1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-19 03:52:17 +00:00
Commit Graph

1365 Commits

Author SHA1 Message Date
Xin LI
f64828b3cf Document evolution-data-server remote arbitrary code execution
vulnerability.

Fix at:	Evolution SVN changeset 7817 (#447414)
2007-06-25 10:57:52 +00:00
Erwin Lansing
c8d93d036e The XMLRPC SQL Injection issue with wordpress was addressed in the
latest release.
2007-06-24 11:34:12 +00:00
Gabor Kovesdan
525a1c1cfb Document xpcd buffer overflow vulnerability.
Revieved by:	remko
2007-06-21 17:28:37 +00:00
Remko Lodder
02327974a6 Document clamav -- multiple vulnerabilities. 2007-06-19 19:47:51 +00:00
Xin LI
359efa1acf Document SpamAssassin vulnerability CVE-2007-2873, a local
DoS issue.
2007-06-18 07:56:53 +00:00
Martin Wilke
a6b094a5ee - Document cups -- Incomplete SSL Negotiation Denial of Service.
Reviewed by:	simon@
2007-06-12 18:27:39 +00:00
Martin Wilke
807e4948e9 - Fix other duplicate entry.
Reviewed by:	simon
2007-06-09 19:47:04 +00:00
Martin Wilke
c3ae8a8590 - Document c-ares -- DNS Cache Poisoning Vulnerability
Reviewed by:	simon@
2007-06-09 17:46:22 +00:00
Martin Wilke
d00658d436 - Fix duplicate entry de-wordpress -> zh-wordpress. 2007-06-09 17:44:04 +00:00
Gabor Kovesdan
2e460cd831 Add zh-wordpress as affected by the last two wordpress entries. 2007-06-09 16:13:32 +00:00
Gabor Kovesdan
d929936825 wordpress -- XMLRPC SQL Injection
wordpress -- unmoderated comments disclosure

Reviewed by:	simon
2007-06-09 15:07:22 +00:00
Martin Wilke
8fd707f9da - Document webmin -- cross site scripting
Reviewed by:	simon@
2007-06-09 14:07:47 +00:00
Simon L. B. Nielsen
c40c31c7cb - The fixed mplayer version number is 0.99.10_10, mark it as such. [1]
- Add older mplayer package names.
- Break long lines.

Noticed by:	Henrik Brix Andersen <henrik@brixandersen.dk>
2007-06-07 18:34:14 +00:00
Martin Wilke
8ec6f91e6e - Fix mplayer portversion. 2007-06-07 08:44:24 +00:00
Martin Wilke
849c29c9fe - Document mplayer -- cddb stack overflow.
Reviewed by:	simon@
2007-06-07 08:42:02 +00:00
Gabor Kovesdan
10f833a8e0 - Note that plone is also affected by 34414a1e-e377-11db-b8ab-000c76189c4c
prior to version 2.5.3

Reviewed by:	simon
2007-06-06 09:29:58 +00:00
Gabor Kovesdan
266bf60961 - gzip 1.3.12 has been patched and is not affected by
11a84092-8f9f-11db-ab33-000e0c2e438a any more

Reviewed by:	simon
2007-06-05 16:17:06 +00:00
Erwin Lansing
d0c078c27a Document an information disclosure vulnerability in mod_jk < 1.2.23.
Reviewed by:	simon
2007-06-05 09:38:17 +00:00
Erwin Lansing
1da851aff6 Add an entry for an email header injection vulnerability in
www/typo3 from February.

Reviewed by:	remko
Persuaded by:	cperciva and simon by setting up the
		ports-security team
2007-06-04 20:56:26 +00:00
Martin Wilke
781637120c - Document phppgadmin - Cross Site Scripting Vulnerability.
Reviewed by:	mnag@
Reported by:	dinoex@
2007-06-04 12:42:17 +00:00
Edward Tomasz Napierala
ed2a5982f8 - Add entry for findutils -- GNU locate heap buffer overrun.
Revieved by:	simon (secteam)
Approved by:	miwi (mentor)
2007-06-01 19:36:13 +00:00
Xin LI
ed56a09fc7 Mark file < 4.21 as vulnerable to the heap overflow. 2007-05-31 08:05:11 +00:00
Joe Marcus Clarke
3c9b6f623e Add an entry for the recent Freetype heap overflow vulnerability.
Submitted by:	Nick Barkas <snb@threerings.net>
2007-05-25 00:37:57 +00:00
Remko Lodder
8003ff9706 Document FreeBSD-SA-07:04.file (heap overflow in file(1))
Approved by:	portmgr (secteam implicit)
2007-05-23 16:29:27 +00:00
Martin Wilke
4f2588d5fc - Document squirrelmail -- Cross site scripting in HTML filter
Approved by:	portmgr (marcus)
2007-05-21 20:08:21 +00:00
Simon L. B. Nielsen
e82affd309 Document png -- DoS crash vulnerability. 2007-05-16 21:10:03 +00:00
Simon L. B. Nielsen
fdeb5fd7a2 Document samba -- multiple vulnerabilities.
Brought to you from Heathrow Airport and BSDCan 2007 Devsummit.
2007-05-16 20:22:35 +00:00
Simon L. B. Nielsen
5660505553 Backout last change.
Blackboard:

- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.

x1000

Pointy hat to:	simon
2007-05-10 17:34:45 +00:00
Simon L. B. Nielsen
4e0a6f6ea4 Update PHP entry to include the vulnerable version so the entry is
correct for when PHP is updated in ports (yes it's being worked on),
or for people who upgrade "manually".

