| non port: security/vuxml/vuln.xml |
Number of commits found: 6271 (showing only 100 on this page) |
|
Tuesday, 2 Apr 2019
|
07:58 brnrd 
security/vuxml: Document Apache httpd vulnerabilities
  |
|
Monday, 1 Apr 2019
|
19:29 danilo
- Document sysutils/kubectl CVE-2019-1002101
|
|
Sunday, 31 Mar 2019
|
13:50 dbaio
security/vuxml: Document irc/znc issue
Security: CVE-2019-9917
|
|
Friday, 29 Mar 2019
|
16:36 sunpoet
Document py-notebook vulnerability
|
14:17 sunpoet
Update openjpeg status
|
|
Thursday, 28 Mar 2019
|
12:21 ler
vuxml: Document mail/dovecot buffer overflow.
|
08:26 joneum
Add modified line for drupal after r496987
Sponsored by: Netzkommune GmbH
|
|
Wednesday, 27 Mar 2019
|
21:51 acm
- Update 94d63fd7-508b-11e9-9ba0-4c72b94353b5 entry
|
19:23 sunpoet
Update Python vulnerability (d74371d2-4fee-11e9-a5cd-1df8a848de3d)
|
17:44 joneum
Add entry for www/drupal7
Sponsored by: Netzkommune GmbH
|
|
Tuesday, 26 Mar 2019
|
18:12 sunpoet
Document Python vulnerability
|
|
Friday, 22 Mar 2019
|
04:08 zeising
Update the libXdmcp entry to make it clearer.
|
|
Thursday, 21 Mar 2019
|
09:36 joneum
Add entry for wordpress
Sponsored by: Netzkommune GmbH
|
08:15 mfechner
Documented gitlab vulnerability.
|
02:03 zeising
Add entry for x11/libXdmcp vulnerabilty.
Add entry for x11/libXdmcp vulnerabilty, insufficient entripy generating
session keys. It is unknown if this actually affects FreeBSD.
Security: CVE-2017-2625
|
|
Wednesday, 20 Mar 2019
|
14:04 mfechner
Documented security vulnerability for gitlab < 11.8.2.
|
11:30 joneum
Add entry for www/gitea
PR: 236563
|
|
Tuesday, 19 Mar 2019
|
20:22 jbeich
security/vuxml: mark firefox < 66 as vulnerable
|
14:51 swills
Document PowerDNS issue
PR: 236634
Reported by: Dani <i.dani@outlook.com>
|
|
Monday, 18 Mar 2019
|
18:25 sunpoet
Document Rails vulnerability
|
|
Sunday, 17 Mar 2019
|
14:16 mandree
Record PuTTY security vulnerabilities in versions before 0.71.
|
|
Saturday, 16 Mar 2019
|
23:23 sunpoet
Document py-notebook vulnerability
|
|
Friday, 15 Mar 2019
|
21:42 sunpoet
Document ruby-gems vulnerability
|
|
Tuesday, 12 Mar 2019
|
06:14 riggs
Document CVE fixes in libsndfile-1.0.28_2
PR: 227669
Reported by: p5B2E9A8F@t-online.de
|
|
Friday, 8 Mar 2019
|
02:26 cy
Fill in the actual URL for March 2019 ntp-4.2.8p13 NTP Release and
Security Vulnerability Announcement
|
|
Thursday, 7 Mar 2019
|
19:33 brnrd
security/vuxml: Document OpenSSL 1.1.1 vulnerability
|
13:32 cy
Document crafted ull dereference ntp attack.
Security: CVE-2019-8936
Obtained from: nwtime.org
|
|
Wednesday, 6 Mar 2019
|
19:56 kai
security/vuxml: Document shells/rssh < 2.3.4_2 vulnerabilities
PR: 235121
Approved by: tcberner (mentor)
Differential Revision: https://reviews.freebsd.org/D19473
|
07:31 matthew
Document a jQuery related XSS security fix in rt4.4.4 and rt4.2.16
Note: the release notes also mention 3 other security issues in perl
modules depended on by these packages. Of those, vulnerabilities in
the Email::Address and Email::Address::List perl modules have already
been addressed in their respective ports, while the third: HTML::Gumbo
is not currently in the ports at all.
|
|
Tuesday, 5 Mar 2019
|
15:00 0mp
Document a slixmpp < 1.4.1 vulnerability
Reviewed by: krion, mat
Approved by: krion (mentor), mat (mentor)
MFH: 2019Q1
|
10:23 mfechner
Doucumented several www/gitlab-ce security vulnerabilities.
|
06:20 tobik
Document www/py-gunicorn vulnerability
|
|
Monday, 4 Mar 2019
|
10:54 joneum
Update mybb entry
Sponsored by: Netzkommune GmbH
|
|
Sunday, 3 Mar 2019
|
00:03 bhughes
security/vuxml: document Node.js February 2019 Security Releases
https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/
Sponsored by: Miles AS
|
|
Saturday, 2 Mar 2019
|
10:29 joneum
Document vulnerability in www/mybb
Sponsored by: Netzkommune GmbH
|
|
Friday, 1 Mar 2019
|
08:57 madpilot
Document new asterisk vulnerability.
