow on 32-bit systems (CVE-2021-21309):
o) databases/redis5
o) databases/redis
o) databases/redis-devel
Original commitRevision:566398 
01:04 leres search for other commits by this committer
security/vuxml: Mark zeek < 3.0.13 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v3.0.13

Fix ASCII Input reader's treatment of input files containing
null-bytes. An input file containing null-bytes could lead to a
buffer-over-read, crash Zeek, and be exploited to cause Denial of
Service.
Original commitRevision:566361 
Saturday, 20 Feb 2021
16:38 adridg search for other commits by this committer
Add vuxml entry for textproc/raptor2 CVE

PR:		251102
Original commitRevision:566165 
02:36 lwhsu search for other commits by this committer
Connect vuln-2020.xml (2/2)
Original commitRevision:566136 
02:20 lwhsu search for other commits by this committer
Document  Jenkins Security Advisory 2021-02-19

Sponsored by:	The FreeBSD Foundation
Original commitRevision:566132 
Thursday, 18 Feb 2021
20:41 madpilot search for other commits by this committer
Report new asterisk vulnerabilities.
Original commitRevision:565978 
18:18 brnrd search for other commits by this committer
security/openssl-devel: Mark vulnerable CVE-2021-23841

MFH:		2021Q1
Security:	96a21236-707b-11eb-96d8-d4c9ef517024
Original commitRevision:565962 
Wednesday, 17 Feb 2021
18:30 sunpoet search for other commits by this committer
Document rails vulnerability
Original commitRevision:565782 
12:47 rene search for other commits by this committer
Document new vulnerabilities in www/chromium < 88.0.4324.182

Obtained
from:	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html
Original commitRevision:565499 
Tuesday, 16 Feb 2021
17:35 brnrd search for other commits by this committer
security/vuxml: Document OpenSSL 1.1.1i vulnerabilities
Original commitRevision:565421 
Friday, 12 Feb 2021
20:44 mandree search for other commits by this committer
openexr/ilmbase < v2.5.5 security vulnerabilities

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5

Security:	98044aba-6d72-11eb-aed7-1b1b8a70cc8b
Original commitRevision:565063 
13:28 mfechner search for other commits by this committer
Document gitlab vulnerabilities.
Original commitRevision:565016 
04:47 nc search for other commits by this committer
Add security/vuxml entry for CVE-2021-21291 affecting www/oauth2-proxy < 7.0.0.

While I'm here, fix formatting for mod_dav_svn CVE-2020-17525 vuxml entry,

MFH:		2021Q1
Original commitRevision:564994 
Wednesday, 10 Feb 2021
17:45 gjb search for other commits by this committer
Fix build.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Original commitRevision:564888 
17:09 lev search for other commits by this committer
 Document https://subversion.apache.org/security/CVE-2020-17525-advisory.txt.
Original commitRevision:564881 
Sunday, 7 Feb 2021
02:54 adamw search for other commits by this committer
security/vuxml: Add entry for gitea < 1.13.2

PR:		253295
Submitted by:	maintainer
Original commitRevision:564589 
Saturday, 6 Feb 2021
00:05 rene search for other commits by this committer
Document new vulnerability in www/chromium < 88.0.4324.150

Obtained
from:	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
Original commitRevision:564167 
Wednesday, 3 Feb 2021
20:06 rene search for other commits by this committer
Document new vulnerabilities in www/chromium < 88.0.4324.146

Obtained
from:	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html
Original commitRevision:563959 
Tuesday, 2 Feb 2021
07:50 mfechner search for other commits by this committer
Document gitlab-ce vulnerabilities.
Original commitRevision:563788 
Sunday, 31 Jan 2021
21:55 swills search for other commits by this committer
Document minio issue
Original commitRevision:563534 
Friday, 29 Jan 2021
06:47 philip search for other commits by this committer
security/vuxml: add FreeBSD SA-21:02.xenoom
Original commitRevision:563173 
06:47 philip search for other commits by this committer
security/vuxml: add FreeBSD SA-21:01.fsdisclosure
Original commitRevision:563172 
Thursday, 28 Jan 2021
12:51 lcook search for other commits by this committer
security/vuxml: Document graphics/pngcheck vulnerability

PR:			253019
Approved by:		fernape (mentor)
Differential Revision:	https://reviews.freebsd.org/D28308
Original commitRevision:563133 
Tuesday, 26 Jan 2021
20:28 cy search for other commits by this committer
Document sudo CVE-2021-3156.

