non port: security/vuxml/vuln.xml |
Number of commits found: 6271 (showing only 100 on this page) |
Saturday, 17 Feb 2007
|
11:51 simon
Document php -- multiple vulnerabilities.
|
Wednesday, 17 Jan 2007
|
22:17 gabor
joomla -- multiple remote vulnerabilities
Reviewed by: secteam (remko)
Approved by: erwin (mentor, implicit)
|
Monday, 15 Jan 2007
|
10:58 gabor
Document two sircd vulnerabilities:
sircd -- remote reverse DNS buffer overflow
sircd -- remote operator privilege escalation vulnerability
Reviewed by: secteam (remko)
Approved by: erwin (mentor)
|
Friday, 12 Jan 2007
|
15:11 sem
- Document multple net/cacti vulnerabilities.
|
Monday, 8 Jan 2007
|
16:06 itetcu
Add mplayer RealMedia RTSP streams buffer overflow entry.
PR: ports/107217
Submitted by: Thomas E. Zander (multimedia/mplayer maintainer)
Reviewed by: simon@
|
Saturday, 6 Jan 2007
|
14:15 barner
Document two fetchmail vulnerabilities.
See also: http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt
http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt
Reported by: Matthias Andree (upstream author)
|
Friday, 5 Jan 2007
|
22:45 simon
Document opera -- multiple vulnerabilities.
|
21:32 brooks
Upgrade drupal to 4.7.5 fixing a couple security issues.
Upgrade drupal-pubcookie and drupal-textile to the 4.7 versions.
Submitted by: Nick Hilliard <nick at foobar dot org> (upgrade to 4.7.4)
Security: vid:3d8d3548-9d02-11db-a541-000ae42e9b93
|
Wednesday, 3 Jan 2007
|
17:21 simon
Unbreak file by using & in w3m entry.
Pointy hat to: nobutaka
Reported by: Philipp Wuensche
|
Tuesday, 2 Jan 2007
|
14:12 nobutaka
Document a format string vulnerability of w3m.
|
Wednesday, 27 Dec 2006
|
16:37 gabor
- Document www/plone vulnerability
Reviewed by: simon
Approved by: erwin (mentor)
|
16:31 gabor
- Update the www/zope entry to indicate it is fixed now
PR: ports/106505
Submitted by: HAYASHI Yasushi <yasi@yasi.to>
Reviewed by: simon
Approved by: erwin (mentor)
|
Sunday, 24 Dec 2006
|
13:57 delphij
phpbb -- NULL byte injection vulnerability has been fixed in
their 2.0.22, so mark it as safe. Update to the port is pending.
|
Thursday, 21 Dec 2006
|
06:52 delphij
Add an entry for recently fixed proftpd remote code execution
vulnerabilities.
Reviewed by: remoko
|
Tuesday, 19 Dec 2006
|
20:33 remko
Document gzip -- multiple vulnerabilities, this is FreeBSD-SA06:21.gzip
|
20:16 remko
Document bind9 -- Denial of Service in named(8) which is also known
as FreeBSD-SA-06:20.bind
Notice: The previous commit was FreeBSD-SA-06:19.openssl
|
20:02 remko
Document openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
|
14:46 lth
sql-ledger -- multiple vulnerabilities
Reviewed by: remko
|
Friday, 15 Dec 2006
|
19:47 remko
Update several entries, making them a bit clearer (Were possible),
adjusting some package names, and collapsing some ruby entries that
can be combined. Also properly sort the <bid> and <cvename> tags.
b comes before c.
|
Thursday, 14 Dec 2006
|
20:35 marcus
Document the recent D-BUS vulnerability as described by CVE-2006-6107.