Security: CVE-2019-7251
|
|
Wednesday, 27 Feb 2019
|
07:33 brnrd
security/vuxml: Update OpenSSL 1.0.2r entry
|
|
Sunday, 24 Feb 2019
|
19:59 kwm
Document webkit-gtk CVE's
Security: CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, \
CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, \
CVE-2019-6234.
|
|
Friday, 22 Feb 2019
|
17:58 pi
security/vuxml: dokument rdesktop < 1.8.4 vulnerabilities
PR: 235885, 229029
|
|
Thursday, 21 Feb 2019
|
19:49 romain
Document sysutils/puppetserver* vulnerabilities.
PuppetServer bundles Bouncy Castle, so add affected ports to the Bouncy Castle
entry.
sysutils/puppetserver is EOL and will likely never get a fix;
sysutils/puppetserver5 may get fixed in a future release of the 5.x branch;
sysutils/puppetserver6 was fixed in the latest release.
With hat: puppet
|
14:45 acm
- Add drupal8 vulnerability entry
|
|
Wednesday, 20 Feb 2019
|
10:13 brnrd
security/vuxml: Document announced OpenSSL vulnerability
- To be updated with more specifics on 2019-02-26
|
|
Friday, 15 Feb 2019
|
15:06 novel
Document mail/msmtp certificate verification issue
|
|
Wednesday, 13 Feb 2019
|
11:27 cmt
fix firefox-esr PORTEPOCH in latest entry
Submitted by: jbeich
|
11:09 cmt
add more mozilla products to latest entry
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
(same CVEs as mfsa2019-04, so not creating another entry)
|
09:57 cmt
document firefox vulnerabilities
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/
|
|
Tuesday, 12 Feb 2019
|
15:39 jkim
Document the latest Flash Player vulnerability.
https://helpx.adobe.com/security/products/flash-player/apsb19-06.html
|
|
Monday, 11 Feb 2019
|
19:11 sunpoet
Fix r492723 for the name of NVD report
|
18:59 sunpoet
Update openjpeg status
There were 5 vulnerabilities in openjpeg and 4 of them are fixed.
The current status is described in [1] as follows:
- CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.
- CVE-2018-5785 was fixed in r480624.
- CVE-2018-6616 was fixed in r489415.
- CVE-2018-5727 is not fixed yet.
Though I keep committing fixes and updating the status, it does not show in the
"pkg audit" result. Users have to follow the link but apparently few people
would do that. Therefore, I got mails asking if the CVEs are fixed, etc.
I don't know if there's a better way to handle this condition (partly fixed over
several months). Instead of removing fixed CVEs from vuln.xml, I decided to add
a new entry (5efd7a93-2dfb-11e9-9549-e980e869c2e9) which is split from the old
entry (11dc3890-0e64-11e8-99b0-d017c2987f9a). It should be clearer for users if
they only read the "pkg audit" result.
[1] https://www.vuxml.org/freebsd/11dc3890-0e64-11e8-99b0-d017c2987f9a.html
|
00:11 feld
Document FreeBSD-SA-19:02.fd
|
00:10 feld
Document FreeBSD-SA-19:01.syscall
|
|
Sunday, 10 Feb 2019
|
18:02 tcberner
Document kf5-kauth vulnerability.
|
|
Friday, 8 Feb 2019
|
01:12 osa
Update versions range for recent unit vulnerability.
|
01:04 osa
Document unit vulnerability.
|
|
Thursday, 7 Feb 2019
|
23:14 sunpoet
Document curl vulnerability
|
|
Wednesday, 6 Feb 2019
|
09:10 mfechner
Document gitlab-ce vulnerability.
|
|
Tuesday, 5 Feb 2019
|
14:52 ler
mail/dovecot: update reporter for latest vuln
|
14:39 ler
mail/dovecot: Suitable client certificate can be used to login as other user
update vuxml
|
|
Saturday, 2 Feb 2019
|
21:55 sunpoet
Document typo3 vulnerability
PR: 235187, 235188
|
01:26 jrm
security/vuxml: Document Gitea < 1.7.1 vulnerabilities
PR: 235399
Submitted by: stb@lassitu.de (www/gitea maintainer)
|
|
Thursday, 31 Jan 2019
|
19:36 matthew
Document vulnerability addressed by release 0.06 of p5-Email-Address-List
Unfortunately there is very little real description of the
vulnerability available, other than what is in the changelog. Even
the CVE number only leads to a page saying the number is reserved.
|
17:42 mfechner
Documented multiple vulnerabilities for www/gitlab-ce.
