mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-23 09:10:43 +00:00
Code Issues Releases Activity
139,351 Commits 46 Branches 101 Tags 3.4 GiB
43403b4c69
Commit Graph

907 Commits

Author SHA1 Message Date
Simon L. B. Nielsen
43403b4c69 Document opera -- command line URL shell command injection. 2005-11-30 20:35:51 +00:00
Marcus Alves Grando
8d8572161c Add entry to www/mambo 
Reviewed by:	simon
 2005-11-30 13:41:53 +00:00
Simon L. B. Nielsen
4bfdd6f32b Backup rev 1.9 which should not have been committed since it was just my 
local hack.

Note to self: Do not commit before having at least two cups of coffee.

Pointy hat to:	simon
 2005-11-29 08:46:13 +00:00
Simon L. B. Nielsen
f7f50cf4a0 Mark flyspar 0.9.8 as fixed wrt. "flyspray -- cross-site scripting 
vulnerabilities" since our port version of 0.9.8 includes update1 which
fixes the issue.

Reported by:	Volodymyr Kostyrko via pav
 2005-11-29 08:41:51 +00:00
Marcus Alves Grando
1213510c44 Change topic zope28 to zope (www/zope affected too) 
Add <cvename> to zope entry
Change CAN-XXXX-XXXX to CVE-XXXX-XXXX

Reviewed by:	simon
 2005-11-28 15:37:03 +00:00
Hiroki Sato
ceed13510d Security fix: several shell scripts included in the Ghostscript package 
allow local users to overwrite files via a symlink attack on temporary
files.

Security: CAN-2004-0967
 2005-11-27 17:57:19 +00:00
Remko Lodder
0f2ad8777c Standarize the horde -- Cross site scripting vulnerabilities in MIME 
viewers entry as per the FDP-primer and the vuxml layout (topic).

Also correct the qpopper vulnerability to match 4.0 and above since
the 2.x range is listed as affected at the moment but has an entirely
different base.  After checking it appears that the information all
point to >= 4.0. [1]

Noticed by:	ache [1]
 2005-11-26 10:54:21 +00:00
Thierry Thomas
2a2d2becd1 Add an entry for cross site scripting vulnerabilities in Horde's MIME 
viewers.
 2005-11-22 19:56:53 +00:00
Marcus Alves Grando
96a2aa8bd7 phpmyadmin -- HTTP Response Splitting vulnerability 
Reviewed by:	simon
 2005-11-16 14:17:43 +00:00
Simon L. B. Nielsen
13c002e952 Add CVE name to an old sudo entry. 2005-11-14 16:57:25 +00:00
Simon L. B. Nielsen
a8e0909706 Update latest phpSysInfo entry to reflect that 2.4 was in fact not fixed 
(or rather, had an incorrect "fix").

Reported by:	Christopher Kunz (advisory author)
Security:	http://www.hardened-php.net/advisory_222005.81.html
 2005-11-14 08:45:08 +00:00
Sergey Matveychuk
49a81eebfa - Micromedia -> Macromedia 
- Standard FDP primer documentation rules apply
- Two dots fixed

Noted by:	remko
 2005-11-13 21:39:56 +00:00
Sergey Matveychuk
5e8e8dd93a - Document phpSysInfo vulnerability 2005-11-13 21:21:16 +00:00
Sergey Matveychuk
0f9a54454c - Document flashplugin vulnerability 2005-11-13 20:59:46 +00:00
Sergey Matveychuk
64ba4504f8 - Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports) 
- Document flyspray cross-site scripting vulnerabilities
 2005-11-10 11:09:55 +00:00
Remko Lodder
b7b4aa1a89 Update the recent gallery2 and webcalendar entries: 
o Add a better topic (description)
o Reword the webcalendar entry to have some more usefull data
o Add references (bid's and CVE names).
 2005-11-08 17:34:39 +00:00
Remko Lodder
a4156d4fb4 Document qpopper -- multiple privilege escalation vulnerabilities. 
Note that the current version is not affected anymore.
 2005-11-07 20:44:06 +00:00
Sergey Matveychuk
3a95aa3424 - Add missed </p> tag [1] 
- Modify 594eb447-e398-11d9-a8bd-000cf18bbe54 entry:
  ruby 1.6.x is not affected this vulnerability,
  it have no XMLRPC support.

Pointy hat to:	simon [1]
 2005-11-06 17:28:04 +00:00
Simon L. B. Nielsen
e878b5dcc2 Add a bit more info from the PEAR advisory about the vulnerability to 
make the scope of the vulnerability a bit more clear.

Disussed with:	thierry
 2005-11-04 22:49:33 +00:00
Simon L. B. Nielsen
fc7d9d38e2 The two latest OpenVPN vulnerabilities were both only for 2.0 and 
newer, so mark the correctly as such.

Submitted by:	Matthias Andree <matthias.andree@gmx.de>
 2005-11-04 22:35:05 +00:00
Thierry Thomas
6908b8e306 Add an entry for pear-PEAR arbitrary code execution vulnerability. 2005-11-04 21:23:28 +00:00
Simon L. B. Nielsen
20415e3666 Correct skype entry to match the correct fixed port version number. 
Noted by:	Stefan Lambrev, cheffo FreeBSD-BG org
 2005-11-02 10:16:50 +00:00
Simon L. B. Nielsen
74bda32714 Document two OpenVPN vulnerabilities. 
Submitted by:	Matthias Andree <matthias.andree@gmx.de>
 2005-11-01 22:49:20 +00:00
Christian Weisgerber
043bec08e1 As Peter Jeremy points out, the recent lynx vulnerability also concerns 
lynx-ssl.
 2005-11-01 21:39:24 +00:00
Sergey Matveychuk
ba5c859849 - Document skype vulnerabilities 
- Document PHP vulnerabilities
- Convert first letters in titles from upcase to lowercase
  in my last additions.
 2005-11-01 09:33:40 +00:00
Sergey Matveychuk
4b4f27f030 - Document CVE-2005-3258: 
Squid FTP Server Response Handling Denial of Service
 2005-11-01 08:44:36 +00:00
Sergey Matveychuk
0cfd8b1054 - Document a BASE Basic Analysis and Security Engine vulnerability 2005-10-31 19:03:12 +00:00
Simon L. B. Nielsen
d25bb42000 Back out the accidentally committed white-space modification parts of 
rev.  1.869, but keep the lynx entry.

