17:29 lme 

Document icingaweb2 vulnerability

 

16:26 sunpoet 

Document curl vulnerability

 

15:59 wen 

- Update a cvename entry

 

15:30 wen 

- Document python37 and python36 multiple vulnerabilities

PR:		248751
Submitted by:	mwalker@carbonhouse.com

 

08:24 zeising 

vuxml: Document security/trousers issues

Reapply r545263, but do it properly this time.
Document security issues in security/trousers.

 

03:30 gjb 

Revert r545263, which excludes the package name, version(s) affected,
and includes "INSERT BLOCKQUOTE URL HERE" for a URL, suggesting the
'make validate' target was clearly not executed.

 

23:17 zeising 

vuxml: Document security issues in security/trousers

 

19:36 rene 

Document new vulnerability in www/chromium < 84.0.4147.135

 

20:10 flo 

Document ceph vulnerability

PR:		248673
Submitted by:	Willem Jan Withagen <wjw@digiware.nl>

 

17:00 lwhsu 

Document Jenkins Security Advisory 2020-08-17

Sponsored by:	The FreeBSD Foundation

 

17:45 rodrigo 

security/vuxml: Update rsync issues with zlib

 

13:27 swills 

Document py-ecdsa issue

 

14:10 dbaio 

security/vuxml: Document net-mgmt/snmptt issue

PR:		248162
Reported by:	nistor@snickers.org

 

00:14 ler 

security/vuxml: mail/dovecot multiple vulnerabilities.

 

10:48 mandree 

graphics/ilmbase, graphics/openexr: mention security fixes in v2.5.3

No CVE numbers available at this time.

Security:	b1d6b383-dd51-11ea-a688-7b12871ef3ad

 

13:31 lwhsu 

Document Jenkins Security Advisory 2020-08-12

Sponsored by:	The FreeBSD Foundation

 

19:31 rene 

Document new vulnerabilities in www/chromium < 84.0.4147.125

 

03:14 romain 

Document puppetdb5 vulnerability

 

13:30 danilo 

- Document ftp/bftpd vulnerabilities

 

08:00 pi 

security/vuxml: add www/trafficserver entry for CVE-2020-9494

PR:		247713
Submitted by:	spam123@bitbert.com

 

18:52 brnrd 

security/vuxml: www/mod_http2 also vulnerable to latest Apache httpd vulns

 

09:53 brnrd 

security/vuxml: Add Apache httpd vulnerabilities

 

17:22 dmgk 

security/vuxml: Document lang/go vulnerability

 

07:35 mfechner 

Document gitlab-ce vulnerabilities.

 

03:43 philip 

security/vuxml: correct a typo in SA-20:22.sqlite

Pointy hat to:  philip

 

03:31 philip 

security/vuxml: add FreeBSD SA-20:23.sendmsg

 

03:31 philip 

security/vuxml: add FreeBSD SA-20:21.usb_net

 

03:31 philip 

security/vuxml: add FreeBSD SA to sqlite3 entry

Reference FreeBSD-SA-20:22.sqlite and correct the fixed patch releases
in the recent sqlite3 entry.

 

09:30 joneum 

add entry for typo3-9 and typo3-10

PR:		248430 248429
Sponsored by:	Netzkommune GmbH

 

13:50 zeising 

vuxml: Document vulns in xorg-server and libX11

Document two vulnerabilities, one in xorg-server and one in libX11.
The one in libX11 is a heap corruption vulnerability. [1]
The one in xorg-server (and slave ports) is a uninitialized memory
disclosure.  [2]

Security:	CVE-2020-14344[1], CVE-2020-14347 [2]

 

13:57 wen 

- Document python38 multiple vulnerabilities

 

17:10 tcberner 

security/vuxml: fix randomly introduced typo

Pointy hat:	tcberner
Reported by:	kevans

 

15:54 tcberner 

Document vulnerability in archivers/ark

- fixed in r543704 (head), r543705 (2020Q3)

 

17:42 rene 

Document new vulnerabilities in www/chromium < 84.0.4147.105

Obtained
from:	https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html

 

12:19 riggs 

Document out-of-bounds-read in libsndfile (CVE-2019-3832).

PR:		248268

 

04:38 kevans 

security/vuxml: document new vulnerability in net/freerdp < 2.2.0

PR:		248198

 

01:00 leres 

security/vuxml: Mark zeek < 3.0.8 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v3.0.8

Two potential stack overflows.