|
|
Wednesday, 30 Jan 2019
|
11:37 bhughes
security/vuxml: document vulnerabilities in net/turnserver
Sponsored by: Miles AS
|
|
Tuesday, 29 Jan 2019
|
17:18 jbeich
security/vuxml: mark firefox < 65 as vulnerable
|
|
Monday, 28 Jan 2019
|
16:53 swills
Document powerdns-recursor issue
PR: 235113
Submitted by: Ralf van der Enden <tremere@cainites.net>
|
|
Sunday, 27 Jan 2019
|
19:58 sunpoet
Update py-requests entry
Reference: https://lists.freebsd.org/pipermail/svn-ports-head/2019-January/198601.html
|
15:14 brnrd
security/vuxml: Document recent MySQL vulnerabilities
- 5.5 branch see https://mariadb.com/kb/en/library/mariadb-5563-release-notes/
|
09:58 tcberner
security/vuxml: Document security/botan2 vulnerability
PR: 234938
Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer)
|
09:19 matthew
Document PMASA-2019-1 and PMSA-2019-2 security advisories: Arbitrary
file disclosure and SQL injection attacks.
|
|
Saturday, 26 Jan 2019
|
10:54 joneum
Add entry for www/gitea
PR: 235140
Sponsored by: Netzkommune GmbH
|
09:49 koobs
security/vuxml: Add libzmq4 -- Remote Code Execution Vulnerability
PR: 230575
|
|
Wednesday, 23 Jan 2019
|
15:10 zi
Fix invalid package name in previous commit for
4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2
|
14:37 joneum
Add entry for www/apache24
Sponsored by: Netzkommune GmbH
|
12:48 lev
Add CVE-2018-11803 for www/mod_dav_svn.
|
|
Tuesday, 22 Jan 2019
|
12:32 gjb
Attempt to fix vuxml build.
Sponsored by: The FreeBSD Foundation
|
10:44 koobs
security/vuxml: Add www/py-requests: Information disclosure vulnerability
|
|
Sunday, 20 Jan 2019
|
01:05 ler
security/vuxml: Document joomla 3 vulnerabilities.
|
|
Saturday, 19 Jan 2019
|
20:37 acm
- Add drupal7 and drupal8 vulnerability entry
|
|
Friday, 18 Jan 2019
|
22:39 danilo
Document helm security advisory
|
|
Thursday, 17 Jan 2019
|
00:14 mfechner
Documented gitlab security vulnerability.
|
|
Wednesday, 16 Jan 2019
|
17:43 lwhsu
Document Jenkins Security Advisory 2019-01-16
Sponsored by: The FreeBSD Foundation
|
|
Tuesday, 15 Jan 2019
|
12:20 swills
Document py-matrix-synapse issue
PR: 234828
Submitted by: Sascha Biberhofer <ports@skyforge.at> (with slight editing)
|
|
Thursday, 10 Jan 2019
|
18:59 dbaio
security/vuxml: Document irc/irssi issue
Security: CVE-2019-5882
PR: 234798
|
|
Sunday, 6 Jan 2019
|
19:30 riggs
Document out-of-bounds vulnerability in net/uriparser < 0.9.1
Reported by: sebastian@pipping.org (via e-mail)
|
16:55 swills
Document gitea issue
PR: 234659
Submitted by: stb@lassitu.de
|
|
Saturday, 5 Jan 2019
|
23:00 sunpoet
Update openjpeg status
|
13:20 cpm
Document new vulnerability in www/chromium < 71.0.3578.98
Obtained
from: https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html
|
13:10 cpm
Document new vulnerabilities in www/chromium < 71.0.3578.80
Obtained
from: https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
|
08:09 wen
- Documented security vulnerability of Django
|
|
Wednesday, 2 Jan 2019
|
09:03 mfechner
Documented several gitlab-ce security vulnerabilities.
Approved by: mentors (implicit)
|
|
Wednesday, 26 Dec 2018
|
21:05 swills
Document gitea issue
|
16:09 rodrigo
Add entry for archivers/rpm4 security isssue on 4.14.2
|
16:04 tijl
Update handbrake entries now that 1.2.0 has been released.
PR: 234322
Submitted by: Nei Teng You Yi Lang <naito.yuichiro@gmail.com> (maintainer)
|
|
Saturday, 22 Dec 2018
|
07:42 mfechner
Documented security vulnerability for gitlab-ce.
Approved by: mentors (implicit)
|
|
Thursday, 20 Dec 2018
|
14:50 girgen
Add vuxml entry for shibboleth-sp
|
09:38 dch
Document databases/couchdb2 and databases/couchdb vulnerability
Approved by: jrm (mentor)
Security: CVE-2018-17188
Security: see http://docs.couchdb.org/en/stable/cve/2018-17188.html
Differential Revision: https://reviews.freebsd.org/D18498
|
01:15 leres
Mark bro < 2.6.1 as vulnerable as per:
https://www.bro.org/download/NEWS.bro.html
The issue is a remote code execution vulnerability in the bundled
sqlite ("Magellan").
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D18615
|
|
Wednesday, 19 Dec 2018
|
21:15 feld
Document FreeBSD-SA-18:15.bootpd
|
|
Saturday, 15 Dec 2018
|
15:03 joneum
Document wordpress issues
Sponsored by: Netzkommune GmbH
|
|
Friday, 14 Dec 2018
|
13:29 tijl
HTML encode < and > and fix the formatting of the latest typo3 entry.
|
Number of commits found: 6271 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.