 * When invoked as sudoedit, the same set of command line options
   are now accepted as for "sudo -e".  The -H and -P options are
   now rejected for sudoedit and "sudo -e" which matches the sudo
   1.7 behavior.  This is part of the fix for CVE-2021-3156.

 * Fixed a potential buffer overflow when unescaping backslashes
   in the command's arguments.  Normally, sudo escapes special
   characters when running a command via a shell (sudo -s or sudo
   -i).  However, it was also possible to run sudoedit with the -s
   or -i flags in which case no escaping had actually been done,
   making a buffer overflow possible.  This fixes CVE-2021-3156.

PR:		253034
Reported by:	"Todd C. Miller" <Todd.Miller@sudo.ws> via mailing list
		emaste
Obtained from:	sudo
Original commitRevision:562998 
17:56 sunpoet search for other commits by this committer
Document py-pysaml2 vulnerability
Original commitRevision:562967 
13:21 lwhsu search for other commits by this committer
Document Jenkins Security Advisory 2021-01-26

Sponsored by:	The FreeBSD Foundation
Original commitRevision:562658 
Monday, 25 Jan 2021
17:16 bapt search for other commits by this committer
Rework the entity declaration

when expanded they will look better (as when the file was not split)

While here cleanup some indentation
Original commitRevision:562586 
Saturday, 23 Jan 2021
18:19 otis search for other commits by this committer
security/vuxml: Document mail/mutt vulnerability

Document mail/mutt vulnerability CVE-2021-3181

PR:		252931
Submitted by:	Derek Schrock <dereks@lifeofadishwasher.com>
Reported by:	Derek Schrock <dereks@lifeofadishwasher.com>
Reviewed by:	osa (mentor)
Approved by:	osa (mentor)
Differential Revision:	https://reviews.freebsd.org/D28308
Original commitRevision:562408 
17:46 gjb search for other commits by this committer
Fix build.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Original commitRevision:562406 
14:46 brnrd search for other commits by this committer
security/vuxml: Add new MySQL vulnerabilities
Original commitRevision:562396 
Friday, 22 Jan 2021
20:37 rene search for other commits by this committer
Document new vulnerabilities in www/chromium < 88.0.4324.96

Obtained
from:	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
Original commitRevision:562336 
09:33 jhale search for other commits by this committer
Document CVE-2020-15983 for games/chocolate-doom and games/crispy-doom
Original commitRevision:562282 
00:22 mfechner search for other commits by this committer
Made clear how to test now entries against the newly formatted file.
Original commitRevision:562266 
00:13 gjb search for other commits by this committer
Fix build.

Yes, please do FIXME.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Original commitRevision:562265 
00:09 mfechner search for other commits by this committer
Added security vulnerability for rubygem-nokogiri.
Original commitRevision:562264 
Thursday, 21 Jan 2021
13:19 bapt search for other commits by this committer
Split vuln.xml file [2/2]

The vuln.xml file has grown a lot since 2003. To avoid having to unlock
the svn size limitation, the file is now split into 1 file per year up
to the current year + previous one. The split is made based on the date
when the entry has been added.

In order to achieve the split without breaking any consumer we use a standard
XML mechanism via the definition of entities.

While here add a new target make vuln-flat.xml which will expand the entities
in order to be able to regenerate a one uniq file if needed. This useful to for
example allow to test with pkg audit directly given the XML parser used in pkg
does not support custom entities.

The vuxml web site generator has been modified to ensure the vuln.xml file it
provides is the expanded version, so for consumers it is still only one single
file to download.
Original commitRevision:562204 
Wednesday, 20 Jan 2021
19:25 mandree search for other commits by this committer
dns/dnsmasq-devel: mark stale name vulnerable, too

dnsmasq-devel isn't currently in ports, but if someone never
switched to dnsmasq, we should also flag the older dnsmasq-devel
vulnerable.

Security:	5b5cf6e5-5b51-11eb-95ac-7f9491278677
Original commitRevision:562156 
19:11 mandree search for other commits by this committer
dns/dnsmasq < 2.83 vulnerabilities (buffer overflow, DNS cache poisoning)

