non port: security/vuxml/vuln.xml |
Number of commits found: 6271 (showing only 100 on this page) |
Thursday, 5 Oct 2006
|
14:47 sat
- Use >0 for unpatched vulnerabilities
Submitted by: simon
|
14:31 sat
- Document slapd acl selfwrite Security Issue in openldap
|
14:00 sat
- Document "System.CodeDom.Compiler" Insecure Temporary Creation in mono
|
05:24 sat
- Document open_basedir Race Condition Vulnerability in php
|
Wednesday, 4 Oct 2006
|
17:10 sat
- Document NULL byte injection vulnerability in phpbb
|
10:27 sat
- Add references and use earlier discovery date in
fffa9257-3c17-11db-86ab-00123ffe8333
|
Tuesday, 3 Oct 2006
|
12:14 sat
- Add CVE names to 19b17ab4-51e0-11db-a5ae-00508d6a62df
|
12:10 sat
- Document admin section SQL injection in postnuke
|
Monday, 2 Oct 2006
|
12:39 sat
- Document LWFN Files Buffer Overflow Vulnerability in freetype
|
12:21 sat
- Document Buffer Overflow Vulnerabilities in cscope
|
12:05 sat
- Document RSA Signature Forgery Vulnerability in gnutls
|
11:50 sat
- Document Search Unspecified XSS in MT
|
11:38 sat
- Update dokuwiki advisories
|
06:59 sat
- Document latest XSRF vulnerabilities in phpmyadmin
|
Sunday, 1 Oct 2006
|
07:34 sat
- Mark gtetrinet 0.7.10 safe
|
Saturday, 30 Sep 2006
|
20:52 simon
Document openssh -- multiple vulnerabilities AKA
FreeBSD-SA-06:22.openssh.
|
10:25 sat
- Document multiple vulnerabilities in dokuwiki
|
09:36 sat
- Document multiple vulnerabilities in tikiwiki
|
09:10 sat
- Document NULL byte injection vulnerability in punbb
|
Tuesday, 26 Sep 2006
|
18:43 sat
- Concisify a Secunia report
- Use <gt>0 for an unpatched bug
Suggested by: simon
|
06:29 sat
- Document (another) Denial of Service Vulnerability in freeciv
|
06:12 sat
- Document Packet Parsing Denial of Service Vulnerability in freeciv
|
05:47 sat
- Document multiple vulnerabilities in plans
|
05:27 sat
- Update the unace advisory
|
Monday, 25 Sep 2006
|
19:38 sat
- Document multiple XSS security bugs in eyeOS
|
Friday, 22 Sep 2006
|
13:05 sat
- Document restructuredText "csv_table" Information Disclosure in zope
|
12:23 sat
- Document stack-based buffer overflow in libmms
|
07:08 sat
- Document Opera SSL RSA Signature Forgery
|
05:59 simon
Bump modified data which was missed in last commit.
|
Thursday, 21 Sep 2006
|
17:07 sat
- Mark latest linux-{firefox,seamonkey}-devel safe
|
Friday, 15 Sep 2006
|
10:18 simon
Document mozilla -- multiple vulnerabilities.
|
Thursday, 14 Sep 2006
|
14:26 remko
In the PHP entry, replace mod-php with mod_php [1].
Rewrite the win32-codecs entry to even better explain the vulnerability [2].
Noticed by: Dan Langille (with FreshPorts.org) [1]
Discussed with: simon [2]
|
11:31 remko
Try to explain a bit better that users who have the Quicktime plugin
as a browser plugin can be directly affected by the remote code
execution.
Also mention that I changed the entry date in the previous entry
(PHP) which I had forgotten to do yesterday and did not mention
in the previous commit.
|
11:03 remko
Document win32-codecs -- multiple vulnerabilities
|
Wednesday, 13 Sep 2006
|
22:07 remko
Attempt two:
Document php -- multiple vulnerabilities
|
22:01 remko
OK, I do not know WHAT went wrong but it went wrong, revert to the old
situation and i will re-adopt the PHP entry.
|
21:53 remko
Document php -- multiple vulnerabilities
|
18:39 novel
Cancel latest gnutls entry (GNUTLS-SA-2006-3) - it is a false alarm:
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001208.html
|
18:03 brooks
Upgrade drupal-pubcookie to the latest version fixing a security hole
allowing anyone to bypass the authenication system and become an
arbitrary drupal user.
Security: vid:c0fd7890-4346-11db-89cc-000ae42e9b93
|
15:17 novel
Style neats for the latest gnutls entry.
Reviewed by: remko
|
Tuesday, 12 Sep 2006
|
20:48 remko
correct the tomcat entry (change the ,5 to _5 since we talk about PORTREVISION
instead of PORTEPOCH) [1]
correct the jdk -- jar directory traversal vulnerability entry, the
FreeBSD Foundation uses different package names [2], [3].