Submitted by: mnag
|
19:27 mnag
- evince -- Buffer Overflow Vulnerability
|
13:44 mnag
- Change spaces to tabs in <name> and <range>
- Remove some empty lines
- Respect 2 spaces between <body> and <p>
- Respect empty line between <vuln vid=""> entry.
|
Wednesday, 13 Dec 2006
|
22:56 miwi
tDiary - Injection Vulnerability
|
12:44 mnag
- wv -- Multiple Integer Overflow Vulnerabilities
|
12:37 mnag
- wv2 -- Integer Overflow Vulnerability
|
07:04 miwi
- Fix tnftpd entry (made validate happy)
|
06:42 miwi
tnftpd - remote root exploit
Reviewed by: simon
Approved by: secteam
|
Tuesday, 12 Dec 2006
|
20:51 mnag
- clamav -- Multipart Nestings Denial of Service
|
Saturday, 9 Dec 2006
|
09:36 remko
Rewrite the libxine entry:
o Use the FDP style to fill in the entry.
o Remove the secunia references and use the libxine information.
o Properly sort the references section
o Add the modified tag (since I changed it).
|
Thursday, 7 Dec 2006
|
17:50 nobutaka
Add an entry for libxine multiple buffer overflow vulnerabilities.
|
12:37 mnag
- Ok. gnupg-devel are not affected.
|
12:24 mnag
- Add gnupg-devel package in last entry
- Add secunia reference in las entry
|
09:00 vd
Forced commit to note that my last commit is:
Approved by: secteam (remko)
|
08:54 vd
* Fix typo in the latest GnuPG entry, inherited from the original message
* Fix the URL in references, the former one gives 404 Not found.
Kuriyama, where did you get it from?
|
00:35 kuriyama
Add CVE-2006-6235 entry for GnuPG.
|
Monday, 4 Dec 2006
|
21:25 stas
- Add a modified field for the entry, touched by the previous commit
|
21:16 stas
- List all affected packages for the Novermber ruby cgi DOS vulnerability
- This vulnerability was not fixed in ruby_static
|
21:10 stas
- Documenet ruby cgi library vulnerability
|
Sunday, 3 Dec 2006
|
07:59 stas
- Document buffer overflow vulnerabilities in the libmusicbrainz.
|
Saturday, 2 Dec 2006
|
16:06 simon
Fix markup in last entry so the file is valid XML again.
Pointy hat to: simon
|
15:09 miwi
- Add a entry for www/tDiary, www/tDiary-devel
Reviewed by: simon
|
11:41 stas
- Document the SGI Image File heap overflow vulnerability in ImageMagick
|
Thursday, 30 Nov 2006
|
20:33 naddy
Document "gtar -- GNUTYPE_NAMES directory traversal vulnerability".
|
00:32 shaun
Document 'kronolith -- arbitrary local file inclusion vulnerability'
|
Tuesday, 28 Nov 2006
|
13:45 simon
In latest gnupg entry:
- Use "Werner Koch reports" instead of "Author reports" to follow
normal style in vuln.xml.
- Fix some indentation and markup in body.
|
05:57 kuriyama
Add recent gnupg one.
|
Tuesday, 21 Nov 2006
|
00:27 shaun
Add <modified> tag to previous proftpd entry.
Requested by: remko
|
Wednesday, 15 Nov 2006
|
14:40 shaun
Add proftpd-mysql to the previous entry.
|
Tuesday, 14 Nov 2006
|
23:25 shaun
Document "proftpd -- Remote Code Execution Vulnerability".
|
16:57 delphij
The Command Injection Vulnerability was corrected by awstats 6.5_2,1.
Submitted by: Alex Samorukov
PR: ports/105233
|
08:35 ehaupt
Add archivers/unzoo Directory Traversal Vulnerability.
Reviewed by: simon
|
Saturday, 11 Nov 2006
|
15:56 simon
Add bugzilla -- multiple vulnerabilities entry.
Update earleir bugzilla entry with better topic, add ja-bugzilla as
also potentially vulnerable (thought the version currently in
ja-bugzilla isn't), and add more references.
|
Wednesday, 8 Nov 2006
|
19:32 remko
Add cvs+ipv6 to the cvsbug to the vulnerability.
