non port: security/vuxml/vuln.xml |
Number of commits found: 6271 (showing only 100 on this page) |
Sunday, 14 Aug 2016
|
17:12 junovitch
Fix PKGNAME for collectd5
PR: 211613
|
08:33 romain
Add entry for CVE-2015-7331
mcollective-puppet-agent -- Remote Code Execution in mcollective-puppet-agent
plugin
|
Saturday, 13 Aug 2016
|
21:44 mat
Fix the perl5* section for the two recent vuln.
For some reason, perl5-devel was having a wrongly special treatment, and
it was failing to take into account the fact that we've had 5.21 and
5.23 in the tree.
Also, correct the version at which the XSLoader thing was solved in 5.25.
Sponsored by: Absolight
|
Friday, 12 Aug 2016
|
10:56 matthew
The perl5 release candidate versions also address the XSLoader local
arbitrary code execution vulnerability (CVE-2016-6185), as documented
in perldelta(1)
So perl5.22-5.22.3.r2 and perl5.24-5.24.1.r2 are not vulnerable.
I can't confirm if the updates to perl5.18 and perl5.20 also solve the
XSLoader bug or not but by inspection of the source code, I don't
believe that to be the case.
|
Thursday, 11 Aug 2016
|
22:54 feld
Correct the syntax for the <freebsdsa> entries.
They should not be prefixed with FreeBSD-
|
21:50 feld
Correct old vuxml entries for FreeBSD that use <ge>0</ge> or a <ge> without an
<le>
One entry has been cancelled in preference of a much newer entry referring to
the same CVE as it has more detail.
|
21:34 feld
Add missing FreeBSD SA entries from 2016 to vuxml
|
21:27 feld
Add missing FreeBSD SA entries from 2015 to vuxml
|
21:19 feld
Add missing FreeBSD SA entries from 2014 to vuxml
|
18:53 gjb
Fix vuxml build.
Approved by: ports-secteam (implicit)
Sponsored by: The FreeBSD Foundation
|
16:40 koobs
security/vuxml: Make PostgreSQL entry more explicit
Be more explicit in the title of the PostgreSQL entry as to the nature
of the vulnerabilities. Remove possibly subjective description of the
severity (minor) from the title, err on the side of allow users to make
the assessment based on their environments instead.
Approved by: feld (ports-secteam)
|
15:49 feld
Add missing FreeBSD SA to vuxml
Security: SA-14:01.bsnmpd
|
14:51 girgen
Add security info for upcoming PostgreSQL updates.
Security: CVE-2016-5424, CVE-2016-5423
|
13:33 mat
Fixup Perl versions for CVE-2016-1238.
Sponsored by: Absolight
|
Wednesday, 10 Aug 2016
|
09:21 tz
www/piwik: Document XSS issues
PR: 211590
Security:
https://vuxml.freebsd.org/freebsd/28bf62ef-5e2c-11e6-a15f-00248c0c745d.html
Approved by: pi (mentor)
|
01:27 junovitch
Document denial of service vector via oversized AXFR, IXFR, or Dynamic DNS
updates in BIND, Knot, NSD, and PowerDNS
Security: CVE-2016-6170
Security: CVE-2016-6171
Security: CVE-2016-6172
Security: CVE-2016-6173
Security: https://vuxml.FreeBSD.org/freebsd/7d08e608-5e95-11e6-b334-002590263bf5.html
|
Tuesday, 9 Aug 2016
|
22:25 feld
Add missing FreeBSD SA vuxml entries for 2013
Entries that only affected BETA/RC releases were ignored
Security: SA-13:10.sctp
Security: SA-13:09.ip_multicast
Security: SA-13:08.nfsserver
|
21:18 feld
Change all FreeBSD SA entries in vuxml from <system> to <package>
|
21:04 feld
Add FreeBSD SA information to recent libarchive vuxml entry
Security: SA-16:22.libarchive
Security: SA-16:23.libarchive
|
21:00 feld
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-16:17.openssl
|
20:57 feld
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:16.ntp
|
20:53 feld
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-16:14.openssh
|
20:36 feld
Update many historical vuxml entries for FreeBSD with incorrect ranges
PR: 208522
|
19:43 feld
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-16:11.openssl
|
19:39 feld
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:09.ntp
|
18:21 feld
