non port: security/vuxml/vuln.xml |
Number of commits found: 6271 (showing only 100 on this page) |
Friday, 9 Nov 2007
|
10:00 miwi
- Document tikiwiki -- multiple vulnerabilities
Reviewed by: simon
Approved by: portmgr (ports-security blanket)
|
07:51 delphij
Document cups-base remote buffer overflow vulnerability.
Approved by: portmgr (ports-security blanket)
|
Wednesday, 7 Nov 2007
|
22:03 delphij
Make perl entry to cover perl-threaded as well.
Reported by: Andy Greenwood <greenwood.andy gmail com>
Approved by: portmgr (ports-security blanket)
|
Tuesday, 6 Nov 2007
|
22:19 miwi
- Document perl -- regular expressions unicode data buffer overflow
Reviewed by: simon/tobez
Approved by: portmgr (blanket) (ports-security blanket)
|
18:28 delphij
Document pcre arbitrary code execution vulnerability.
Approved by: portmgr (ports-security blanket)
|
11:03 beech
- perdition entry - correct range
Approved by: portmgr (pav) linimon (mentor)
|
09:58 beech
- Add entry for mail/perdition
PR: ports/117796
Approved by: portmgr (pav), linimon (mentor)
|
Monday, 5 Nov 2007
|
21:12 miwi
- gftp -- multiple vulnerabilities
Reviewed by: simom
Approved by: portmgr (blanket) (ports-security blanket)
|
11:46 miwi
- Update dirproxy -- remote denial of service
* Add net/dirproxy with the same affect
* Update net/dirproxy-devel as safe
Reviewed by: simon
Approved by: portmgr (blanket) (ports-security blanket)
|
Sunday, 4 Nov 2007
|
13:43 miwi
- dirproxy -- remote denial of service
Reviewed by: remko
Approved by: portmgr (blanket) (ports-security blanket)
|
Thursday, 1 Nov 2007
|
15:16 miwi
- Fix discovery date on my previous commit
Approved by: portmgr (ports-security blanket)
|
12:46 miwi
- document wordpress -- cross-site scripting
Reviewed by: simon
Approved by: portmgr (ports-security blanket)
|
00:58 delphij
Extend coverage to OpenLDAP 2.4.x series which is affected according
to CVS history.
Approved by: portmgr (ports-security blanket)
|
Wednesday, 31 Oct 2007
|
21:48 delphij
Document openldap multiple vulnerabilities.
Approved by: portmgr (ports-security blanket)
|
17:21 simon
Bump modified date for entry updated in last commit.
Approved by: portmgr (secteam blanket)
|
16:38 girgen
Update vuxml to reflect that mod_jk and mod_jk-ap2 have
different portepochs.
Approved by: portmgr (pav)
|
12:44 miwi
- Update mozilla -- code execution via Quicktime media-link files
PR: 117704
Submitted by: John Hein <jhein@timing.com>
Reviewed by: simon
Approved by: portmgr (blanket) secteam (blanket via simon)
|
Sunday, 28 Oct 2007
|
22:22 delphij
Document django DoS issue.
|
Friday, 26 Oct 2007
|
20:41 miwi
- Fix day entry for 498a8731-7cfc-11dc-96e6-0012f06707f0
Reviewed by: simon
|
Thursday, 25 Oct 2007
|
18:34 miwi
- Document opera -- multiple vulnerabilities
Reviewed by: remko
|
08:47 miwi
- Document drupal --- multiple vulnerabilities
Reviewed by: simon
|
Tuesday, 23 Oct 2007
|
11:12 miwi
- Document ldapscripts -- Command Line User Credentials Disclosure
PR: 117152
Submitted by: Ganael Laplanche <ganael.laplanche at martymac.com>
(maintainer/author)
rafan@
Reviewed by: simon@
|
Monday, 22 Oct 2007
|
18:51 delphij
Modify firefox entry to cover linux-* variants.
|
01:37 delphij
Document firefox JavaScript Entrapment vulnerabilities.