PR: ports/104638
Submitted by: KIMURA Yasuhiro <yasu at utahime dot org>
|
17:13 stas
- Document recent vulerabilties in the imlib2.
|
Saturday, 4 Nov 2006
|
21:09 stas
- Document recent vulnerability in the ruby CGI library.
Reviewed by: simon
|
Friday, 3 Nov 2006
|
05:27 dinoex
- pgp < 3.0 and pgpin does not support OpenPGP format
no user given symetric key encryption
Submitted by: dinoex
|
Thursday, 2 Nov 2006
|
06:33 simon
The latest couple of firefox vulnerabilities should be fixed in the
2.0 release, so mark 2.0 as fixed.
Prodded by: ahze
|
Wednesday, 1 Nov 2006
|
13:15 lev
ru-apache and ru-apacvhe+mod_ssl were fixed.
|
Monday, 30 Oct 2006
|
07:34 vd
Add a <modified> tag with the current date to reflect my previous change.
I knew I should ask someone before committing, however trivial was the change.
Spotted by: remko
Approved by: portmgr (implicit)
|
07:04 vd
Fix typo: "Dmitri Lenev reports reports a privilege ..."
Approved by: portmgr (implicit)
|
Sunday, 29 Oct 2006
|
19:07 simon
Document screen -- combined UTF-8 characters vulnerability.
Approved by: portmgr (secteam blanket)
|
13:50 simon
Document two MySQL privilege escalations.
PR: ports/104890
Submitted by: Henrik Brix Andersen <henrik@brixandersen.dk>
Approved by: portmgr (secteam blanket)
|
Monday, 23 Oct 2006
|
13:15 miwi
- Add entry for www/serendipity and www/serendipity-devel
Reviewed by: markus@
Approved by: portmgr (implicit VuXML), secteam (Remko (not reviewed yet))
|
11:15 markus
Document an integer overflow vulnerability in Qt and kdelibs, based on an
entry by sat
Approved by: portmgr (erwin)
|
Friday, 20 Oct 2006
|
22:59 simon
Add reference, which I missed the first time around, from Opera
Software to opera -- URL parsing heap overflow vulnerability entry,
Approved by: portmgr (secteam blanket)
|
22:56 simon
Document opera -- URL parsing heap overflow vulnerability.
Approved by: portmgr (secteam blanket)
|
22:45 simon
Minor correction to last commit; the NVIDIA driver version 1.0.8762
was also affected, so mark it as such.
Approved by: portmgr (secteam blanket)
|
22:32 simon
Update entry for nvidia-driver -- arbitrary root code execution
vulnerability:
- Add new info about vulnerable versions from NVIDIA.
- Add workaround.
- Add more references.
- Remove suggestion to move to "nv" driver now that we have a simpler
workaround.
Approved by: portmgr (secteam blanket)
Parts submitted by: mnag
|
08:13 remko
Document asterisk -- remote heap overwrite vulnerability
Approved by: portmgr (VuXML blanket)
Submitted by: Thomas Sandford
Facilitated by: Snow B.V.
|
07:44 remko
Some style changes to the plone entry.
Previous commit was also reviewed by myself.
Approved by: portmgr (Blanket VuXML)
Facilitated by: Snow B.V.
|
Thursday, 19 Oct 2006
|
22:47 miwi
- Add a entry for www/plone
Approved by: portmgr (erwin)
|
13:48 shaun
Document:
drupal -- HTML attribute injection
drupal -- cross site request forgeries
drupal -- multiple XSS vulnerabilities
Submitted by: brooks
Reviewed by: remko
Approved by: portmgr (erwin)
|
13:19 shaun
Document "ingo -- local arbitrary shell command execution"
Submitted by: thierry
Reviewed by: remko
Approved by: portmgr (erwin)
|
Tuesday, 17 Oct 2006
|
20:45 simon
Update php -- _ecalloc Integer Overflow Vulnerability entry with
details from Steffan Essers advisory about the implications of this
issue. The advisory was not public when this issue was initially
fixed.
