mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-06 06:30:19 +00:00
Code Issues Releases Activity
141,645 Commits 46 Branches 101 Tags 3.4 GiB
06ec1a40ad
Commit Graph

929 Commits

Author SHA1 Message Date
Remko Lodder
7f39f465ee Correct a little typo. 2006-01-02 18:32:19 +00:00
Remko Lodder
ba2e705394 Document apache -- mod_imap cross-site scripting flaw. 
I expanded the diff from the PR a bit to denote other
affected apache ports as well.  Therefor mistakes in
that should be redirected to me.

Also bump the copyright year for the vuxml file.

PR:			ports/91157 (based on)
Submitted by:		KOMATSU Shinichiro <koma2 at lovepeers dot org>
 2006-01-01 21:40:15 +00:00
Hiroki Sato
ed868573b5 Fix the affected versions of 9b4facec-6761-11da-99f6-00123ffe8333. 
PR:		ports/91156
Submitted by:	KOMATSU Shinichiro (koma2 at lovepeers dot org)
 2006-01-01 09:03:31 +00:00
Simon L. B. Nielsen
148232b94b Add missing "</package>" tag from rev. 1.917, which caused the file to 
be invalid XML and in turn caused the portaudit database to be only
partially built.

Bump modification date of all entries which had modification date on
the 23'rd to make sure VuXML consumers catch the updates.

Portaudit problem reported by:	Peter Vohmann
Pointy hat to:			lev
 2005-12-25 22:23:51 +00:00
Lev A. Serebryakov
1c38ba0f8a russian/apache13 and russian/apache13-modssl were updated and new version doesn't 
contain any known vulnerabilities.
 2005-12-23 13:33:26 +00:00
Simon L. B. Nielsen
07c857289d Bump modification date for entries touched by last commit. 2005-12-23 12:10:21 +00:00
Remko Lodder
b8bdbc097e Update the phpSysInfo entries, PR ports/90849 will solve the documented 
issues.

Requested by:		Babak Farrokhi <babak at farrokhi dot net>
 2005-12-23 11:47:23 +00:00
Remko Lodder
089f400b2f Fix another typo in my nbd entry. 
Spotted by:		Linus Nordberg <linus at nordberg dot se>
 2005-12-23 10:29:49 +00:00
Remko Lodder
2560e63b03 Correct a typo. 
Submitted by:		Linus Nordberg <linus at nordberg dot se>
 2005-12-22 21:25:07 +00:00
Remko Lodder
c3647ba89e Update the affected range. 
Prodded by:	erwin
 2005-12-22 21:08:08 +00:00
Remko Lodder
a573c0bbf8 : 2005-12-22 21:05:31 +00:00
Renato Botelho
f2e0663da9 - Register scponly-4.1 vulnerabilities 
PR:		ports/90813
Submitted by:	maintainer
Security:	https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
 2005-12-22 16:25:09 +00:00
Remko Lodder
9467f6bd7a Correct the recent horde entries as per the FDP 
(made the entries max 72 chars wide).
 2005-12-22 15:49:31 +00:00
Simon Barner
b218a8d221 Document fetchmail vulnerability: 
http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt (CVE-2005-4348)

Reviewed by:	secteam (simon@)
 2005-12-19 15:14:33 +00:00
Remko Lodder
77eaeee548 Document the following mantis vulnerabilities: 
o "t_core_path" file inclusion vulnerability
o "view_filters_page.php" cross-site scripting vulnerability
 2005-12-14 21:51:50 +00:00
Thierry Thomas
ebe3cc4d05 - Add entries for several XSS vulnerabilities in Horde, Kronolith, Nag 
Turba and Mnemo;

- Fix a typo in the previous Horde entry.
 2005-12-11 21:41:22 +00:00
Marcus Alves Grando
03872f0906 Add curl -- URL buffer overflow vulnerability 
Reviewed by:	simon
 2005-12-09 12:24:21 +00:00
Marcus Alves Grando
4bcaccddbe Add phpmyadmin -- register_globals emulation "import_blacklist" manipulation 
Add phpmyadmin -- XSS vulnerabilities
 2005-12-07 21:59:01 +00:00
Marcus Alves Grando
feadf43eb5 Add ffmpeg -- libavcodec buffer overflow vulnerability 
Reviewed by:	simon
 2005-12-07 11:53:07 +00:00
Marcus Alves Grando
a5c05ad2ac Add trac -- search module SQL injection vulnerability 
Reviewed by:	simon
 2005-12-07 11:34:33 +00:00
Marcus Alves Grando
662164b1da Add drupal -- multiple vulnerabilities 
Reviewed by:	simon
 2005-12-01 16:08:47 +00:00
Simon L. B. Nielsen
0e1765d248 Document opera -- multiple vulnerabilities. 2005-11-30 20:55:36 +00:00
Simon L. B. Nielsen
43403b4c69 Document opera -- command line URL shell command injection. 2005-11-30 20:35:51 +00:00
Marcus Alves Grando
8d8572161c Add entry to www/mambo 
Reviewed by:	simon
 2005-11-30 13:41:53 +00:00
Simon L. B. Nielsen
4bfdd6f32b Backup rev 1.9 which should not have been committed since it was just my 
local hack.

Note to self: Do not commit before having at least two cups of coffee.

Pointy hat to:	simon
 2005-11-29 08:46:13 +00:00
Simon L. B. Nielsen
f7f50cf4a0 Mark flyspar 0.9.8 as fixed wrt. "flyspray -- cross-site scripting 
vulnerabilities" since our port version of 0.9.8 includes update1 which
fixes the issue.