 

08:48 joneum 

Add entry for Cacti

PR:		248140
Sponsored by:	Netzkommune GmbH

 

19:08 sunpoet 

Document wagtail vulnerability

 

18:37 joneum 

Fix typo

Reported by:	cmt
Sponsored by:	Netzkommune GmbH

 

17:32 joneum 

Add entry for pango

Sponsored by:	Netzkommune GmbH

 

14:43 joneum 

Fix typo

Sponsored by:	Netzkommune GmbH

 

14:42 joneum 

modified the tomcat entry and add CVE-2020-11996

PR:		247555
Sponsored by:	Netzkommune GmbH

 

11:54 joneum 

Add entry for www/tomcat{7,85,9,-devel}

PR:		247975
Sponsored by:	Netzkommune GmbH

 

17:17 cy 

Fixup affected versions, imprecisely.

Reported by:	mat

 

08:10 wen 

- Document multiple vulnerabilities of python38
- Fix 2 typos in my last commit

 

09:11 madpilot 

Document multiple vulnerabilities in VirtualBox>

PR:		244212
Submitted by:	Nikita Stepanov <nikitastepan0v@bk.ru>

 

05:44 pi 

security/vuxml: Document multiple vulnerabilities in clamav

- CVE-2020-3350, CVE-2020-3327, CVE-2020-3481

PR:		248027
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>

 

12:02 mandree 

vuln db: record OpenEXR/ilmbase < 2.5.2 vulnerabilities

Security:	714e6c35-c75b-11ea-aa29-d74973d1f9f3

 

18:13 rene 

Document new vulnerabilities in www/chromium < 84.0.4147.89

Obtained
from:	https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

 

16:58 lwhsu 

Document Jenkins Security Advisory 2020-07-15

Sponsored by:	The FreeBSD Foundation

 

11:40 brnrd 

security/vuxml: Add MySQL vulns from pre-announce

 

05:30 philip 

security/vuxml: update CVE-2020-1266[23] entry

Note vulnerable FreeBSD releases and add a reference to
FreeBSD-SA-20:19.unbound.

 

05:30 philip 

security/vuxml: add FreeBSD SA-20:20.ipv6

 

05:30 philip 

security/vuxml: add FreeBSD SA-20:18.posix_spawnp

 

21:52 joneum 

Add entry for www/mybb

Sponsored by:	Netzkommune GmbH

 

17:09 cy 

Correct FreeBSD versions vulnerable to the latest sqlite3
vulnerabilities. This will be updated by so@ at a future date.

PR:		247865
Submitted by:	Yasuhiro KIMURA <yasu at utahime.org>
Reported by:	Yasuhiro KIMURA <yasu at utahime.org>
Approved by:	ports-secteam (jonenum)

 

19:20 sunpoet 

Document rubygem-kramdown vulnerability

 

11:49 tijl 

Document Mbed TLS security advisory 2020-07.

Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07

 

10:14 mfechner 

Document gitlab vulnerability.

 

02:02 wen 

- Document python37 multiple vulnerabilities

 

00:45 timur 

Add entry about Samba vulnerabilities CVE-2020-10730, CVE-2020-10745,
CVE-2020-10760, CVE-2020-14303

PR:		247725
Security:	CVE-2020-10730
		CVE-2020-10745
		CVE-2020-10760
		CVE-2020-14303

 

15:37 joneum 

Add entry for anydesk

PR:		247406
Sponsored by:	Netzkommune GmbH

 

07:04 lwhsu 

Document net-im/py-matrix-synapse security issue before 1.15.2

PR:		247720
Submitted by:	Sascha Biberhofer <ports@skyforge.at>

 

06:02 tcberner 

Document vulnerability in dbus < 2.12.18

* See [1] for details.
* The port is already updated to 2.12.18.

[1] https://gitlab.freedesktop.org/dbus/dbus/-/issues/294

PR:		247340
Submitted by:	rob2g2 <spam123@bitbert.com>
Security:	CVE-2020-12049

 

19:21 mfechner 

Document gitlab vulnerabilities.

 

17:33 yuri 

security/vuxml update: coturn CVE-2020-4067 for net/coturn

 

08:58 joneum 

Add entrx for dns/powerdns-recursor

PR:		247707
Submitted by:	Ralf van der Enden <tremere@cainites.net>
Sponsored by:	Netzkommune GmbH

 

08:50 joneum 

Add entry for Drupal 7

Sponsored by:	Netzkommune GmbH

 

08:04 meta 

Document xrdp CVE-2020-4044 vulnerability

 

16:58 pi 

security/vuxml: add mongodb CVE entry

- See also: https://jira.mongodb.org/browse/SERVER-45472

PR:		247392
Submitted by:	Ronald Klop <ronald-lists@klop.ws>

 

21:47 naddy 

Document libvorbis vulnerabilities CVE-2017-14160 and CVE-2018-10392.