|
Saturday, 20 Oct 2007
|
20:48 miwi
- Fix year entry in 498a8731-7cfc-11dc-96e6-0012f06707f0
Submitted by: freshports
Thanks to: Dan Langille
|
Friday, 19 Oct 2007
|
14:23 mnag
- Add new line between entries.
|
Wednesday, 17 Oct 2007
|
22:15 stas
- Add entry about recent phpMyAdmin XSS server_status.php vulnerability
- Fix URL in my previous entry while I'm here.
|
Tuesday, 16 Oct 2007
|
18:29 stas
- Fix package name in 51b51d4a-7c0f-11dc-9e47-0011d861d5e2 and
229577a8-0936-11db-bf72-00046151137e entries (phpmyadmin->phpMyAdmin).
|
18:13 stas
- Add entry about phpMyAdmin XSS vulnerability.
|
Saturday, 13 Oct 2007
|
09:45 miwi
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
Reviewed by: simon
|
Thursday, 11 Oct 2007
|
17:28 miwi
Document png -- multiple vulnerabilities
Reviewed by: simon
|
Wednesday, 10 Oct 2007
|
12:47 remko
Document ImageMagick - Multiple vulnerabilities
Submitted by: Nick Barkas
|
12:35 remko
Correct mediawiki package names.
Spotted by: Nick Barkas
|
Tuesday, 9 Oct 2007
|
07:18 miwi
- Dokument jdk/jre -- Applet Caching May Allow Network Access Restrictions to be
Circumvented
Reviewed by: remko
|
Monday, 8 Oct 2007
|
12:05 flz
Document xfs -- multiple vulnerabilities.
|
Friday, 5 Oct 2007
|
09:35 miwi
- Document tcl/tk -- buffer overflow in ReadImage function
PR: 116881
Submitted by: Nick Barkas <snb@threerings.net>
Reviewed by: simon
|
Thursday, 4 Oct 2007
|
22:56 delphij
Document firebird multiple remote buffer overflow vulnerabilities
|
Tuesday, 2 Oct 2007
|
18:27 remko
Update the bugzilla and mediawiki entries to properly match their corrected
versions.
Prodded by: Nick Barkas (and a few others)
|
02:04 delphij
Update to reflect the fixed version of id3lib.
|
Monday, 1 Oct 2007
|
21:04 delphij
Document id3lib insecure temporary file creation vulnerability
|
Sunday, 23 Sep 2007
|
09:09 miwi
- modify mediawiki entry (add missing mediawiki18)
Reviewed by: remko
|
01:37 delphij
Some PHP 5.x vulnerabilities is also found in PHP 4.x series,
unfortunately it seems that there is no newer PHP release to
fix these issue for 4.x series, so mark it as so.
While I'm there add a new CVE that was not mentioned in
previous revision of entry.
|
Friday, 21 Sep 2007
|
13:14 remko
Document mediawiki -- cross site scripting vulnerability, our port versions
had not been updated yet, 1.8.x is not vulnerable by default unless you are
using the $wgEnableAPI = true; statement, in that case please set it to
$wgEnableAPI = false; (where possible ofcourse, else upgrade to 1.8.5).
|
13:02 remko
Document wordpress -- remote sql injection vulnerability, our versions are
already up to date for this vulnerability.
|
12:41 remko
samba -- nss_info plugin privilege escalation vulnerability, the FreeBSD
port had already been fixed for this.
|
06:49 remko
Document bugzilla -- multiple vulnerabilities
PR: ports/116060
Submitted by: Nick Barkas <snb at threerings dot net>, minor nits from me
|
06:35 delphij
Document clamav CVE-2007-4510 issue (Remote DoS).
|
Thursday, 20 Sep 2007
|
12:20 remko
Document coppermine -- multiple vulnerabilities, the FreeBSD
port is already up to date.
|
12:12 remko
Document openoffice -- arbitrary command execution vulnerability,
all current versions marked vulnerable, everything as of 2.3 is
believed to be fixed, but we do not have that yet ( I am also not
sure whether the -devel version has the correct fix or not ) so
lets be on the safe side till we know what version will be fixed
in our repro.
|
12:04 remko
Document bugzilla -- "createmailregexp" security bypass vulnerability,
marking all versions as vulnerable till we know what version is the
one fixed in our CVS repository.
|
Wednesday, 19 Sep 2007
|
19:24 simon
Spell Ulf Harnhammar (ASCII version of name) using UTF-8 instead of HTML
entities which can't be assumed is available to a paser by default.