Reported by:	Volodymyr Kostyrko via pav
 2005-11-29 08:41:51 +00:00
Marcus Alves Grando
1213510c44 Change topic zope28 to zope (www/zope affected too) 
Add <cvename> to zope entry
Change CAN-XXXX-XXXX to CVE-XXXX-XXXX

Reviewed by:	simon
 2005-11-28 15:37:03 +00:00
Hiroki Sato
ceed13510d Security fix: several shell scripts included in the Ghostscript package 
allow local users to overwrite files via a symlink attack on temporary
files.

Security: CAN-2004-0967
 2005-11-27 17:57:19 +00:00
Remko Lodder
0f2ad8777c Standarize the horde -- Cross site scripting vulnerabilities in MIME 
viewers entry as per the FDP-primer and the vuxml layout (topic).

Also correct the qpopper vulnerability to match 4.0 and above since
the 2.x range is listed as affected at the moment but has an entirely
different base.  After checking it appears that the information all
point to >= 4.0. [1]

Noticed by:	ache [1]
 2005-11-26 10:54:21 +00:00
Thierry Thomas
2a2d2becd1 Add an entry for cross site scripting vulnerabilities in Horde's MIME 
viewers.
 2005-11-22 19:56:53 +00:00
Marcus Alves Grando
96a2aa8bd7 phpmyadmin -- HTTP Response Splitting vulnerability 
Reviewed by:	simon
 2005-11-16 14:17:43 +00:00
Simon L. B. Nielsen
13c002e952 Add CVE name to an old sudo entry. 2005-11-14 16:57:25 +00:00
Simon L. B. Nielsen
a8e0909706 Update latest phpSysInfo entry to reflect that 2.4 was in fact not fixed 
(or rather, had an incorrect "fix").

Reported by:	Christopher Kunz (advisory author)
Security:	http://www.hardened-php.net/advisory_222005.81.html
 2005-11-14 08:45:08 +00:00
Sergey Matveychuk
49a81eebfa - Micromedia -> Macromedia 
- Standard FDP primer documentation rules apply
- Two dots fixed

Noted by:	remko
 2005-11-13 21:39:56 +00:00
Sergey Matveychuk
5e8e8dd93a - Document phpSysInfo vulnerability 2005-11-13 21:21:16 +00:00
Sergey Matveychuk
0f9a54454c - Document flashplugin vulnerability 2005-11-13 20:59:46 +00:00
Sergey Matveychuk
64ba4504f8 - Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports) 
- Document flyspray cross-site scripting vulnerabilities
 2005-11-10 11:09:55 +00:00
Remko Lodder
b7b4aa1a89 Update the recent gallery2 and webcalendar entries: 
o Add a better topic (description)
o Reword the webcalendar entry to have some more usefull data
o Add references (bid's and CVE names).
 2005-11-08 17:34:39 +00:00
Remko Lodder
a4156d4fb4 Document qpopper -- multiple privilege escalation vulnerabilities. 
Note that the current version is not affected anymore.
 2005-11-07 20:44:06 +00:00
Sergey Matveychuk
3a95aa3424 - Add missed </p> tag [1] 
- Modify 594eb447-e398-11d9-a8bd-000cf18bbe54 entry:
  ruby 1.6.x is not affected this vulnerability,
  it have no XMLRPC support.

Pointy hat to:	simon [1]
 2005-11-06 17:28:04 +00:00
Simon L. B. Nielsen
e878b5dcc2 Add a bit more info from the PEAR advisory about the vulnerability to 
make the scope of the vulnerability a bit more clear.

Disussed with:	thierry
 2005-11-04 22:49:33 +00:00
Simon L. B. Nielsen
fc7d9d38e2 The two latest OpenVPN vulnerabilities were both only for 2.0 and 
newer, so mark the correctly as such.

Submitted by:	Matthias Andree <matthias.andree@gmx.de>
 2005-11-04 22:35:05 +00:00
Thierry Thomas
6908b8e306 Add an entry for pear-PEAR arbitrary code execution vulnerability. 2005-11-04 21:23:28 +00:00
Simon L. B. Nielsen
20415e3666 Correct skype entry to match the correct fixed port version number. 
Noted by:	Stefan Lambrev, cheffo FreeBSD-BG org
 2005-11-02 10:16:50 +00:00
Simon L. B. Nielsen
74bda32714 Document two OpenVPN vulnerabilities. 
Submitted by:	Matthias Andree <matthias.andree@gmx.de>
 2005-11-01 22:49:20 +00:00
Christian Weisgerber
043bec08e1 As Peter Jeremy points out, the recent lynx vulnerability also concerns 
lynx-ssl.
 2005-11-01 21:39:24 +00:00
Sergey Matveychuk
ba5c859849 - Document skype vulnerabilities 
- Document PHP vulnerabilities
- Convert first letters in titles from upcase to lowercase
  in my last additions.
 2005-11-01 09:33:40 +00:00
Sergey Matveychuk
4b4f27f030 - Document CVE-2005-3258: 
Squid FTP Server Response Handling Denial of Service
 2005-11-01 08:44:36 +00:00
Sergey Matveychuk
0cfd8b1054 - Document a BASE Basic Analysis and Security Engine vulnerability 2005-10-31 19:03:12 +00:00
Simon L. B. Nielsen
d25bb42000 Back out the accidentally committed white-space modification parts of 
rev.  1.869, but keep the lynx entry.

Pointy hat to:	naddy
OK'ed by:	naddy
 2005-10-31 18:02:10 +00:00