With hat:	secteam
Requested by:   several
2007-05-10 17:31:49 +00:00
Remko Lodder
947b7a739d Document a lot of PHP vulnerabilities, mark all php4 and php5 (+cli,cgi)
ports as vulnerable till the ports had been upgraded.
2007-05-07 09:12:41 +00:00
Remko Lodder
1ee4a7171c Bump modification date for the latest mod_perl entry, this was forgotten
by erwin, but there were "massive" changes that warrant a date bump.
2007-05-07 08:49:25 +00:00
Remko Lodder
573e3a6f58 Standarize the latest entry (qemu) a bit more and add a forgotten 'a'
in the p5-Imager text.
2007-05-02 16:56:22 +00:00
Juergen Lock
1c19bc62dd Document multiple qemu vulnerabilities
Obtained from:	debian-security-announce@lists.debian.org mailing list
Security:	multiple qemu vulnerabilities
2007-05-01 22:49:39 +00:00
Lars Balker Rasmussen
77e127836a Update to 0.57 - fixes possible overflow vulnerability regarding malformed
BMPs, see vuln.xml for details.

Security:	VuXML ID: 632c98be-aad2-4af2-849f-41a6862afd6a
2007-04-30 17:51:53 +00:00
Remko Lodder
507f8c5208 Document FreeBSD -- IPv6 Routing Header 0 is dangerous 2007-04-28 18:34:30 +00:00
Erwin Lansing
1b24a292e8 Rework the mod_perl entry to note that Mandriva originally released
an advisory.  Also add mod_perl2 to the vulnerable versions.
2007-04-25 19:05:44 +00:00
Erwin Lansing
e9ca1878e6 Minor wordsmithing in the last mod_perl entry.
Submitted by:	simon
2007-04-25 17:11:17 +00:00
Erwin Lansing
b85159572e Add entry for mod_perl -- remote DOS in PATH_INFO parsing
PR:		111844
Submitted by:	"Philip M. Gollucci" <pgollucci@p6m7g8.com>
2007-04-25 17:04:36 +00:00
Anton Berezin
d9fddefe1b p5-Crypt-OpenPGP 1.03_1 should not be vulnerable to CVE-2005-0366. 2007-04-23 14:12:10 +00:00
Andrew Pantyukhin
b97830622f - Mark latest firefox and seamonkey snapshots as safe 2007-04-19 11:55:37 +00:00
Martin Wilke
c2497cc8f8 - Add entry for claws-mail - APOP vulnerability 2007-04-19 10:37:24 +00:00
Marcus Alves Grando
f6b5e52b70 lighttpd -- DOS when access files with mtime 0
lighttpd -- Remote DOS in CRLF parsing
2007-04-14 15:11:47 +00:00
Stanislav Sedov
fe6c10e9aa - Add freeradius-mysql to the list of affected packages of the recent
freeradius entry.

Submitted by:	David Wood <david@wood2.org.uk>
2007-04-13 15:46:38 +00:00
Florent Thoumie
0693e562cc Mark Google Earth >= 4.0.2414 as safe. 2007-04-13 11:50:41 +00:00
Stanislav Sedov
c87d123fe1 - Document recent remote dos vulnerability in freeradius. 2007-04-13 08:19:58 +00:00
Simon L. B. Nielsen
771da9af81 Add an extra reference to the old "gnupg -- OpenPGP symmetric
encryption vulnerability" entry which explains the problem in a more
easy to read way.

Submitted by:	tobez (sort of)
2007-04-10 21:10:43 +00:00
Simon Barner
3ff5f20524 Document fetchmail's "insecure APOP authentication" issue (fixed in 6.3.8). 2007-04-09 20:05:50 +00:00
Remko Lodder
61fb9e495f Stylify the latest zope entry:
o Use consistent title description
o Use tabs when 8 spaces are hit
o Sort the references list (the alphabet goes from a to z)
o Bump modification date (note: please check the entry date
  so that it matches the correct data of insertion).

Also stylify the latest mcweject entry.
2007-04-08 19:58:35 +00:00
Stefan Walter
88f4ad87a7 Add entry for exploitable buffer overflow in mcweject.
PR:		111365
Submitted by:	Jeff Forsythe<tornandfilthy2006@yahoo.com>
2007-04-08 19:45:57 +00:00
Stefan Walter
43583a0ccc Add entry for webcalendar "noSet" variable overwrite vulnerability.
PR:		110585
Submitted by:	Greg Larkin <glarkin@sourcehosting.net>
2007-04-08 14:36:53 +00:00