This fixes a warning from packaudit.
|
17:06 remko
Document kdm -- passwordless login vulnerability
Document konquerer -- address bar spoofing
Inspired by: lofi's cvs commits
|
16:56 remko
Document flyspray -- authentication bypass
Submitted by: Nick Hilliard <nick at foobar dot org>
|
16:50 remko
Document mozilla -- code execution via Quicktime media-link files,
The Mozilla advisory talks somewhat about Windows for this matter,
but better be safe then sorry (An updated firefox is available already).
|
Thursday, 13 Sep 2007
|
05:50 delphij
Update the PHP vulnerability entry:
- Use php5 to cover php 5.x as the port did.
- Add more information about the vulnerability.
Submitted by: Nick Barkas <snb threerings net>
PR: ports/116182
|
Tuesday, 11 Sep 2007
|
19:40 remko
Correct a style nit and bump modification date.
Bump modification date for "xpdf -- stack based buffer overflow"
which was forgotten by Jeremy (mezz) :-)
|
06:20 delphij
Document Apache 2.0.x, 2.2.x series' vulnerabilities as well
as security related improvements in php 5.2.4.
|
Monday, 10 Sep 2007
|
21:59 mezz
There is no code of CVE-2007-3387 vulnerability in evince, therefore remove
it from the database. It only merely depends on poppler and poppler has been
patched (marked as safe in database).
|
13:37 mnag
- lighttpd -- FastCGI header overrun in mod_fastcgi
|
Wednesday, 5 Sep 2007
|
11:26 remko
Fix mod_jk's version since PORTEPOCH came into play.
PR: 116115
Reported by: Klavs Klavsen <klavs at EnableIT dot dk>
|
08:50 gabor
rkhunter -- insecure temporary file creation
Reviewed by: remko
|
08:47 gabor
lsh -- multiple vulnerabilities
Reviewed by: remko
|
Sunday, 2 Sep 2007
|
12:09 simon
Document fetchmail -- denial of service on reject of local
warning message.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
PR: ports/??? (Not received by GNATS yet)
|
Saturday, 1 Sep 2007
|
16:04 naddy
Document gtar directory traversal vulnerability.
PR: 115914
Submitted by: Nick Barkas <snb@threerings.net>
|
Tuesday, 28 Aug 2007
|
21:03 miwi
- Marked sylpheed2 as safe.
Reviewed by: remko
|
Monday, 27 Aug 2007
|
19:52 miwi
- Fix a typo.
|
19:44 miwi
- Document Sylpheed / Sylpheed-Claws POP3 Format String Vulnerability
Reviewed by: simon
|
Saturday, 25 Aug 2007
|
19:36 simon
From latest Opera entry:
- Remove redundant information.
- Bump modified date for recent changes to the entry.
|
Friday, 24 Aug 2007
|
15:20 itetcu
linux-opera and (for the moment defunct) opera-devel are also affected by
df4a7d21-4b17-11dc-9fc2-001372ae3ab9 - Vulnerability in javascript handling so
addd them to the entry.
Submitted by: sat@
|
Wednesday, 22 Aug 2007
|
16:31 delphij
Update vuln.xml for rsync 2.6.9_1 which fixed CVE-2007-4091
|
Tuesday, 21 Aug 2007
|
17:20 delphij
Document rsync off-by-one stack overflow vulnerability.
|
Thursday, 16 Aug 2007
|
11:53 miwi
- Update the wordpress -- unmoderated comments disclosure entry. Is safe with
the 2.2.2 Release.