Approved by: portmgr (secteam blanket)
|
09:21 erwin
Mark multimedia/win32-codecs as not-vulnerable after the quicktime codecs
were optional. The quicktime codecs are still vulnerable though, but we
rely on the conditional FORBIDDEN statement in the ports Makefile for this.
Approved by: portmgr (self), secteam (simon)
|
Monday, 16 Oct 2006
|
21:54 simon
Document "nvidia-driver -- arbitrary root code execution vulnerability".
Note that I haven't actually had time to make a test system to reproduce
this on FreeBSD, but due to the nature of this issue and that there is a
PoC exploit in the advisory, I'm adding this entry due to "better safe
than sorry"...
Approved by: portmgr (secteam blanket)
|
17:44 sat
- Mark php open_basedir fixed
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket)
|
14:32 mnag
- clamav -- CHM unpacker and PE rebuilding vulnerabilities
Approved by: portmgr (mnag with secteam hat)
|
Sunday, 15 Oct 2006
|
19:43 sat
- Add some references
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket)
|
16:04 sat
- Document temporary file symlink privilege escalation in tkdiff
- Correct Javier's name spelling in an old advisory
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket)
|
11:31 sat
- Document multiple remote file inclusion vulnerabilities in vtiger
Reviewed by: secteam (simon)
Approved by: portmgr (secteam blanket)
|
Saturday, 14 Oct 2006
|
12:32 sat
- Document heap overflow in the KML engine in google-earth
Reviewed by: secteam (simon)
Approved by: portmgr (implicit)
|
Wednesday, 11 Oct 2006
|
08:32 erwin
devel/cscope was fixed in version 15.6 so use lt instead of le.
Submitted by: joerg
Pointyhat to: erwin
Approved by: portmgr (self)
|
Monday, 9 Oct 2006
|
15:45 simon
Mark zgv as fixed wrt. "zgv, xzgv -- heap overflow vulnerability".
|
Sunday, 8 Oct 2006
|
16:41 sat
- Add php-suhosin to edabe438-542f-11db-a5ae-00508d6a62df
as per original advisory
Discussed with: ale
|
07:44 sat
- Fix python package naming in 6afa87d3-764b-11d9-b0e7-0000e249a0a2
Reported by: simon
|
07:17 simon
Update versions affected by python -- buffer overrun in repr() for
unicode strings:
- Python 2.5.c2 was already fixed (verified in upstream SVN).
- Python 2.4 port just got the fix.
- I can't find any trace of python23, python22, and python-devel ever
having existed as package names, so I removed them.
- Add python+ipv6. I don't really know if it contained the
problematic unicode code, but better safe than sorry.
|
06:51 simon
Fix whitespace in openssh -- multiple vulnerabilities entry, which I
originally missed.
|
Saturday, 7 Oct 2006
|
23:01 tmclaugh
Update vuxml id 5a39a22e-5478-11db-8f1a-000a48049292
- Fixed in version 1.1.13.8.1
|
22:16 tmclaugh
Remove mono-devel and mono-svn from 5a39a22e-5478-11db-8f1a-000a48049292
- These are packages from BSD#'s (my project) development repo. Don't even
give the impression that FreeBSD is supporting security updates for an
outside project.
|
15:22 sat
- Remove an empty url (a typo)
|
09:24 sat
- Document User-Agent XSS Vulnerability in torrentflux
|
09:13 sat
- Document buffer overrun in repr() for unicode strings in python
|
Friday, 6 Oct 2006
|
20:57 erwin
devel/cscope was fixed in version 15.6
Glanced at by: remko
|
05:12 sat
- Document _ecalloc Integer Overflow Vulnerability in php5
|
Thursday, 5 Oct 2006
|
21:34 sat
- Update an old mambo advisory and document its new vulnerabilities
|
16:46 sat
- Add linux-curl to a curl advisory and tweak versions a bit
|
16:38 sat
- Add ja-lynx* to a lynx advisory
|
16:32 sat
- chinese/tin was also vulnerable
|
16:30 sat
- Document buffer overflow vulnerabilities in tin
|
Number of commits found: 6271 (showing only 100 on this page) |