Add FreeBSD SA information to old bind vuxml entry
Security: SA-16:08.bind
|
18:18 feld
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-16:07.openssh
|
18:14 feld
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-16:02.ntp
|
18:12 feld
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:27.bind
|
18:10 feld
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:26.openssl
|
18:07 feld
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-15:25.ntp
|
18:03 feld
Add FreeBSD SA information to old bind vuxml entry
Also correct range of affected FreeBSD versions
Security: SA-15:23.bind
|
18:01 feld
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-15:22.openssh
|
17:53 feld
Add FreeBSD SA information to old bind vuxml entry
Also correct range of affected FreeBSD versions
Security: SA-15:17.bind
|
17:50 feld
Add FreeBSD SA information to old openssh vuxml entry
Security: SA-15:16.openssh
|
17:35 feld
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:11.bind
|
17:32 feld
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:10.openssl
|
17:24 feld
Add FreeBSD SA information to old ntp vuxml entry
Security: SA-15:07.ntp
|
17:21 feld
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:06.openssl
|
17:11 feld
Add FreeBSD SA information to old bind vuxml entry
Security: SA-15:05.bind
|
17:08 feld
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-15:01.openssl
|
17:04 feld
Add FreeBSD SA info to old unbound vuxml entry
Security: SA-14:30.unbound
|
17:00 feld
Add FreeBSD SA reference to old bind vuxml entry
Security: SA-14:29.bind
|
16:53 feld
Update another openssl vuxml entry to add FreeBSD SA information
Security: SA-14:23.openssl
|
16:48 feld
Add FreeBSD SA information to old openssl vuxml entry
Security: SA-14:18.openssl
|
16:39 feld
Update another old openssl vuxml entry to add FreeBSD SA information
Security: SA-14:10.openssl
|
16:36 feld
Update old openssl vuxml entry to include <freebsdsa> information and affected
FreeBSD versions
|
16:30 feld
Add <freebsdsa> to old vuxml entry for openssl
Affected FreeBSD versions were not added as they were all 10.0-RC.
|
16:25 feld
Correct <date> fields for last commit regarding SA 14:02
|
16:23 feld
Add affected FreeBSD versions to vuxml entry for SA-14:02
|
16:13 feld
Correct another FreeBSD SA in an old vuxml entry
|
16:11 feld
Correct FreeBSD SA in old vuxml entry
|
Monday, 8 Aug 2016
|
15:47 brd
Document collectd security advisory.
PR: 211613
Security: CVE-2016-6254
|
09:58 brnrd
security/vuxml: Add versions for lates MariaDB vulns
PR: 211274
|
Saturday, 6 Aug 2016
|
01:57 junovitch
Document multiple security advisories for Moodle (MSA-16-0019 - MSA-16-0021)
Security: CVE-2016-5012
Security: CVE-2016-5013
Security: CVE-2016-5014
Security: https://vuxml.FreeBSD.org/freebsd/3ddcb42b-5b78-11e6-b334-002590263bf5.html
|
00:45 junovitch
Document BIND security advisory
Security: CVE-2016-2775
Security: https://vuxml.FreeBSD.org/freebsd/7a31e0de-5b6d-11e6-b334-002590263bf5.html
|
00:24 junovitch
Document wnpa-sec-2016-41 through wnpa-sec-2016-49 for issues fixed in
Wireshark 2.0.5
Security: CVE-2016-6505
Security: CVE-2016-6506
Security: CVE-2016-6508
Security: CVE-2016-6509
Security: CVE-2016-6510
Security: CVE-2016-6511
Security: CVE-2016-6512
Security: CVE-2016-6513
Security: https://vuxml.FreeBSD.org/freebsd/610101ea-5b6a-11e6-b334-002590263bf5.html
|
Friday, 5 Aug 2016
|
17:15 feld
Update perl vuxml entries
Perl package names changed somewhat recently, so add more <name> entries
to improve coverage for users on systems with outdated ports/packages
PR: 211561
|
16:08 feld
Cancel tiff vuxml entry for CVE-2016-5102
Upstream has marked it WONTFIX and is removing the utility in 4.0.7.
There is no indication that this bug does anything other than crash the
utility.