Approved by: simon
|
Wednesday, 15 Aug 2007
|
12:15 itetcu
Add info about www/opera's JavaScript vulnerability
PR: ports/115543
Submitted by: Arjan van Leeuwen (maintainer)
Reviewed by: simon@
|
Friday, 10 Aug 2007
|
07:31 remko
Fix the flac entry by specificing the correct fixed version.
Bump modification date to reflect the above change.
Submitted by: Stefan Ehmann
|
Thursday, 2 Aug 2007
|
19:52 miwi
- Document fsplib -- multiple vulnerabilities
Reviewed by: remko
|
18:50 miwi
Document joomla -- multiple vulnerabilities
Approved by: simon/remko
|
11:09 remko
Use the superseded attribute in the cancelled tcpdump entry.
Requested by: simon
|
07:22 remko
Document FreeBSD -- Buffer overflow in tcpdump(1).
See: FreeBSD-SA-07:06.tcpdump
This commit also takes over the older tcpdump entry that was specific
to ports, I merged that into this entry and I retired the old one.
|
06:18 remko
Bump modification date for: SA-07:04.file
Which I just touched.
|
06:17 remko
Correct the fixed version for the jail advisory which was revised yesterday.
Also correct the <freebsdsa>FreeBSD-SA* tags which should not have FreeBSD
in between.
|
06:15 remko
Document FreeBSD -- Predictable query ids in named(8)
See: FreeBSD-SA-07:07.bind
|
Wednesday, 1 Aug 2007
|
17:51 miwi
- Marked phpSysInfo as safe
Reviewed by: remko
|
00:47 shaun
Update phpSysInfo entry: the current version (2.5.3) is affected.
|
Tuesday, 31 Jul 2007
|
22:21 miwi
Update mozilla entry
- Marked seamonkey as safe
Submitted by: John E. Hein <jhein@timing.com>
Reviewed by: simon
|
14:43 miwi
Update the xpdf entry
- Marked poppler as save
|
13:33 miwi
Update xpdf entry
- Marked cups-base as safe
- Add poppler as affected port
Reviewed by: simon
|
11:31 miwi
- Fix tcpdump entry
|
11:30 miwi
Document xpdf -- stack based buffer overflow
Reviewed by: simon/remko
|
09:49 miwi
- Fix a typo
Submitted by: shaun
|
07:50 miwi
- Document tcpdump -- remote integer underflow vulnerability
Reviewed by: remko
|
Sunday, 29 Jul 2007
|
18:28 miwi
- Document mutt -- buffer overflow vulnerability
Reviewed by: remko
|
11:29 miwi
- Document p5-Net-DNS -- multiple Vulnerabilities
Reviewed by: remko
|
Saturday, 28 Jul 2007
|
21:52 miwi
- Document phpsysinfo -- url Cross-Site Scripting
|
15:28 miwi
- Document drupal -- Cross site request forgeries
- Document drupal -- Multiple cross-site scripting vulnerabilities
Submitted by: nick@foobar.org
Reviewed by: simon
|
Friday, 27 Jul 2007
|
18:04 miwi
- Document vim -- Command Format String Vulnerability
Approved by: simon
|
Thursday, 26 Jul 2007
|
22:06 miwi
- Document libvorbis - Multiple memory corruption flaws
Submitted by: lx@
Reviewed by: simon
|
Tuesday, 24 Jul 2007
|
14:31 delphij
Document XSS vulnerabilities in several tomcat versions;
update affected tomcat versions for CVE-2005-2090.
|
14:17 delphij
The previous vuxml entry applies to jakarta-tomcat 4.0.x as well, so mark
it as affected as well. Since there is no newer release I have used 4.1.0
as the "fixed" version.
|
13:54 delphij
Document multiple vulnerabilities found in www/tomcat41
|
08:00 delphij
Document dokuwiki spellchecker XSS vulnerabilities
|
Number of commits found: 6271 (showing only 100 on this page) |