Pointy hat to:	naddy
OK'ed by:	naddy
 2005-10-31 18:02:10 +00:00
Simon Barner
7eefc00039 Add entry for "fetchmail -- fetchmailconf local password exposure", 
which was fixed with fetchmail-6.2.5.2_1 and above.
 2005-10-31 09:04:22 +00:00
Christian Weisgerber
9e143bac60 Document lynx remote buffer overflow in NNTP header handling. 2005-10-30 22:17:54 +00:00
Sergey Matveychuk
705fca86db - Fix a ruby vulnerabuility in the safe level settings. 
Based on:	ports/87816
Submitted by:	Phil Oleson <oz@nixil.net>

Security:	http://vuxml.FreeBSD.org/1daea60a-4719-11da-b5c6-0004614cc33d.html
 2005-10-27 19:40:25 +00:00
Simon L. B. Nielsen
c587ee6bfb Add more references to entry net-snmp -- remote DoS vulnerability. 2005-10-26 19:53:24 +00:00
Simon L. B. Nielsen
d8b39dfd0d - Mark linux-firefox 1.0.7 as fixed 
wrt. 8665ebb9-2237-11da-978e-0001020eed82 (Mozilla/firefox IDN buffer
  overflow) [1].
- Correct some of the the earlier linux-firefox entries to match
  versions before 1.0.7, not after (whoops)...

Prodded by:	Andrew P. <infofarmer@gmail.com> [1]
 2005-10-26 10:00:17 +00:00
Dejan Lesjak
228b1fb072 Add misc/compat5x to "openssl -- potential SSL 2.0 rollback". 
Reviewed by:	simon
 2005-10-25 19:52:37 +00:00
Simon L. B. Nielsen
c7a517bf2d Also mark xli as vulnerable to xloadimage -- buffer overflows in NIFF 
image title handling, and latest port version as fixed.

Reported by:	jkoshy
 2005-10-23 17:10:48 +00:00
Simon L. B. Nielsen
530688ac0c For entry libgadu -- multiple vulnerabilities: 
- Mark latest centericq port version as fixed.
- Fix cite in description.
 2005-10-23 16:50:42 +00:00
Simon L. B. Nielsen
31635d863b For entry zope28 -- expose RestructuredText functionality to untrusted 
users:

- Do not match zope 2.7.8 which has been fixed. [1]
- Fix typo in topic.
- Add another reference.

Reported by:	Gerhard Schmidt <estartu augusta de> [1]
 2005-10-23 09:09:46 +00:00
Simon L. B. Nielsen
2289fae663 Add another reference to clamav -- arbitrary code execution and DoS 
vulnerabilities entry.
 2005-10-22 13:41:20 +00:00
Christian Weisgerber
46df580663 Document x11/xloadimage buffer overflows in NIFF image title handling. 2005-10-20 13:52:35 +00:00
Jacques Vidrine
66bb2d5d4d Rename all CAN-yyyy-nnnn to CVE-yyyy-nnnn, with the exception of text 
inside <blockquote>s.
See <URL:http://www.cve.mitre.org/cve/renumber.html>.
 2005-10-19 18:17:47 +00:00
Simon L. B. Nielsen
0fb395018e For entry: snort -- Back Orifice preprocessor buffer overflow vulnerability: 
- Sort references.
- Add ISS advisory to references.
 2005-10-18 19:45:58 +00:00
Simon L. B. Nielsen
e9dcf64a76 - Document snort -- Back Orifice preprocessor buffer overflow vulnerability. 
- Use standard topic format for webcalendar entry.
- Fix package name in webcalendar so it matches the actual package
  name.
 2005-10-18 17:42:13 +00:00
Sergey Matveychuk
42f8e5df56 - Document www/webcalendar vulnerability. 2005-10-14 21:57:41 +00:00
Sergey Matveychuk
afc778e560 - Document www/gallery2 vulnerability. 2005-10-14 21:38:08 +00:00
Simon L. B. Nielsen
060b28a44c Improve last couple of entries: 
- Use standard topic format.
- Fix packagename in phpmyadmin and zone entries.
- Fix indention and remove EOL white-space.
- Make lead in a bit more verbose.
- Add more references to phpmyadmin issue.
- Remove some redundant quoted text in zope issue.
 2005-10-12 22:53:00 +00:00
Marcus Alves Grando
50473025e1 Add entry for openssl 
Remove entry about safe mode in phpmyadmin
 2005-10-12 14:51:14 +00:00
Marcus Alves Grando
2197a4f7d5 Add entry for phpmyadmin (PMASA-2005-4) 2005-10-12 00:24:38 +00:00
Marcus Alves Grando
0019741ea6 Fix typo with range values 2005-10-12 00:12:20 +00:00
Marcus Alves Grando
398ca09449 Add entry from zope28 2005-10-12 00:01:03 +00:00
Simon L. B. Nielsen
0fd61e032b For libxine -- format string vulnerability entry: 
- Add reference to xine security announcement.
- Fix indention on a few lines.
 2005-10-09 21:03:07 +00:00