 

13:52 mandree 

security/putty: two security vulnerabilities in versions < 0.74

Security:	6190c0cd-b945-11ea-9401-2dcf562daa69
Security:	CVE-2020-14002
Security:	FZI-2020-5

 

19:26 zeising 

vuln.xml: Adjust sqlite version in sqlite entry

Update the sqlite versions affected in the latest sqlite entry.  The entry
failed to take PORTEPOCH into account, and without this fix pkg audit fails
to mark sqlite as vulnerable when it's not updated to the latest version,
since any version with PORTEPOCH set will always be greater than any version
without.

PR:		247149

 

21:53 gjb 

Fix build, again...

Sponsored by:	Rubicon Communications, LLC (netgate.com)

 

21:30 rene 

Document new vulnerablities in www/chromium < 83.0.4103.116

 

20:30 zeising 

Update VuXML with security issues in mail/mutt

PR:		247399
Submitted by:	Derek Schrock

 

17:59 sunpoet 

Document curl vulnerability

 

14:42 gjb 

Attempt to fix build.

Sponsored by:	Rubicon Communications, LLC (netgate.com)

 

14:10 tijl 

Document CUPS CVE-2019-8842 and CVE-2020-3898.

PR:		246011
Security:	https://github.com/apple/cups/releases/tag/v2.3.3

 

13:14 sunpoet 

Clean up unnecessary "<p>.</p>" in blockquote section

 

16:13 sunpoet 

Document rails vulnerability

 

14:29 tcberner 

security/vuxml: Document multimedia/vlc Vulnerability

PR:		247341
Security:	CVE-2020-13428

 

14:45 lme 

security/vuxml:

Document CVE-2020-13882 and CVE-2019-13033 for security/lynis.

 

08:05 philip 

security/vuxml: CVE-2020-8618 and CVE-2020-8619

ISC published CVE-2020-8618 affecting dns/bind916 and CVE-2020-8619
affecting dns/bind911 and dns/bind916.  Both ports were updated.

 

14:08 dbaio 

security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries

Python 3.6 and 3.7 are not vulnerable in the ports tree anymore.
Change range for python35 to <le>, suggested by swills.

PR:		246984, 246738

 

08:20 fluffy 

security/vuxml: document libreoffice <6.4.4 security issues

PR:		247196
Submitted by:	rob2g2 <spam123@bitbert.com>

 

04:43 cy 

Document multiple sqlite3 vulnerabilities with CVSS scores ranging
from 5.5 (medium) to 7.5 (high).

PR:		247149

 

04:47 bhughes 

security/vuxml: document Node.js June 2020 Security Releases

https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/

Sponsored by:	Miles AS

 

13:24 ehaupt 

Document net-mgmt/tcpreplay vulnerabilities

 

00:36 dbaio 

security/vuxml: Document irc/znc issue

Security:	CVE-2020-13775

 

12:12 mfechner 

Document npm vulnerabilities.

 

09:12 ehaupt 

Document the audio/libadplug vulnerabilities:

https://github.com/adplug/adplug/releases/tag/adplug-2.3.3

 

02:29 leres 

security/vuxml: Mark zeek < 3.0.7 as vulnerable as per:

    https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS

Various issues including stack overflows and memory leaks.

 

21:50 jkim 

Document the latest Flash Player vulnerability.

https://helpx.adobe.com/security/products/flash-player/apsb20-30.html

 

16:59 gordon 

Add FreeBSD-SA-20:17.usb.

Approved by:	so

 

16:26 joneum 

Unbreak vuxmlbuild

Parsing VuXML ...Application exception:
bad CVE name for vid 669f3fe8-a07a-11ea-b83e-f0def1f5c5a2: GHSL-2020-100 @ho:215
*** Error code 1

Sponsored by:	Netzkommune GmbH

 

15:49 kevans 

security/vuxml: document new vulnerabilities in net/freerdp < 2.1.0

PR:		246931, 245517
Obtained from:	https://github.com/FreeRDP/FreeRDP/blob/2.1.0/ChangeLog
Approved by:	koobs (mentor)

 

02:20 dbaio 

security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entries

CVE-2019-18348:	Add missing Python packages range
CVE-2020-8492:	Fix Python 3.7 entrie, it's currently affected.

After committing fixes, we'll need to change ranges again.

PR:		246984

 

10:51 rene 

Document new vulnerabilities in www/chromium < 83.0.4103.97

Obtained
from:	https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html