|
13:54 feld
Update vuxml entry for perl to correct range for perl5-devel
|
Thursday, 4 Aug 2016
|
18:19 feld
Fix vuxml entry for recent perl vulnerabilities to correctly match package names
PR: 211561
|
18:12 feld
Document p5-XSLoader vulnerability
PR: 211561
Security: CVE-2016-6185
|
17:52 feld
Document perl vulnerability
PR: 211561
Security: CVE-2016-1238
|
14:49 feld
Document gd vulnerabilities
PR: 211562
|
14:33 feld
Document curl vulnerabilities
PR: 211575
|
Wednesday, 3 Aug 2016
|
14:54 feld
Document lighttpd vulnerabilities
PR: 211495
|
Tuesday, 2 Aug 2016
|
02:07 junovitch
Document Xen Security Advisories (XSAs 182, 183, and 184)
PR: 211482
Security: CVE-2016-5403
Security: CVE-2016-6259
Security: CVE-2016-6258
Security: https://vuxml.FreeBSD.org/freebsd/06574c62-5854-11e6-b334-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/04cf89e3-5854-11e6-b334-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/032aa524-5854-11e6-b334-002590263bf5.html
|
Sunday, 31 Jul 2016
|
15:14 junovitch
Document security issues fixed Libidn 1.33
PR: 211407
Reported by: Piotr Kubaj <pkubaj@anongoth.pl>
Security: CVE-2015-8948
Security: CVE-2016-6261
Security: CVE-2016-6262
Security: CVE-2016-6263
Security: https://vuxml.FreeBSD.org/freebsd/cb5189eb-572f-11e6-b334-002590263bf5.html
|
Friday, 29 Jul 2016
|
07:30 cmt
document Gimp XCF loader vulnerability
Approved by: rene (mentor)
|
Wednesday, 27 Jul 2016
|
01:54 cy
With the release of krb5 1.13.6, which also fixes the KDC denial of
service vulnerability (CVE-2016-3120 -- same vulnerability fixed in
krb5 1.14.3), update entry 62d45229-4fa0-11e6-9d13-206a8a720317 to
also document the same in krb5 1.13.6.
Security: 62d45229-4fa0-11e6-9d13-206a8a720317
Security: CVE-2016-3120
|
Tuesday, 26 Jul 2016
|
16:03 feld
Document xerces-c3 vulnerabilities
PR: 211023
Security: CVE-2016-2099
Security: CVE-2016-4463
|
14:58 feld
Document php vulnerabilities
Security: CVE-2015-8879
Security: CVE-2016-5385
Security: CVE-2016-5399
Security: CVE-2016-6288
Security: CVE-2016-6289
Security: CVE-2016-6290
Security: CVE-2016-6291
Security: CVE-2016-6292
Security: CVE-2016-6294
Security: CVE-2016-6295
Security: CVE-2016-6296
Security: CVE-2016-6297
|
Friday, 22 Jul 2016
|
20:30 rene
Document new vulnerabilities in www/chromium < 52.0.2743.82
Obtained
from: https://googlechromereleases.blogspot.nl/2016/07/stable-channel-update.html
|
00:22 cy
Document a rare KDC denial of service vulnerability when anonymous
client principals are restricted to obtaining TGTs only [CVE-2016-3120]
URL: http://web.mit.edu/kerberos/krb5-1.14/
Security: CVE-2016-3120
|
Thursday, 21 Jul 2016
|
18:25 brnrd
security/vuxml: Current mysql57 is NOT vulnerable
PR: 211248
|
18:04 truckman
Apache OpenOffice CVE-2016-1513 Memory Corruption Vulnerability
(Impress Presentations)
|
14:58 brnrd
security/vuxml: Add MySQL vulnerabilities from quarterly update
- Add MariaDB ports
- Add Percona ports
PR: 211248
|
14:23 feld
Properly cancel the httpoxy vuxml entry
|
Wednesday, 20 Jul 2016
|
12:25 feld
Remove HTTPoxy entry in vuxml until a we know if upstream vendors will
patch this so things aren't marked vulnerable forever.
|
Tuesday, 19 Jul 2016
|
12:55 tz
www/typo3 and www/typo3-lts: Document missing access check in Extbase
PR: 210870, 210871
Security: CVE-2016-5091
Security:
https://vuxml.freebsd.org/freebsd/3caf4e6c-4cef-11e6-a15f-00248c0c745d.html
Approved by: junovitch (mentor)
|
06:43 brnrd
net/haproxy: Mark vulnerable to httpoxy in vuxml
Security: cf0b5668-4d1b-11e6-b2ec-b499baebfeaf
|
Monday, 18 Jul 2016
|
20:38 brnrd
lang/go: Mark 1.6.3 as NOT vulnerable to httpoxy
- Version 1.6.3 includes fix for "httpoxy" [1]
1: https://groups.google.com/forum/#!topic/golang-announce/7jZDOQ8f8tM
Security: cf0b5668-4d1b-11e6-b2ec-b499baebfeaf
Security: CVE-2016-5386
|
20:15 brnrd
www/apache24: Fix httpoxy vulnerability (+2.2)
- Mark new Apache revisions not vulnerable
- Add apache22-mpm-* ports
- Add Apache CVE-number
Security: cf0b5668-4d1b-11e6-b2ec-b499baebfeaf
Security: CVE-2016-5387
|
19:47 brnrd
httpoxy: Mark ports as vulnerable
- apache22, apache24, go, go14, php55, php56, php70, python27, python33,
python34, python35, nginx are all vulnerable.