Security:	5b5cf6e5-5b51-11eb-95ac-7f9491278677
Security:	CVE-2020-25684
Security:	CVE-2020-25685
Security:	CVE-2020-25686
Security:	CVE-2020-25681
Security:	CVE-2020-25682
Security:	CVE-2020-25683
Security:	CVE-2020-25687
Original commitRevision:562153 
00:25 dmgk search for other commits by this committer
security/vuxml: Document lang/go vulnerabilities
Original commitRevision:562103 
Tuesday, 19 Jan 2021
21:12 jrm search for other commits by this committer
security/vuxml: Fix range of affected cloud-init versions
Original commitRevision:562089 
20:47 jrm search for other commits by this committer
security/vuxml: Document vulnerability in cloud-init version 20.4

https://bugs.launchpad.net/cloud-init/+bug/1911680

Reported by:	Mina Galic <me@igalic.co>
Original commitRevision:562084 
Monday, 18 Jan 2021
08:21 lwhsu search for other commits by this committer
Document CVE-2020-25074 and CVE-2020-15275 for www/moinmoin
Original commitRevision:561901 
Sunday, 17 Jan 2021
22:23 0mp search for other commits by this committer
Document ghostscript9-agpl-base vulnerability committed in r544907

PR:		248580
Requested by:	joneum (ports-secteam)
Reported by:	VVD <vvd@unislabs.com>
MFH:		2021Q1
Security:	CVE-2020-15900
Original commitRevision:561880 
Thursday, 14 Jan 2021
20:37 bhughes search for other commits by this committer
security/vuxml: document Node.js January 2021 Security Releases

https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/

Sponsored by:	Miles AS
Original commitRevision:561590 
12:03 mfechner search for other commits by this committer
Document gitlab vulnerability.
Original commitRevision:561551 
07:30 riggs search for other commits by this committer
Document integer overflow in wavpack (CVE-2020-35738).
Original commitRevision:561541 
Wednesday, 13 Jan 2021
17:32 lwhsu search for other commits by this committer
Document Jenkins Security Advisory 2021-01-13

Sponsored by:	The FreeBSD Foundation
Original commitRevision:561491 
Tuesday, 12 Jan 2021
21:20 flo search for other commits by this committer
Document phpmyfaq vulnerability
Original commitRevision:561382 
04:27 cy search for other commits by this committer
Document sudo CVE-2021-23239.
Original commitRevision:561298 
Sunday, 10 Jan 2021
08:26 sunpoet search for other commits by this committer
Document cairosvg vulnerability
Original commitRevision:561020 
Saturday, 9 Jan 2021
20:06 mfechner search for other commits by this committer
Document gitlab vulnerabilities.
Original commitRevision:560889 
Thursday, 7 Jan 2021
15:09 rene search for other commits by this committer
Document new vulnerabilities in www/chromium < 87.0.4280.141

Obtained
from:	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
Original commitRevision:560715 
Wednesday, 6 Jan 2021
14:11 pi search for other commits by this committer
security/vuxml: add dovecot CVE-2020-24386

PR:		252415
Submitted by:	Evilham <contact@evilham.com>
Relnotes:	https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
Original commitRevision:560521 
Friday, 1 Jan 2021
16:05 adamw search for other commits by this committer
security/vuxml: Add entry for gitea < 1.13.1

PR:		252310
Submitted by:	maintainer
Original commitRevision:559841 
04:31 jrm search for other commits by this committer
Document inspircd vulnerabilitiy

PR:		252291
Reported by:	Sadie Powell <sadie@witchery.services>
Original commitRevision:559800 
Monday, 28 Dec 2020
13:15 riggs search for other commits by this committer
Document CVE-2020-0543 for Intel CPUs.

PR:		247197
Submitted by:	spam123@bitbert.com
Original commitRevision:559468 
Tuesday, 22 Dec 2020
22:44 madpilot search for other commits by this committer
Document new asterisk vulnerabilities.
Original commitRevision:558949 
14:16 otis search for other commits by this committer
Document vulns for powerdns and postsrsd

Reviewed by:	osa (mentor)
Approved by:	osa (mentor)
Differential Revision:	https://reviews.freebsd.org/D27706
Original commitRevision:558911 
Saturday, 19 Dec 2020
13:16 riggs search for other commits by this committer
Correct entries for mantis and libX11 (missing PORTEPOCH in package string).

PR:		251168
Submitted by:	zab@zltech.eu
Original commitRevision:558451 
Thursday, 17 Dec 2020
21:09 swills search for other commits by this committer
Document vault issue
Original commitRevision:558329 
Tuesday, 15 Dec 2020
01:32 philip search for other commits by this committer
security/vuxml: Note FreeBSD 11.4 fix for CVE-2020-1971
Original commitRevision:558123 
Sunday, 13 Dec 2020
14:49 sunpoet search for other commits by this committer
Document jasper vulnerability
Original commitRevision:557986 

Number of commits found: 6271 (showing only 100 on this page)

[First Page]  «  1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11  »  [Last Page]