For both entries the modification date was bumped.
Reported by: Gabor Kovesdan (on #bsdports) [1]
David Robillard <david dot robillard at gmail dot com>
[2]
Tim Zingelman <zingelman at fnal dot gov>
|
20:31 simon
Document linux-flashplugin7 -- arbitrary code execution vulnerabilities.
|
Monday, 11 Sep 2006
|
13:02 lawrance
Mark jakarta-tomcat5 as fixed since 5.0.30,5 regarding minor XSS issue.
|
Sunday, 10 Sep 2006
|
17:50 novel
Add an info about GNUTLS-SA-2006-3.
|
Monday, 4 Sep 2006
|
14:59 mnag
- mailman -- Multiple Vulnerabilities
|
Sunday, 3 Sep 2006
|
14:24 garga
Bump modification date for last jabber entry change
Noted by: remko
|
12:51 garga
Fix jabber entry
|
Saturday, 2 Sep 2006
|
19:47 remko
Document hlstats -- multiple cross site scripting vulnerabilities.
|
19:27 remko
Document gtetrinet -- remote code execution
|
18:32 remko
Bump modified date in the entry changed by garga.
Forgotten by: garga
|
17:14 garga
net-im/jabber -- Mark the correct versions with fd_set vulnerability, author
fixed the problem on trunk and 2 new releases (1.4.3.1 and 1.4.4.1) is comming
soon
|
Wednesday, 30 Aug 2006
|
18:14 remko
Update the latest FreeBSD-SA entry, ppp got replaced by sppp.
Also implement a suggestion from Simon, mark all versions before
the latest version vulnerable.
|
12:32 remko
Document joomla -- multiple vulnerabilities
Note that I only documented the high level
threats, there are several others which can
be found at the link provided [1]
Reference: http://www.joomla.org/content/view/1841/78/ [1]
|
Wednesday, 23 Aug 2006
|
23:09 remko
Document FreeBSD-SA-06:18.ppp
|
Sunday, 20 Aug 2006
|
10:40 remko
Minor whitespace cleanup (we need a blank line every after </entry>
so that we can easily see the different entries).
|
Friday, 18 Aug 2006
|
02:31 shaun
- Add imp to the previous entry.
- Add some SecurityFocus BIDs too.
|
Thursday, 17 Aug 2006
|
22:54 shaun
Document horde -- Phishing and Cross-Site Scripting Vulnerabilities.
|
Tuesday, 15 Aug 2006
|
21:26 remko
Convert 8 spaces to tab as per the FDP for the latest
entry.
|
21:09 brooks
Add entry for globus tmpfile creation bugs.
|
20:07 brueffer
The lang/f2c port has been updated, update affected versions.
Reviewed by: simon
|
Sunday, 13 Aug 2006
|
20:33 remko
Document x11vnc -- authentication bypass vulnerability.
The 1.1111th commit, yay.
|
19:28 remko
Document alsaplayer -- multiple vulnerabilities.
|
16:44 remko
Document postgresql -- encoding based SQL injection.
Reported by: Radim Kolar <hsn at netmag dot cz>
|
15:33 remko
Bump modified date in the older entry I just corrected.
Spotted by: simon (again)
|
15:25 remko
Document postgresql -- multiple vulnerabilities.
These are all older vulnerabilities which had not yet been documented
by the Security Team.
Also fix a minor mistake in an older PostgreSQL entry.
|
14:14 remko
Fix the discovery date in the latest MySQL entry.
Spotted by: simon
|
13:40 remko
Document mysql -- format string vulnerability.
|
Saturday, 12 Aug 2006
|
19:44 remko
OK after some more discussions with Simon it appeared that the ,2
marked all future releases of squirrelmail as vulnerable.
The negative side-effect of PORTEPOCH. Split the previous entry
into two seperated entries again, restoring the old entry for
squirrelmail, and having the 'new' entry for ja-squirrelmail.
This would grab any future versions of ja-squirrelmail if it were
to be readded, and does not conflict with future versions of
squirrelmail.
For more information about the portepoch discussion etc:
http://lists.freebsd.org/pipermail/freebsd-vuxml/2006-July/000185.html
|
18:36 remko
Simon provided me with the necessary clue to mark the appropriate ports
as vulnerable. I was soo close..
|
17:10 remko
Document squirrelmail -- random variable overwrite vulnerability.
Note that I marked all ja-squirrelmail entries as vulnerable, it
does no longer exist on it's own and the portepoch is giving me
matching problems.
|
Thursday, 10 Aug 2006
|
21:06 simon
Document rubygem-rails -- evaluation of ruby code.