- No new versions fixing the HTTP Proxy header vulnerability
|
17:36 bdrewery
Fix CVE-2016-0772 entry to not blame only Python 2.7
|
Saturday, 16 Jul 2016
|
02:26 junovitch
Document security issues from ATutor 2.2.1 and 2.2.2 changelog
Security: https://vuxml.FreeBSD.org/freebsd/00cb1469-4afc-11e6-97ea-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/ffa8ca79-4afb-11e6-97ea-002590263bf5.html
|
01:08 junovitch
Update Drupal SA-CORE-2016-002 with the assigned CVEs
PR: 210317
Security: CVE-2016-6211
Security: CVE-2016-6212
Security: https://vuxml.FreeBSD.org/freebsd/7932548e-3427-11e6-8e82-002590263bf5.html
|
00:59 junovitch
Document Flash vulnerabilities in Adobe Security Bulletins APSB16-25
Security: CVE-2016-4172
Security: CVE-2016-4173
Security: CVE-2016-4174
Security: CVE-2016-4175
Security: CVE-2016-4176
Security: CVE-2016-4177
Security: CVE-2016-4178
Security: CVE-2016-4179
Security: CVE-2016-4180
Security: CVE-2016-4181
Security: CVE-2016-4182
Security: CVE-2016-4183
Security: CVE-2016-4184
Security: CVE-2016-4185
Security: CVE-2016-4186
Security: CVE-2016-4187
Security: CVE-2016-4188
Security: CVE-2016-4189
Security: CVE-2016-4190
Security: CVE-2016-4217
Security: CVE-2016-4218
Security: CVE-2016-4219
Security: CVE-2016-4220
Security: CVE-2016-4221
Security: CVE-2016-4222
Security: CVE-2016-4223
Security: CVE-2016-4224
Security: CVE-2016-4225
Security: CVE-2016-4226
Security: CVE-2016-4227
Security: CVE-2016-4228
Security: CVE-2016-4229
Security: CVE-2016-4230
Security: CVE-2016-4231
Security: CVE-2016-4232
Security: CVE-2016-4233
Security: CVE-2016-4234
Security: CVE-2016-4235
Security: CVE-2016-4236
Security: CVE-2016-4237
Security: CVE-2016-4238
Security: CVE-2016-4239
Security: CVE-2016-4240
Security: CVE-2016-4241
Security: CVE-2016-4242
Security: CVE-2016-4243
Security: CVE-2016-4244
Security: CVE-2016-4245
Security: CVE-2016-4246
Security: CVE-2016-4247
Security: CVE-2016-4248
Security: CVE-2016-4249
Security: https://vuxml.FreeBSD.org/freebsd/a522d6ac-4aed-11e6-97ea-002590263bf5.html
|
Friday, 15 Jul 2016
|
17:13 feld
Rename vuxml entry, add new detailed reference as primary.
This new reference has much more detailed information. It appears even
the latest version of struts is affected and this may affect many
products using the Apache Commons FileUpload Utility such as Jenkins,
Lucene-Solr, etc. Unfortunately it's difficult to identify which version
of the Apache Commons FileUpload Utility products may have, so this vuxml
may be expanded as more products are successfully identified.
PR: 211105
Security: CVE-2016-3092
|
16:56 feld
Package name for jakarta-struts is actually apache-struts
Pointyhat: me
PR: 211105
|
16:54 feld
Also add jakara-struts to the vuxml entry for CVE-2016-3092
PR: 211105
|
16:48 feld
Document tomcat vulnerability
PR: 211105
Security: CVE-2016-3092
|
16:41 feld
Document libreoffice vulnerability
PR: 211111
Security: CVE-2016-4324
|
16:34 feld
Update name in vuxml of person who reported CVE-2016-5102
|
16:19 feld
Document tiff vulnerabilities
Security: CVE-2016-5102
Security: CVE-2016-5875
Security: CVE-2016-3186
PR: 211113
|
11:23 rakuco
Document CVE-2016-2334 and CVE-2016-2335 in archivers/p7zip.
PR: 211114
|
Wednesday, 13 Jul 2016
|
01:26 timur
Add information about CVE-2016-2119 vulnerability in Samba suits.
Security: CVE-2016-2119
|
Monday, 11 Jul 2016
|
15:31 tz
rubygem-ruby-saml: Document XML signature wrapping attack
Security: CVE-2016-5697
Security:
https://vuxml.freebsd.org/freebsd/3fcd52b2-4510-11e6-a15f-00248c0c745d.html
Approved by: junovitch (mentor)
|
Thursday, 7 Jul 2016
|
03:36 lwhsu
- Fix affected versions of qemu and qemu-devel
Reviewed by: junovitch
|
01:44 junovitch
Document remote denial of service in quassel
PR: 209218
Security: CVE-2016-4414
Security: https://vuxml.FreeBSD.org/freebsd/7d64d00c-43e3-11e6-ab34-002590263bf5.html
|
Number of commits found: 6271 (showing only 100 on this page) |