Submitted by: Marius Nuennerich <marius.nuennerich@gmx.net>
|
Tuesday, 8 Aug 2006
|
20:01 simon
Add CVE name to recent ClamAV entry.
|
14:46 garga
Document clamav and clamav-devel vulnerability
Reviewed by: secteam (mnag)
|
14:03 mnag
- Fix discovery date in latest entry
- Remove extra "." in latest entry
|
Wednesday, 2 Aug 2006
|
22:24 brooks
Update drupal to 4.6.9 to fix yet another XSS vulnerability.
Security: vuxml vid c905298c-2274-11db-896e-000ae42e9b93
|
01:40 kuriyama
Add recent gnupg issue.
|
Sunday, 30 Jul 2006
|
14:07 remko
We are not affected by: CAN-2005-0018 in the
f2c entry (43cb40b3-c8c2-11da-a672-000e0c2e438a). We do not have
the shellscript, and it is not installed.
Reported by: thierry
|
13:58 simon
Unbreak latest ruby entry by adding missing </lt>.
|
13:32 simon
Run make tidy to clean up some style issues.
|
09:58 sem
- The last vulnerabilities was fixed in ruby18 port
|
Saturday, 29 Jul 2006
|
20:58 remko
OK, I misunderstood Simon with this one. The <gt>1.8.*</gt> entry
should have stayed and I interpreted that wrong.
Pointyhat: remko
|
20:40 remko
Fix my previous version commit. The two entries matched twice when you
have ruby installed. You learn something new everyday...
Noticed/discussed with: simon
|
17:41 remko
Mark all 1.6 and 1.8 versions as vulnerable, we do not have a fix
yet and are unable to tell what the naming scheme will be with
those patches. We can narrow down the scope later, we should
not do so before we know the mentioned scheme.
Triggered by: sem
|
16:54 remko
Add a BID to the latest vuxml entry.
Some minor changes to the markup of the entry.
|
16:34 shaun
- Document Ruby vulnerability. [1]
- Fix URL in previous mutt entry while here.
Reported by: Joel Hatton via freebsd-ports [1]
|
12:48 simon
Add linux-thunderbird to mozilla -- multiple vulnerabilities entry.
Prodded by: sat
|
Friday, 28 Jul 2006
|
21:59 simon
Document apache -- mod_rewrite ldap buffer overflow vulnerability.
Thanks to remko for doing initial list of apache package names in an
earlier VuXML entry.
|
Thursday, 27 Jul 2006
|
23:51 simon
Fix error in latest mozilla entry which marked all firefox version as
vulnerable.
Reported by: Craig Leres
|
13:59 simon
Document mozilla -- multiple vulnerabilities.
Note I assume that linux-firefox-devel 3.0.a2006.07.26 is fixed, I
haven't actually checked (way to many issues to check for).
|
Friday, 14 Jul 2006
|
11:03 garga
Add "zope -- information disclosure vulnerability" entry
Reviewed by: simon
|
10:57 simon
For latest drupal entry:
- Unbreak vuln.xml format by adding content to the references section.
- Remove vulnerabilities already documented in
40a0185f-ec32-11da-be02-000c6ec775d9.
|
Thursday, 13 Jul 2006
|
16:19 brooks
Add entry for drupal issues.
|
Tuesday, 11 Jul 2006
|
13:23 erwin
Add shoutcast crosssite scripting.
Submitted by: gabor
Reviewed by: simon
|
12:24 simon
Cancel VID 0a4cd819-0291-11db-bbf7-000c6ec775d9 / opera -- JPEG
processing integer overflow vulnerability, since it turns out that the
issue does not affect the FreeBSD or Linux versions of Opera.
Source: http://www.opera.com/support/search/supsearch.dml?index=834
|
11:23 simon
Correct dates in latest mambo entry by resetting entry date and adding
a modified date.
OK'ed by: itetcu
|
11:04 itetcu
Bump modified date for previous commit.
Requested by: simon
|
10:19 itetcu
The two two SQL injection vulnerabilities in Mambo described in
vid f70d09cb-0c46-11db-aac7-000c6ec775d9 are fixed in 4.5.4
PR: ports/100044
Submited by: maintainer
|
Monday, 10 Jul 2006
|
22:59 simon
Fix markup breakage that slipped in just before commit of the latest
samba entry.
|
22:38 simon
Document samba -- memory exhaustion DoS in smbd.
|
11:48 simon
- For the latest trac entry include information from the release
announcements about setups which are not affected. To avoid having
to reference two documents simply reference the release notes for
all the information (it's basically the same as the changelog with
slightly different wording).
- Add a modified date tag.
|
Number of commits found: 6271 (showing only 100 on this page) |